DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations
@ 2020-12-18 14:10 Tejasree Kondoj
  2020-12-18 14:10 ` [dpdk-dev] [PATCH 1/2] common/cpt: " Tejasree Kondoj
                   ` (3 more replies)
  0 siblings, 4 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-12-18 14:10 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Anoob Joseph, Ankur Dwivedi, dev

This series adds SSL/TLS way of cipher-auth operations support i.e. auth
generation followed by encryption and decryption followed by auth verify in
OCTEON TX, OCTEON TX2 PMDs and sample unit test application.

Tejasree Kondoj (2):
  common/cpt: support SSL/TLS way of cipher-auth operations
  test/crypto: support SSL/TLS way of cipher-auth operations

 app/test/test_cryptodev_aes_test_vectors.h    | 576 ++++++++++++++++++
 app/test/test_cryptodev_blockcipher.c         |  98 ++-
 app/test/test_cryptodev_blockcipher.h         |   9 +
 doc/guides/rel_notes/release_21_02.rst        |  12 +
 drivers/common/cpt/cpt_mcode_defines.h        |   7 +-
 drivers/common/cpt/cpt_ucode.h                |  42 +-
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |   8 +-
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |   8 +-
 8 files changed, 736 insertions(+), 24 deletions(-)

-- 
2.27.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [dpdk-dev] [PATCH 1/2] common/cpt: support SSL/TLS way of cipher-auth operations
  2020-12-18 14:10 [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations Tejasree Kondoj
@ 2020-12-18 14:10 ` Tejasree Kondoj
  2020-12-18 14:10 ` [dpdk-dev] [PATCH 2/2] test/crypto: " Tejasree Kondoj
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-12-18 14:10 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Anoob Joseph, Ankur Dwivedi, dev

Adding support for SSL/TLS way of cipher-auth operations order
    - auth generation followed by encryption
    - decryption followed by auth verify

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 doc/guides/rel_notes/release_21_02.rst        |  6 +++
 drivers/common/cpt/cpt_mcode_defines.h        |  7 +++-
 drivers/common/cpt/cpt_ucode.h                | 42 +++++++++++++++----
 drivers/crypto/octeontx/otx_cryptodev_ops.c   |  8 +++-
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  8 +++-
 5 files changed, 59 insertions(+), 12 deletions(-)

diff --git a/doc/guides/rel_notes/release_21_02.rst b/doc/guides/rel_notes/release_21_02.rst
index 638f98168b..d1d4b25665 100644
--- a/doc/guides/rel_notes/release_21_02.rst
+++ b/doc/guides/rel_notes/release_21_02.rst
@@ -55,6 +55,12 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Updated OCTEON TX and OCTEON TX2 crypto PMDs.**
+
+  * Added SSL/TLS way of cipher-auth operations support i.e. auth generation
+    followed by encryption and decryption followed by auth verify in OCTEONT TX
+    and OCTEON TX2 crypto PMDs.
+
 
 Removed Items
 -------------
diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index 56a745f419..624bdcf3cf 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -20,6 +20,9 @@
 #define CPT_MAJOR_OP_ZUC_SNOW3G	0x37
 #define CPT_MAJOR_OP_KASUMI	0x38
 #define CPT_MAJOR_OP_MISC	0x01
+#define CPT_HMAC_FIRST_BIT_POS	0x4
+#define CPT_FC_MINOR_OP_ENCRYPT	0x0
+#define CPT_FC_MINOR_OP_DECRYPT	0x1
 
 /* AE opcodes */
 #define CPT_MAJOR_OP_MODEX	0x03
@@ -314,8 +317,10 @@ struct cpt_ctx {
 	uint64_t hmac		:1;
 	uint64_t zsk_flags	:3;
 	uint64_t k_ecb		:1;
+	uint64_t auth_enc	:1;
+	uint64_t dec_auth	:1;
 	uint64_t snow3g		:2;
-	uint64_t rsvd		:21;
+	uint64_t rsvd		:19;
 	/* Below fields are accessed by hardware */
 	union {
 		mc_fc_context_t fctx;
diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h
index 0536620710..ee6d49aae7 100644
--- a/drivers/common/cpt/cpt_ucode.h
+++ b/drivers/common/cpt/cpt_ucode.h
@@ -752,7 +752,9 @@ cpt_enc_hmac_prep(uint32_t flags,
 
 	/* Encryption */
 	vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;
-	vq_cmd_w0.s.opcode.minor = 0;
+	vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_ENCRYPT;
+	vq_cmd_w0.s.opcode.minor |= (cpt_ctx->auth_enc <<
+					CPT_HMAC_FIRST_BIT_POS);
 
 	if (hash_type == GMAC_TYPE) {
 		encr_offset = 0;
@@ -779,6 +781,9 @@ cpt_enc_hmac_prep(uint32_t flags,
 		outputlen = enc_dlen + mac_len;
 	}
 
+	if (cpt_ctx->auth_enc != 0)
+		outputlen = enc_dlen;
+
 	/* GP op header */
 	vq_cmd_w0.s.param1 = encr_data_len;
 	vq_cmd_w0.s.param2 = auth_data_len;
@@ -1112,7 +1117,9 @@ cpt_dec_hmac_prep(uint32_t flags,
 
 	/* Decryption */
 	vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;
-	vq_cmd_w0.s.opcode.minor = 1;
+	vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_DECRYPT;
+	vq_cmd_w0.s.opcode.minor |= (cpt_ctx->dec_auth <<
+					CPT_HMAC_FIRST_BIT_POS);
 
 	if (hash_type == GMAC_TYPE) {
 		encr_offset = 0;
@@ -1130,6 +1137,9 @@ cpt_dec_hmac_prep(uint32_t flags,
 		outputlen = enc_dlen;
 	}
 
+	if (cpt_ctx->dec_auth != 0)
+		outputlen = inputlen = enc_dlen;
+
 	vq_cmd_w0.s.param1 = encr_data_len;
 	vq_cmd_w0.s.param2 = auth_data_len;
 
@@ -2566,6 +2576,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform,
 		 struct cpt_sess_misc *sess)
 {
 	struct rte_crypto_cipher_xform *c_form;
+	struct cpt_ctx *ctx = SESS_PRIV(sess);
 	cipher_type_t enc_type = 0; /* NULL Cipher type */
 	uint32_t cipher_key_len = 0;
 	uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0;
@@ -2574,9 +2585,14 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform,
 
 	if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 		sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT;
-	else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT)
+	else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
 		sess->cpt_op |= CPT_OP_CIPHER_DECRYPT;
-	else {
+		if (xform->next != NULL &&
+		    xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+			/* Perform decryption followed by auth verify */
+			ctx->dec_auth = 1;
+		}
+	} else {
 		CPT_LOG_DP_ERR("Unknown cipher operation\n");
 		return -1;
 	}
@@ -2667,10 +2683,18 @@ static __rte_always_inline int
 fill_sess_auth(struct rte_crypto_sym_xform *xform,
 	       struct cpt_sess_misc *sess)
 {
+	struct cpt_ctx *ctx = SESS_PRIV(sess);
 	struct rte_crypto_auth_xform *a_form;
 	auth_type_t auth_type = 0; /* NULL Auth type */
 	uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;
 
+	if (xform->next != NULL &&
+	    xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+	    xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+		/* Perform auth followed by encryption */
+		ctx->auth_enc = 1;
+	}
+
 	a_form = &xform->auth;
 
 	if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
@@ -2993,6 +3017,7 @@ fill_fc_params(struct rte_crypto_op *cop,
 {
 	uint32_t space = 0;
 	struct rte_crypto_sym_op *sym_op = cop->sym;
+	struct cpt_ctx *ctx = SESS_PRIV(sess_misc);
 	void *mdata = NULL;
 	uintptr_t *op;
 	uint32_t mc_hash_off;
@@ -3120,9 +3145,10 @@ fill_fc_params(struct rte_crypto_op *cop,
 				m = m_src;
 
 			/* hmac immediately following data is best case */
-			if (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +
+			if (!ctx->dec_auth && !ctx->auth_enc &&
+				 (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +
 			    mc_hash_off !=
-			     (uint8_t *)sym_op->auth.digest.data)) {
+			     (uint8_t *)sym_op->auth.digest.data))) {
 				flags |= VALID_MAC_BUF;
 				fc_params.mac_buf.size =
 					sess_misc->mac_len;
@@ -3137,7 +3163,9 @@ fill_fc_params(struct rte_crypto_op *cop,
 	fc_params.ctx_buf.vaddr = SESS_PRIV(sess_misc);
 	fc_params.ctx_buf.dma_addr = sess_misc->ctx_dma_addr;
 
-	if (unlikely(sess_misc->is_null || sess_misc->cpt_op == CPT_OP_DECODE))
+	if (!ctx->dec_auth &&
+		  unlikely(sess_misc->is_null ||
+		  sess_misc->cpt_op == CPT_OP_DECODE))
 		inplace = 0;
 
 	if (likely(!m_dst && inplace)) {
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 0cf760b296..af7a1f64f8 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -205,12 +205,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 	if (xform->next) {
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
 		    xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-		    xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+		    xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+		    (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC ||
+		     xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC))
 			return -ENOTSUP;
 
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
 		    xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-		    xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+		    xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+		    (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC ||
+		     xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC))
 			return -ENOTSUP;
 
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 5f2ccc0872..5511739663 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -320,12 +320,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
 	if (xform->next) {
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
 		    xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-		    xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+		    xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+		    (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC ||
+		     xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC))
 			return -ENOTSUP;
 
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
 		    xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
-		    xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+		    xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+		    (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC ||
+		     xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC))
 			return -ENOTSUP;
 
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-- 
2.27.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
  2020-12-18 14:10 [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations Tejasree Kondoj
  2020-12-18 14:10 ` [dpdk-dev] [PATCH 1/2] common/cpt: " Tejasree Kondoj
@ 2020-12-18 14:10 ` Tejasree Kondoj
  2021-01-19 17:00   ` Akhil Goyal
  2021-01-21  9:26   ` Kusztal, ArkadiuszX
  2021-01-15  5:31 ` [dpdk-dev] [PATCH 0/2] " Anoob Joseph
  2021-01-21  7:26 ` Tejasree Kondoj
  3 siblings, 2 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-12-18 14:10 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Anoob Joseph, Ankur Dwivedi, dev

Adding support for SSL/TLS way of cipher-auth operations order
    - auth generation followed by encryption
    - decryption followed by auth verify

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 app/test/test_cryptodev_aes_test_vectors.h | 576 +++++++++++++++++++++
 app/test/test_cryptodev_blockcipher.c      |  98 +++-
 app/test/test_cryptodev_blockcipher.h      |   9 +
 doc/guides/rel_notes/release_21_02.rst     |   6 +
 4 files changed, 677 insertions(+), 12 deletions(-)

diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h
index c192d75a7e..c239c1cb35 100644
--- a/app/test/test_cryptodev_aes_test_vectors.h
+++ b/app/test/test_cryptodev_aes_test_vectors.h
@@ -1093,6 +1093,172 @@ static const uint8_t ciphertext512_aes128cbc_aad[] = {
 	0x73, 0x65, 0x72, 0x73, 0x2C, 0x20, 0x73, 0x75
 };
 
+static const uint8_t plaintext_aes_common_ssl[] = {
+	0x57, 0x68, 0x61, 0x74, 0x20, 0x61, 0x20, 0x6C,
+	0x6F, 0x75, 0x73, 0x79, 0x20, 0x65, 0x61, 0x72,
+	0x74, 0x68, 0x21, 0x20, 0x48, 0x65, 0x20, 0x77,
+	0x6F, 0x6E, 0x64, 0x65, 0x72, 0x65, 0x64, 0x20,
+	0x68, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E, 0x79,
+	0x20, 0x70, 0x65, 0x6F, 0x70, 0x6C, 0x65, 0x20,
+	0x77, 0x65, 0x72, 0x65, 0x20, 0x64, 0x65, 0x73,
+	0x74, 0x69, 0x74, 0x75, 0x74, 0x65, 0x20, 0x74,
+	0x68, 0x61, 0x74, 0x20, 0x73, 0x61, 0x6D, 0x65,
+	0x20, 0x6E, 0x69, 0x67, 0x68, 0x74, 0x20, 0x65,
+	0x76, 0x65, 0x6E, 0x20, 0x69, 0x6E, 0x20, 0x68,
+	0x69, 0x73, 0x20, 0x6F, 0x77, 0x6E, 0x20, 0x70,
+	0x72, 0x6F, 0x73, 0x70, 0x65, 0x72, 0x6F, 0x75,
+	0x73, 0x20, 0x63, 0x6F, 0x75, 0x6E, 0x74, 0x72,
+	0x79, 0x2C, 0x20, 0x68, 0x6F, 0x77, 0x20, 0x6D,
+	0x61, 0x6E, 0x79, 0x20, 0x68, 0x6F, 0x6D, 0x65,
+	0x73, 0x20, 0x77, 0x65, 0x72, 0x65, 0x20, 0x73,
+	0x68, 0x61, 0x6E, 0x74, 0x69, 0x65, 0x73, 0x2C,
+	0x20, 0x68, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E,
+	0x79, 0x20, 0x68, 0x75, 0x73, 0x62, 0x61, 0x6E,
+	0x64, 0x73, 0x20, 0x77, 0x65, 0x72, 0x65, 0x20,
+	0x64, 0x72, 0x75, 0x6E, 0x6B, 0x20, 0x61, 0x6E,
+	0x64, 0x20, 0x77, 0x69, 0x76, 0x65, 0x73, 0x20,
+	0x73, 0x6F, 0x63, 0x6B, 0x65, 0x64, 0x2C, 0x20,
+	0x61, 0x6E, 0x64, 0x20, 0x68, 0x6F, 0x77, 0x20,
+	0x6D, 0x61, 0x6E, 0x79, 0x20, 0x63, 0x68, 0x69,
+	0x6C, 0x64, 0x72, 0x65, 0x6E, 0x20, 0x77, 0x65,
+	0x72, 0x65, 0x20, 0x62, 0x75, 0x6C, 0x6C, 0x69,
+	0x65, 0x64, 0x2C, 0x20, 0x61, 0x62, 0x75, 0x73,
+	0x65, 0x64, 0x2C, 0x20, 0x6F, 0x72, 0x20, 0x61,
+	0x62, 0x61, 0x6E, 0x64, 0x6F, 0x6E, 0x65, 0x64,
+	0x2E, 0x20, 0x48, 0x6F, 0x77, 0x20, 0x6D, 0x61,
+	0x6E, 0x79, 0x20, 0x66, 0x61, 0x6D, 0x69, 0x6C,
+	0x69, 0x65, 0x73, 0x20, 0x68, 0x75, 0x6E, 0x67,
+	0x65, 0x72, 0x65, 0x64, 0x20, 0x66, 0x6F, 0x72,
+	0x20, 0x66, 0x6F, 0x6F, 0x64, 0x20, 0x74, 0x68,
+	0x65, 0x79, 0x20, 0x63, 0x6F, 0x75, 0x6C, 0x64,
+	0x20, 0x6E, 0x6F, 0x74, 0x20, 0x61, 0x66, 0x66,
+	0x6F, 0x72, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x62,
+	0x75, 0x79, 0x3F, 0x20, 0x48, 0x6F, 0x77, 0x20,
+	0x6D, 0x61, 0x6E, 0x79, 0x20, 0x68, 0x65, 0x61,
+	0x72, 0x74, 0x73, 0x20, 0x77, 0x65, 0x72, 0x65,
+	0x20, 0x62, 0x72, 0x6F, 0x6B, 0x65, 0x6E, 0x3F,
+	0x20, 0x48, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E,
+	0x79, 0x20, 0x73, 0x75, 0x69, 0x63, 0x69, 0x64,
+	0x65, 0x73, 0x20, 0x77, 0x6F, 0x75, 0x6C, 0x64,
+	0x20, 0x74, 0x61, 0x6B, 0x65, 0x20, 0x70, 0x6C,
+	0x61, 0x63, 0x65, 0x20, 0x74, 0x68, 0x61, 0x74,
+	0x20, 0x73, 0x61, 0x6D, 0x65, 0x20, 0x6E, 0x69,
+	0x67, 0x68, 0x74, 0x2C, 0x20, 0x68, 0x6F, 0x77,
+	0x20, 0x6D, 0x61, 0x6E, 0x79, 0x20, 0x70, 0x65,
+	0x6F, 0x70, 0x6C, 0x65, 0x20, 0x77, 0x6F, 0x75,
+	0x6C, 0x64, 0x20, 0x67, 0x6F, 0x20, 0x69, 0x6E,
+	0x73, 0x61, 0x6E, 0x65, 0x3F, 0x20, 0x48, 0x6F,
+	0x77, 0x20, 0x6D, 0x61, 0x6E, 0x79, 0x20, 0x63,
+	0x6F, 0x63, 0x6B, 0x72, 0x6F, 0x61, 0x63, 0x68,
+	0x65, 0x73, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x6C,
+	0x61, 0x6E, 0x64, 0x6C, 0x6F, 0x72, 0x64, 0x73,
+	0x20, 0x77, 0x6F, 0x75, 0x6C, 0x64, 0x20, 0x74,
+	0x72, 0x69, 0x75, 0x6D, 0x70, 0x68, 0x3F, 0x20,
+	0x48, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E, 0x79,
+	0x20, 0x77, 0x69, 0x6E, 0x6E, 0x65, 0x72, 0x73,
+	0x20, 0x77, 0x65, 0x72, 0x65, 0x20, 0x6c, 0x6f,
+	0x73, 0x65, 0x72, 0x73, 0x2c, 0x20, 0x73, 0x75,
+	/* mac */
+	0xC4, 0xB7, 0x0E, 0x6B, 0xDE, 0xD1, 0xE7, 0x77,
+	0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
+	0x3F, 0x91, 0x64, 0x59
+};
+
+static const uint8_t ciphertext512_aes128cbc_ssl[] = {
+	0x8B, 0x4D, 0xDA, 0x1B, 0xCF, 0x04, 0xA0, 0x31,
+	0xB4, 0xBF, 0xBD, 0x68, 0x43, 0x20, 0x7E, 0x76,
+	0xB1, 0x96, 0x8B, 0xA2, 0x7C, 0xA2, 0x83, 0x9E,
+	0x39, 0x5A, 0x2F, 0x7E, 0x92, 0xB4, 0x48, 0x1A,
+	0x3F, 0x6B, 0x5D, 0xDF, 0x52, 0x85, 0x5F, 0x8E,
+	0x42, 0x3C, 0xFB, 0xE9, 0x1A, 0x24, 0xD6, 0x08,
+	0xDD, 0xFD, 0x16, 0xFB, 0xE9, 0x55, 0xEF, 0xF0,
+	0xA0, 0x8D, 0x13, 0xAB, 0x81, 0xC6, 0x90, 0x01,
+	0xB5, 0x18, 0x84, 0xB3, 0xF6, 0xE6, 0x11, 0x57,
+	0xD6, 0x71, 0xC6, 0x3C, 0x3F, 0x2F, 0x33, 0xEE,
+	0x24, 0x42, 0x6E, 0xAC, 0x0B, 0xCA, 0xEC, 0xF9,
+	0x84, 0xF8, 0x22, 0xAA, 0x60, 0xF0, 0x32, 0xA9,
+	0x75, 0x75, 0x3B, 0xCB, 0x70, 0x21, 0x0A, 0x8D,
+	0x0F, 0xE0, 0xC4, 0x78, 0x2B, 0xF8, 0x97, 0xE3,
+	0xE4, 0x26, 0x4B, 0x29, 0xDA, 0x88, 0xCD, 0x46,
+	0xEC, 0xAA, 0xF9, 0x7F, 0xF1, 0x15, 0xEA, 0xC3,
+	0x87, 0xE6, 0x31, 0xF2, 0xCF, 0xDE, 0x4D, 0x80,
+	0x70, 0x91, 0x7E, 0x0C, 0xF7, 0x26, 0x3A, 0x92,
+	0x4F, 0x18, 0x83, 0xC0, 0x8F, 0x59, 0x01, 0xA5,
+	0x88, 0xD1, 0xDB, 0x26, 0x71, 0x27, 0x16, 0xF5,
+	0xEE, 0x10, 0x82, 0xAC, 0x68, 0x26, 0x9B, 0xE2,
+	0x6D, 0xD8, 0x9A, 0x80, 0xDF, 0x04, 0x31, 0xD5,
+	0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
+	0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
+	0x73, 0x02, 0x42, 0xC9, 0x23, 0x18, 0x8E, 0xB4,
+	0x6F, 0xB4, 0xA3, 0x54, 0x6E, 0x88, 0x3B, 0x62,
+	0x7C, 0x02, 0x8D, 0x4C, 0x9F, 0xC8, 0x45, 0xF4,
+	0xC9, 0xDE, 0x4F, 0xEB, 0x22, 0x83, 0x1B, 0xE4,
+	0x49, 0x37, 0xE4, 0xAD, 0xE7, 0xCD, 0x21, 0x54,
+	0xBC, 0x1C, 0xC2, 0x04, 0x97, 0xB4, 0x10, 0x61,
+	0xF0, 0xE4, 0xEF, 0x27, 0x63, 0x3A, 0xDA, 0x91,
+	0x41, 0x25, 0x62, 0x1C, 0x5C, 0xB6, 0x38, 0x4A,
+	0x88, 0x71, 0x59, 0x5A, 0x8D, 0xA0, 0x09, 0xAF,
+	0x72, 0x94, 0xD7, 0x79, 0x5C, 0x60, 0x7C, 0x8F,
+	0x4C, 0xF5, 0xD9, 0xA1, 0x39, 0x6D, 0x81, 0x28,
+	0xEF, 0x13, 0x28, 0xDF, 0xF5, 0x3E, 0xF7, 0x8E,
+	0x09, 0x9C, 0x78, 0x18, 0x79, 0xB8, 0x68, 0xD7,
+	0xA8, 0x29, 0x62, 0xAD, 0xDE, 0xE1, 0x61, 0x76,
+	0x1B, 0x05, 0x16, 0xCD, 0xBF, 0x02, 0x8E, 0xA6,
+	0x43, 0x6E, 0x92, 0x55, 0x4F, 0x60, 0x9C, 0x03,
+	0xB8, 0x4F, 0xA3, 0x02, 0xAC, 0xA8, 0xA7, 0x0C,
+	0x1E, 0xB5, 0x6B, 0xF8, 0xC8, 0x4D, 0xDE, 0xD2,
+	0xB0, 0x29, 0x6E, 0x40, 0xE6, 0xD6, 0xC9, 0xE6,
+	0xB9, 0x0F, 0xB6, 0x63, 0xF5, 0xAA, 0x2B, 0x96,
+	0xA7, 0x16, 0xAC, 0x4E, 0x0A, 0x33, 0x1C, 0xA6,
+	0xE6, 0xBD, 0x8A, 0xCF, 0x40, 0xA9, 0xB2, 0xFA,
+	0x63, 0x27, 0xFD, 0x9B, 0xD9, 0xFC, 0xD5, 0x87,
+	0x8D, 0x4C, 0xB6, 0xA4, 0xCB, 0xE7, 0x74, 0x55,
+	0xF4, 0xFB, 0x41, 0x25, 0xB5, 0x4B, 0x0A, 0x1B,
+	0xB1, 0xD6, 0xB7, 0xD9, 0x47, 0x2A, 0xC3, 0x98,
+	0x6A, 0xC4, 0x03, 0x73, 0x1F, 0x93, 0x6E, 0x53,
+	0x19, 0x25, 0x64, 0x15, 0x83, 0xF9, 0x73, 0x2A,
+	0x74, 0xB4, 0x93, 0x69, 0xC4, 0x72, 0xFC, 0x26,
+	0xA2, 0x9F, 0x43, 0x45, 0xDD, 0xB9, 0xEF, 0x36,
+	0xC8, 0x3A, 0xCD, 0x99, 0x9B, 0x54, 0x1A, 0x36,
+	0xC1, 0x59, 0xF8, 0x98, 0xA8, 0xCC, 0x28, 0x0D,
+	0x73, 0x4C, 0xEE, 0x98, 0xCB, 0x7C, 0x58, 0x7E,
+	0x20, 0x75, 0x1E, 0xB7, 0xC9, 0xF8, 0xF2, 0x0E,
+	0x63, 0x9E, 0x05, 0x78, 0x1A, 0xB6, 0xA8, 0x7A,
+	0xF9, 0x98, 0x6A, 0xA6, 0x46, 0x84, 0x2E, 0xF6,
+	0x4B, 0xDC, 0x9B, 0x8F, 0x9B, 0x8F, 0xEE, 0xB4,
+	0xAA, 0x3F, 0xEE, 0xC0, 0x37, 0x27, 0x76, 0xC7,
+	0x95, 0xBB, 0x26, 0x74, 0x69, 0x12, 0x7F, 0xF1,
+	0xBB, 0xFF, 0xAE, 0xB5, 0x99, 0x6E, 0xCB, 0x0C,
+	/* encrypted mac */
+	0x39, 0x34, 0x16, 0x84, 0xE7, 0x90, 0x02, 0xB1,
+	0x3E, 0x92, 0xCB, 0x58, 0x98, 0xBA, 0x7C, 0x98,
+	0x8B, 0x90, 0xFB, 0x5E, 0x9D, 0x74, 0xCC, 0x56,
+	0xE3, 0x55, 0xB1, 0xC8, 0xC8, 0x7C, 0xB2, 0xE7
+};
+
+static const uint8_t plaintext_aes_common_short_ssl[] = {
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD
+};
+
+static const uint8_t ciphertext512_aes128cbc_short_ssl[] = {
+	0x6D, 0xB1, 0x23, 0x86, 0x58, 0x54, 0x83, 0xE7,
+	0x3B, 0x27, 0x85, 0xA7, 0x06, 0xBC, 0x4A, 0xFB,
+	0x16, 0xD8, 0x56, 0x7C, 0x39, 0xC6, 0xE7, 0x1A,
+	0x67, 0xA8, 0x48, 0x22, 0xD6, 0xFF, 0x96, 0xB3,
+	0xA1, 0x52, 0x52, 0x83, 0xE6, 0x2E, 0x6A, 0xC9,
+	0x57, 0x8E, 0x34, 0x6F, 0xEE, 0x41, 0xF5, 0xBD,
+	0x6B, 0x89, 0x31, 0x64, 0x89, 0xAB, 0xDE, 0xA7,
+	0xBD, 0xFD, 0x46, 0x40, 0xE7, 0x13, 0x23, 0x84,
+	0xDD, 0xCB, 0x35, 0x87, 0x4E, 0x57, 0xB7, 0x97,
+	0x9E, 0xAB, 0xFB, 0xE7, 0x18, 0x82, 0x05, 0xDF
+};
+
 /* AES128-CTR-SHA1 test vector */
 static const struct blockcipher_test_data aes_test_data_1 = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CTR,
@@ -1409,6 +1575,50 @@ static const struct blockcipher_test_data aes_test_data_4 = {
 	}
 };
 
+/** AES-128-CBC SHA1 test vector (SSL/TLS order) */
+static const struct blockcipher_test_data aes_test_data_4_ssl = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+		},
+		.len = 16
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_common_ssl,
+		.len = 512
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes128cbc_ssl,
+		.len = 512
+	},
+	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+	.auth_key = {
+		.data = {
+			0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
+			0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
+			0xDE, 0xF4, 0xDE, 0xAD
+		},
+		.len = 20
+	},
+	.digest = {
+		.data = {
+			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60,
+			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
+			0x18, 0x8C, 0x1D, 0x32
+		},
+		.len = 20,
+	}
+};
+
 /** AES-128-CBC SHA256 test vector */
 static const struct blockcipher_test_data aes_test_data_5 = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
@@ -1733,6 +1943,77 @@ static const uint8_t ciphertext512_aes192cbc[] = {
 	0x4F, 0x2F, 0x50, 0xE2, 0x77, 0x62, 0xD9, 0xCC
 };
 
+static const uint8_t ciphertext512_aes192cbc_ssl[] = {
+	0x45, 0xee, 0x9a, 0xEA, 0x3C, 0x03, 0xFC, 0x4C,
+	0x84, 0x36, 0xB0, 0xDA, 0xB0, 0xDC, 0xF3, 0x5B,
+	0x75, 0xA7, 0xBE, 0x0E, 0xC0, 0x8D, 0x6C, 0xF8,
+	0xC1, 0x0F, 0xD0, 0x35, 0x1D, 0x82, 0xAE, 0x7C,
+	0x57, 0xC5, 0x7A, 0x55, 0x87, 0x1B, 0xD4, 0x03,
+	0x0A, 0x64, 0xC9, 0xE0, 0xF4, 0xC7, 0x6F, 0x57,
+	0x52, 0xC6, 0x73, 0xBA, 0x84, 0x0B, 0x5B, 0x89,
+	0x21, 0xD2, 0x9B, 0x88, 0x68, 0xF5, 0xA9, 0x7F,
+	0x3F, 0x49, 0xEB, 0xF4, 0xD4, 0x52, 0xD2, 0x64,
+	0x80, 0xB2, 0x53, 0xDA, 0x19, 0xF6, 0x10, 0x24,
+	0x23, 0x26, 0x7A, 0x7C, 0x07, 0x57, 0x4B, 0x0E,
+	0x58, 0x49, 0x61, 0xD1, 0xDC, 0x9A, 0x32, 0x6B,
+	0x0F, 0x43, 0x9E, 0x4D, 0xB4, 0x07, 0x4E, 0xB3,
+	0x51, 0x74, 0xDE, 0x29, 0xBC, 0x98, 0xF9, 0xDF,
+	0x78, 0x9A, 0x18, 0x9C, 0xD6, 0x7A, 0x55, 0x7C,
+	0xE6, 0x1D, 0x5C, 0x1A, 0x99, 0xD2, 0xC3, 0x7B,
+	0x9F, 0x96, 0x74, 0x2D, 0xE0, 0xEF, 0xD1, 0xE3,
+	0x08, 0x9F, 0xAF, 0xE6, 0xED, 0xCA, 0xE1, 0xEA,
+	0x23, 0x6F, 0x7C, 0x81, 0xA8, 0xC0, 0x5B, 0x8B,
+	0x53, 0x90, 0x51, 0x2D, 0x0F, 0xF6, 0x7D, 0xA7,
+	0x1C, 0xBD, 0x83, 0x84, 0x54, 0xA4, 0x15, 0xFB,
+	0x3E, 0x25, 0xA7, 0x3A, 0x0A, 0x73, 0xD9, 0x88,
+	0x6F, 0x80, 0x78, 0x95, 0x7F, 0x60, 0xAA, 0x86,
+	0x8A, 0xFC, 0xDF, 0xC1, 0xCB, 0xDE, 0xBB, 0x25,
+	0x52, 0x20, 0xC6, 0x79, 0xD4, 0x0F, 0x25, 0xE7,
+	0xDB, 0xB2, 0x17, 0xA4, 0x6F, 0x3C, 0x6F, 0x91,
+	0xF6, 0x44, 0x1E, 0xB6, 0x85, 0xBC, 0x7A, 0x14,
+	0x10, 0x72, 0xBD, 0x16, 0x63, 0x39, 0x9E, 0x7B,
+	0x84, 0x5B, 0x17, 0x61, 0xB1, 0x5D, 0x82, 0x0B,
+	0x6D, 0x37, 0xD7, 0x79, 0xB8, 0x24, 0x91, 0x30,
+	0x82, 0x91, 0x02, 0xB1, 0x18, 0x4B, 0xE0, 0xF4,
+	0x13, 0x1B, 0xB2, 0x4C, 0xDA, 0xB8, 0x99, 0x96,
+	0x83, 0x2F, 0xBE, 0x53, 0x8D, 0xDE, 0xFA, 0xAD,
+	0xF6, 0x5C, 0xDB, 0xE5, 0x66, 0x26, 0x8F, 0x13,
+	0x2B, 0x76, 0x47, 0x73, 0xDE, 0x1A, 0x74, 0xA6,
+	0x30, 0xAF, 0x42, 0xA0, 0xE5, 0xD2, 0x8F, 0xC2,
+	0xED, 0x3E, 0x9E, 0x29, 0x54, 0x3C, 0xDE, 0x9F,
+	0x5D, 0x30, 0x2B, 0x63, 0xFB, 0xE3, 0xB1, 0x07,
+	0xEE, 0x74, 0x4A, 0xAF, 0xB1, 0x20, 0x8D, 0xEC,
+	0xE6, 0x78, 0x16, 0x8D, 0xA4, 0x6E, 0x34, 0x7D,
+	0x47, 0xFB, 0x0B, 0xC1, 0x32, 0xD7, 0x0D, 0x6C,
+	0x6F, 0x93, 0x9C, 0x5E, 0xEF, 0x1F, 0x9C, 0x45,
+	0x80, 0x6B, 0x74, 0xA6, 0x81, 0xF2, 0xF6, 0xFA,
+	0xAA, 0x9D, 0x4F, 0xCA, 0xB5, 0x90, 0x59, 0xB0,
+	0x3B, 0xF2, 0xF0, 0x75, 0xFD, 0x8A, 0xD8, 0x97,
+	0x65, 0x88, 0x56, 0x4C, 0x44, 0xDF, 0x73, 0xF7,
+	0x56, 0x9C, 0x48, 0x7E, 0xB0, 0x1F, 0x1D, 0x7D,
+	0x6A, 0x11, 0xF5, 0xC2, 0xF4, 0x17, 0xEF, 0x58,
+	0xD8, 0x2A, 0xAF, 0x56, 0x2F, 0xCF, 0xEC, 0xA4,
+	0x58, 0x8B, 0x60, 0xCE, 0xD4, 0x0F, 0x9C, 0x21,
+	0xEC, 0x3E, 0x74, 0x7B, 0x81, 0x3D, 0x69, 0xC6,
+	0x5E, 0x12, 0x83, 0xE9, 0xEF, 0x81, 0x58, 0x36,
+	0x6A, 0x60, 0x0F, 0x54, 0x28, 0x11, 0xF9, 0x64,
+	0x36, 0xAD, 0x79, 0xF5, 0x1C, 0x74, 0xD0, 0xC3,
+	0x7B, 0x61, 0xE1, 0x92, 0xB0, 0x13, 0x91, 0x87,
+	0x32, 0x1F, 0xF2, 0x5A, 0xDA, 0x25, 0x69, 0xEB,
+	0xD7, 0x32, 0x7F, 0xF5, 0x23, 0x21, 0x54, 0x47,
+	0x7B, 0x1B, 0x33, 0xB0, 0x3D, 0xF6, 0xE2, 0x7E,
+	0x3E, 0xA2, 0x9E, 0xCA, 0x48, 0x0B, 0x4A, 0x29,
+	0x81, 0xD4, 0x4E, 0xD5, 0x69, 0xFB, 0xCD, 0x37,
+	0x8A, 0xC1, 0x5B, 0x50, 0xFF, 0xB5, 0x7D, 0x43,
+	0x0F, 0xAE, 0xA6, 0xC2, 0xE5, 0x8F, 0x45, 0xB2,
+	0x85, 0x99, 0x02, 0xA2, 0x9B, 0xBE, 0x90, 0x43,
+	0x4F, 0x2F, 0x50, 0xE2, 0x77, 0x62, 0xD9, 0xCC,
+	0x5D, 0x93, 0x6A, 0x97, 0xFB, 0x1D, 0x01, 0x17,
+	0x90, 0x61, 0x41, 0xD5, 0x5C, 0x43, 0x60, 0xBC,
+	0x21, 0x04, 0x5B, 0xB9, 0xFF, 0x75, 0xF8, 0x1F,
+	0x5C, 0x85, 0x91, 0x08, 0x02, 0xA2, 0xFD, 0x88,
+};
+
 /** AES-192-CBC test vector */
 static const struct blockcipher_test_data aes_test_data_10 = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
@@ -1761,6 +2042,51 @@ static const struct blockcipher_test_data aes_test_data_10 = {
 	}
 };
 
+/** AES-192-CBC SHA1 test vector (SSL/TLS order) */
+static const struct blockcipher_test_data aes_test_data_10_ssl = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0
+		},
+		.len = 24
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_common_ssl,
+		.len = 512
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes192cbc_ssl,
+		.len = 512
+	},
+	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+	.auth_key = {
+		.data = {
+			0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
+			0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
+			0xDE, 0xF4, 0xDE, 0xAD
+		},
+		.len = 20
+	},
+	.digest = {
+		.data = {
+			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60,
+			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
+			0x18, 0x8C, 0x1D, 0x32
+		},
+		.len = 20,
+	}
+};
+
 static const uint8_t ciphertext512_aes256cbc[] = {
 	0xF3, 0xDD, 0xF0, 0x0B, 0xFF, 0xA2, 0x6A, 0x04,
 	0xBE, 0xDA, 0x52, 0xA6, 0xFE, 0x6B, 0xA6, 0xA7,
@@ -1828,6 +2154,77 @@ static const uint8_t ciphertext512_aes256cbc[] = {
 	0xB7, 0x1C, 0x6D, 0xF2, 0xAE, 0x79, 0xA4, 0x7C
 };
 
+static const uint8_t ciphertext512_aes256cbc_ssl[] = {
+	0xF3, 0xDD, 0xF0, 0x0B, 0xFF, 0xA2, 0x6A, 0x04,
+	0xBE, 0xDA, 0x52, 0xA6, 0xFE, 0x6B, 0xA6, 0xA7,
+	0x48, 0x1D, 0x7D, 0x98, 0x65, 0xDB, 0xEF, 0x06,
+	0x26, 0xB5, 0x8E, 0xEB, 0x05, 0x0E, 0x77, 0x98,
+	0x17, 0x8E, 0xD0, 0xD4, 0x7B, 0x92, 0x8F, 0x5C,
+	0xD0, 0x74, 0x5C, 0xA8, 0x4B, 0x54, 0xB6, 0x2F,
+	0x83, 0x72, 0x2C, 0xFF, 0x72, 0xE9, 0xE4, 0x15,
+	0x4C, 0x32, 0xAF, 0xC8, 0xC9, 0x89, 0x3C, 0x6E,
+	0x31, 0xD5, 0xC0, 0x16, 0xC0, 0x31, 0x7D, 0x11,
+	0xAB, 0xCB, 0xDE, 0xD2, 0xD6, 0xAA, 0x76, 0x5E,
+	0xBA, 0xF6, 0xE2, 0x92, 0xCB, 0x86, 0x07, 0xFA,
+	0xD4, 0x9E, 0x83, 0xED, 0xFD, 0xB8, 0x70, 0x54,
+	0x6B, 0xBE, 0xEC, 0x72, 0xDD, 0x28, 0x5E, 0x95,
+	0x78, 0xA5, 0x28, 0x43, 0x3D, 0x6D, 0xB1, 0xD9,
+	0x69, 0x1F, 0xC9, 0x66, 0x0E, 0x32, 0x44, 0x08,
+	0xD2, 0xAE, 0x2C, 0x43, 0xF2, 0xD0, 0x7D, 0x26,
+	0x70, 0xE5, 0xA1, 0xCA, 0x37, 0xE9, 0x7D, 0xC7,
+	0xA3, 0xFA, 0x81, 0x91, 0x64, 0xAA, 0x64, 0x91,
+	0x9A, 0x95, 0x2D, 0xC9, 0xF9, 0xCE, 0xFE, 0x9F,
+	0xC4, 0xD8, 0x81, 0xBE, 0x57, 0x84, 0xC5, 0x02,
+	0xDB, 0x30, 0xC1, 0xD9, 0x0E, 0xA0, 0xA6, 0x00,
+	0xD6, 0xF3, 0x52, 0x7E, 0x0D, 0x23, 0x6B, 0x2B,
+	0x34, 0x99, 0x1F, 0x70, 0x27, 0x6D, 0x58, 0x84,
+	0x93, 0x77, 0xB8, 0x3E, 0xF1, 0x71, 0x58, 0x42,
+	0x8B, 0x2B, 0xC8, 0x6D, 0x05, 0x84, 0xFF, 0x4E,
+	0x85, 0xEF, 0x4A, 0x9D, 0x91, 0x6A, 0xD5, 0xE1,
+	0xAF, 0x01, 0xEB, 0x83, 0x8F, 0x23, 0x7C, 0x7F,
+	0x12, 0x91, 0x05, 0xF0, 0x4E, 0xD9, 0x17, 0x62,
+	0x75, 0xBB, 0xAC, 0x97, 0xEE, 0x3B, 0x4E, 0xC7,
+	0xE5, 0x92, 0xF8, 0x9D, 0x4C, 0xF9, 0xEE, 0x55,
+	0x18, 0xBB, 0xCC, 0xB4, 0xF2, 0x59, 0xB9, 0xFC,
+	0x7A, 0x0F, 0x98, 0xD4, 0x8B, 0xFE, 0xF7, 0x83,
+	0x46, 0xE2, 0x83, 0x33, 0x3E, 0x95, 0x8D, 0x17,
+	0x1E, 0x85, 0xF8, 0x8C, 0x51, 0xB0, 0x6C, 0xB5,
+	0x5E, 0x95, 0xBA, 0x4B, 0x69, 0x1B, 0x48, 0x69,
+	0x0B, 0x8F, 0xA5, 0x18, 0x13, 0xB9, 0x77, 0xD1,
+	0x80, 0x32, 0x32, 0x6D, 0x53, 0xA1, 0x95, 0x40,
+	0x96, 0x8A, 0xCC, 0xA3, 0x69, 0xF8, 0x9F, 0xB5,
+	0x8E, 0xD2, 0x68, 0x07, 0x4F, 0xA7, 0xEC, 0xF8,
+	0x20, 0x21, 0x58, 0xF8, 0xD8, 0x9E, 0x5F, 0x40,
+	0xBA, 0xB9, 0x76, 0x57, 0x3B, 0x17, 0xAD, 0xEE,
+	0xCB, 0xDF, 0x07, 0xC1, 0xDF, 0x66, 0xA8, 0x0D,
+	0xC2, 0xCE, 0x8F, 0x79, 0xC3, 0x32, 0xE0, 0x8C,
+	0xFE, 0x5A, 0xF3, 0x55, 0x27, 0x73, 0x6F, 0xA1,
+	0x54, 0xC6, 0xFC, 0x28, 0x9D, 0xBE, 0x97, 0xB9,
+	0x54, 0x97, 0x72, 0x3A, 0x61, 0xAF, 0x6F, 0xDE,
+	0xF8, 0x0E, 0xBB, 0x6B, 0x96, 0x84, 0xDD, 0x9B,
+	0x62, 0xBA, 0x47, 0xB5, 0xC9, 0x3B, 0x4E, 0x8C,
+	0x78, 0x2A, 0xCC, 0x0A, 0x69, 0x54, 0x25, 0x5E,
+	0x8B, 0xAC, 0x56, 0xD9, 0xFE, 0x48, 0xBA, 0xCE,
+	0xA9, 0xCE, 0xA6, 0x1D, 0xBF, 0x3E, 0x3C, 0x66,
+	0x40, 0x71, 0x79, 0xAD, 0x5B, 0x26, 0xAD, 0xBE,
+	0x58, 0x13, 0x64, 0x60, 0x7C, 0x05, 0xFC, 0xE3,
+	0x51, 0x7A, 0xF2, 0xCC, 0x54, 0x16, 0x2C, 0xA4,
+	0xCE, 0x5F, 0x59, 0x12, 0x77, 0xEB, 0xD9, 0x23,
+	0xE3, 0x86, 0xFB, 0xD7, 0x48, 0x76, 0x9D, 0xE3,
+	0x89, 0x87, 0x39, 0xFA, 0x7B, 0x21, 0x0B, 0x76,
+	0xB2, 0xED, 0x1C, 0x27, 0x4B, 0xD5, 0x27, 0x05,
+	0x8C, 0x7D, 0x58, 0x6C, 0xCA, 0xA5, 0x54, 0x9A,
+	0x0F, 0xCB, 0xE9, 0x88, 0x31, 0xAD, 0x49, 0xEE,
+	0x38, 0xFB, 0xC9, 0xFB, 0xB4, 0x7A, 0x00, 0x58,
+	0x20, 0x32, 0xD3, 0x53, 0x5A, 0xDD, 0x74, 0x95,
+	0x60, 0x59, 0x09, 0xAE, 0x7E, 0xEC, 0x74, 0xA3,
+	0xB7, 0x1C, 0x6D, 0xF2, 0xAE, 0x79, 0xA4, 0x7C,
+	0x50, 0xB1, 0x8D, 0x56, 0x22, 0x75, 0xD6, 0x8F,
+	0x93, 0xB5, 0xED, 0xE8, 0x3D, 0x20, 0x4F, 0x9F,
+	0x80, 0x2F, 0x56, 0x95, 0xA0, 0x80, 0xC6, 0xC2,
+	0xA8, 0x27, 0xFB, 0x48, 0x96, 0x58, 0xA1, 0x93,
+};
+
 /** AES-256-CBC test vector */
 static const struct blockcipher_test_data aes_test_data_11 = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
@@ -1857,6 +2254,52 @@ static const struct blockcipher_test_data aes_test_data_11 = {
 	}
 };
 
+/** AES-256-CBC SHA1 test vector (SSL/TLS order) */
+static const struct blockcipher_test_data aes_test_data_11_ssl = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0,
+			0x37, 0x07, 0xB8, 0x23, 0xA2, 0xA3, 0xB5, 0x8D
+		},
+		.len = 32
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_common_ssl,
+		.len = 512
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes256cbc_ssl,
+		.len = 512
+	},
+	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+	.auth_key = {
+		.data = {
+			0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
+			0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
+			0xDE, 0xF4, 0xDE, 0xAD
+		},
+		.len = 20
+	},
+	.digest = {
+		.data = {
+			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60,
+			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
+			0x18, 0x8C, 0x1D, 0x32
+		},
+		.len = 20,
+	}
+};
+
 /** AES-128-CBC SHA256 HMAC test vector (160 bytes) */
 static const struct blockcipher_test_data aes_test_data_12 = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
@@ -1949,6 +2392,50 @@ static const struct blockcipher_test_data aes_test_data_13 = {
 	}
 };
 
+/** AES-128-CBC SHA1 test vector (SSL/TLS order) */
+static const struct blockcipher_test_data aes_test_data_13_ssl = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+		},
+		.len = 16
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_common_short_ssl,
+		.len = 50
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes128cbc_short_ssl,
+		.len = 50
+	},
+	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+	.auth_key = {
+		.data = {
+			0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+			0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+			0xAA, 0xAA, 0xAA, 0xAA
+		},
+		.len = 20
+	},
+	.digest = {
+		.data = {
+			0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD,
+			0x91, 0xA3, 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F,
+			0x63, 0xF1, 0x75, 0xD3
+		},
+		.len = 20,
+	}
+};
+
 /** XTS-AES-128 test vector (2 keys * 128 bit) */
 static const uint8_t plaintext_aes128xts_16bytes[] = {
 	0xEB, 0xAB, 0xCE, 0x95, 0xB1, 0x4D, 0x3C, 0x8D,
@@ -2886,6 +3373,95 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
 		.test_data = &aes_test_data_21,
 		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
 	},
+	{
+		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest"
+			"(SSL/TLS order)",
+		.test_data = &aes_test_data_4_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
+	},
+	{
+		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
+			"Scatter Gather (SSL/TLS order)",
+		.test_data = &aes_test_data_4_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
+		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
+	},
+	{
+		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
+			"(short buffers) (SSL/TLS order)",
+		.test_data = &aes_test_data_13_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
+	},
+	{
+		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
+			"Scatter Gather (SSL/TLS order)",
+		.test_data = &aes_test_data_4_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
+		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
+	},
+	{
+		.test_descr = "AES-192-CBC HMAC-SHA1 Encryption Digest "
+			"Sessionless (SSL/TLS order)",
+		.test_data = &aes_test_data_10_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
+		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
+	},
+	{
+		.test_descr = "AES-256-CBC HMAC-SHA1 Encryption Digest "
+			"Scatter Gather Sessionless (SSL/TLS order)",
+		.test_data = &aes_test_data_11_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
+		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
+			BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
+	},
+	{
+		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
+			"Verify (SSL/TLS order)",
+		.test_data = &aes_test_data_4_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
+	},
+	{
+		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
+			"Verify Scatter Gather (SSL/TLS order)",
+		.test_data = &aes_test_data_4_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
+		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
+	},
+	{
+		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
+			"Verify (short buffers) (SSL/TLS order)",
+		.test_data = &aes_test_data_13_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
+	},
+	{
+		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
+			"Verify Scatter Gather (SSL/TLS order)",
+		.test_data = &aes_test_data_4_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
+		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
+	},
+	{
+		.test_descr = "AES-256-CBC HMAC-SHA1 Decryption Digest "
+			"Verify Sessionless (SSL/TLS order)",
+		.test_data = &aes_test_data_11_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
+		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
+	},
+	{
+		.test_descr = "AES-192-CBC HMAC-SHA1 Decryption Digest "
+			"Verify Scatter Gather Sessionless (SSL/TLS order)",
+		.test_data = &aes_test_data_10_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
+		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS |
+				BLOCKCIPHER_TEST_FEATURE_SG,
+	},
+	{
+		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
+			"Verify Sessionless (SSL/TLS order)",
+		.test_data = &aes_test_data_4_ssl,
+		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
+		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
+	}
 };
 
 static const struct blockcipher_test_case aes_docsis_test_cases[] = {
diff --git a/app/test/test_cryptodev_blockcipher.c b/app/test/test_cryptodev_blockcipher.c
index 135e57b9fa..9d112d033c 100644
--- a/app/test/test_cryptodev_blockcipher.c
+++ b/app/test/test_cryptodev_blockcipher.c
@@ -94,6 +94,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	uint8_t dst_pattern = 0xb6;
 	uint8_t tmp_src_buf[MBUF_SIZE];
 	uint8_t tmp_dst_buf[MBUF_SIZE];
+	uint32_t pad_len;
 
 	int nb_segs = 1;
 	uint32_t nb_iterates = 0;
@@ -185,6 +186,22 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH)
 		buf_len += digest_len;
 
+	/* only aes-cbc cipher is supported for
+	 * auth followed by encryption case
+	 */
+	if ((t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER) &&
+		(t->test_data->crypto_algo != RTE_CRYPTO_CIPHER_AES_CBC)) {
+		snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
+			"line %u FAILED: %s",
+			__LINE__, "Unsupported cipher algorithm");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
+	pad_len = RTE_ALIGN(buf_len, 16) - buf_len;
+	if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
+		buf_len += pad_len;
+
 	/* for contiguous mbuf, nb_segs is 1 */
 	ibuf = create_segmented_mbuf(mbuf_pool,
 			tdata->ciphertext.len, nb_segs, src_pattern);
@@ -209,9 +226,31 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 
 	buf_p = rte_pktmbuf_append(ibuf, digest_len);
 	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
-		rte_memcpy(buf_p, tdata->digest.data, digest_len);
+		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
+			rte_memcpy(buf_p,
+				tdata->ciphertext.data + tdata->ciphertext.len,
+				 digest_len);
+		else
+			rte_memcpy(buf_p, tdata->digest.data, digest_len);
 	else
 		memset(buf_p, 0, digest_len);
+	if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER) {
+		buf_p = rte_pktmbuf_append(ibuf, pad_len);
+		if (!buf_p) {
+			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
+				"FAILED: %s", __LINE__,
+				"No room to append mbuf");
+			status = TEST_FAILED;
+			goto error_exit;
+		}
+		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY) {
+			const uint8_t *temp_p = tdata->ciphertext.data +
+					tdata->ciphertext.len +
+					digest_len;
+			rte_memcpy(buf_p, temp_p, pad_len);
+		} else
+			memset(buf_p, 0xa5, pad_len);
+	}
 
 	if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP) {
 		obuf = rte_pktmbuf_alloc(mbuf_pool);
@@ -224,7 +263,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		}
 		memset(obuf->buf_addr, dst_pattern, obuf->buf_len);
 
-		buf_p = rte_pktmbuf_append(obuf, buf_len);
+		buf_p = rte_pktmbuf_append(obuf, buf_len + pad_len);
 		if (!buf_p) {
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
 				"FAILED: %s", __LINE__,
@@ -359,6 +398,26 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 			cipher_xform->next = NULL;
 			init_xform = auth_xform;
 		}
+	} else if (t->op_mask == BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC) {
+		if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
+			auth_xform = op->sym->xform;
+			cipher_xform = auth_xform->next;
+			cipher_xform->next = NULL;
+		} else {
+			auth_xform->next = cipher_xform;
+			cipher_xform->next = NULL;
+			init_xform = auth_xform;
+		}
+	} else if (t->op_mask == BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY) {
+		if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
+			cipher_xform = op->sym->xform;
+			auth_xform = cipher_xform->next;
+			auth_xform->next = NULL;
+		} else {
+			cipher_xform->next = auth_xform;
+			auth_xform->next = NULL;
+			init_xform = cipher_xform;
+		}
 	} else if ((t->op_mask == BLOCKCIPHER_TEST_OP_ENCRYPT) ||
 			(t->op_mask == BLOCKCIPHER_TEST_OP_DECRYPT)) {
 		if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)
@@ -403,6 +462,10 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		sym_op->cipher.data.offset = tdata->cipher_offset;
 		sym_op->cipher.data.length = tdata->ciphertext.len -
 				tdata->cipher_offset;
+		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER) {
+			sym_op->cipher.data.length += tdata->digest.len;
+			sym_op->cipher.data.length += pad_len;
+		}
 		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 				tdata->iv.data,
 				tdata->iv.len);
@@ -540,6 +603,8 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 					tdata->cipher_offset;
 			compare_len = tdata->ciphertext.len -
 					tdata->cipher_offset;
+			if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
+				compare_len += tdata->digest.len;
 		} else {
 			compare_ref = tdata->plaintext.data +
 					tdata->cipher_offset;
@@ -558,18 +623,20 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		}
 	}
 
-	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
-		uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
-					tdata->ciphertext.len);
+	/* Check digest data only in enc-then-auth_gen case */
+	if (!(t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER))
+		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
+			uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
+						tdata->ciphertext.len);
 
-		if (memcmp(auth_res, tdata->digest.data, digest_len)) {
-			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
-				"FAILED: %s", __LINE__, "Generated "
-				"digest data not as expected");
-			status = TEST_FAILED;
-			goto error_exit;
+			if (memcmp(auth_res, tdata->digest.data, digest_len)) {
+				snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
+					"FAILED: %s", __LINE__, "Generated "
+					"digest data not as expected");
+				status = TEST_FAILED;
+				goto error_exit;
+			}
 		}
-	}
 
 	/* The only parts that should have changed in the buffer are
 	 * plaintext/ciphertext and digest.
@@ -631,6 +698,10 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 			changed_len = sym_op->cipher.data.length;
 		}
 
+		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
+			changed_len = sym_op->cipher.data.length +
+				digest_len + pad_len;
+
 		for (i = 0; i < mbuf->buf_len; i++) {
 			if (i == head_unchanged_len)
 				i += changed_len;
@@ -687,6 +758,9 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
 			changed_len += digest_len;
 
+		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
+			changed_len = sym_op->cipher.data.length;
+
 		for (i = 0; i < mbuf->buf_len; i++) {
 
 			/* Skip headroom used by PMD */
diff --git a/app/test/test_cryptodev_blockcipher.h b/app/test/test_cryptodev_blockcipher.h
index 8990716844..c72cfe5342 100644
--- a/app/test/test_cryptodev_blockcipher.h
+++ b/app/test/test_cryptodev_blockcipher.h
@@ -13,6 +13,7 @@
 #define BLOCKCIPHER_TEST_OP_DECRYPT		0x02
 #define BLOCKCIPHER_TEST_OP_AUTH_GEN	0x04
 #define BLOCKCIPHER_TEST_OP_AUTH_VERIFY	0x08
+#define BLOCKCIPHER_TEST_OP_SSL_ORDER	0x10
 
 #define BLOCKCIPHER_TEST_FEATURE_OOP			0x01
 #define BLOCKCIPHER_TEST_FEATURE_SESSIONLESS	0x02
@@ -31,6 +32,14 @@
 #define BLOCKCIPHER_TEST_OP_AUTH_VERIFY_DEC	(BLOCKCIPHER_TEST_OP_DECRYPT | \
 					BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
 
+#define BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC	(BLOCKCIPHER_TEST_OP_ENCRYPT | \
+					BLOCKCIPHER_TEST_OP_AUTH_GEN | \
+					BLOCKCIPHER_TEST_OP_SSL_ORDER)
+
+#define BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY	(BLOCKCIPHER_TEST_OP_DECRYPT | \
+					BLOCKCIPHER_TEST_OP_AUTH_VERIFY | \
+					BLOCKCIPHER_TEST_OP_SSL_ORDER)
+
 enum blockcipher_test_type {
 	BLKCIPHER_AES_CHAIN_TYPE,	/* use aes_chain_test_cases[] */
 	BLKCIPHER_AES_CIPHERONLY_TYPE,	/* use aes_cipheronly_test_cases[] */
diff --git a/doc/guides/rel_notes/release_21_02.rst b/doc/guides/rel_notes/release_21_02.rst
index d1d4b25665..eb2d4ab2d9 100644
--- a/doc/guides/rel_notes/release_21_02.rst
+++ b/doc/guides/rel_notes/release_21_02.rst
@@ -61,6 +61,12 @@ New Features
     followed by encryption and decryption followed by auth verify in OCTEONT TX
     and OCTEON TX2 crypto PMDs.
 
+* **Updated unit test sample application.**
+
+  * Added SSL/TLS way of cipher-auth operations support i.e. auth generation
+    followed by encryption and decryption followed by auth verify in sample
+    unit test application.
+
 
 Removed Items
 -------------
-- 
2.27.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations
  2020-12-18 14:10 [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations Tejasree Kondoj
  2020-12-18 14:10 ` [dpdk-dev] [PATCH 1/2] common/cpt: " Tejasree Kondoj
  2020-12-18 14:10 ` [dpdk-dev] [PATCH 2/2] test/crypto: " Tejasree Kondoj
@ 2021-01-15  5:31 ` Anoob Joseph
  2021-01-21  7:26 ` Tejasree Kondoj
  3 siblings, 0 replies; 14+ messages in thread
From: Anoob Joseph @ 2021-01-15  5:31 UTC (permalink / raw)
  To: Tejasree Kondoj, Akhil Goyal, Radu Nicolau
  Cc: Tejasree Kondoj, Ankur Dwivedi, dev

> 
> This series adds SSL/TLS way of cipher-auth operations support i.e. auth
> generation followed by encryption and decryption followed by auth verify in
> OCTEON TX, OCTEON TX2 PMDs and sample unit test application.
> 
> Tejasree Kondoj (2):
>   common/cpt: support SSL/TLS way of cipher-auth operations
>   test/crypto: support SSL/TLS way of cipher-auth operations
> 
>  app/test/test_cryptodev_aes_test_vectors.h    | 576
> ++++++++++++++++++
>  app/test/test_cryptodev_blockcipher.c         |  98 ++-
>  app/test/test_cryptodev_blockcipher.h         |   9 +
>  doc/guides/rel_notes/release_21_02.rst        |  12 +
>  drivers/common/cpt/cpt_mcode_defines.h        |   7 +-
>  drivers/common/cpt/cpt_ucode.h                |  42 +-
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   |   8 +-
>  drivers/crypto/octeontx2/otx2_cryptodev_ops.c |   8 +-
>  8 files changed, 736 insertions(+), 24 deletions(-)
> 

Series Acked-by: Anoob Joseph <anoobj@marvell.com>

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
  2020-12-18 14:10 ` [dpdk-dev] [PATCH 2/2] test/crypto: " Tejasree Kondoj
@ 2021-01-19 17:00   ` Akhil Goyal
  2021-01-19 18:02     ` Doherty, Declan
                       ` (2 more replies)
  2021-01-21  9:26   ` Kusztal, ArkadiuszX
  1 sibling, 3 replies; 14+ messages in thread
From: Akhil Goyal @ 2021-01-19 17:00 UTC (permalink / raw)
  To: Tejasree Kondoj, Radu Nicolau, Trahe, Fiona, Fan Zhang
  Cc: Anoob Joseph, Ankur Dwivedi, dev

Hi Tejasree,

> Subject: [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
> 
> Adding support for SSL/TLS way of cipher-auth operations order
>     - auth generation followed by encryption
>     - decryption followed by auth verify
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---

With this patch the following existing case is failing on NXP platforms. Please check.

  10) TestCase AES-128-CBC HMAC-SHA1 Encryption Digest Scatter Gather line 634 FAILED: Generated digest data not as expected

Fiona/Fan,
Could you please check this patch on intel platform?

Regards,
Akhil



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
  2021-01-19 17:00   ` Akhil Goyal
@ 2021-01-19 18:02     ` Doherty, Declan
  2021-01-20 12:51     ` Zhang, Roy Fan
  2021-01-20 14:34     ` Zhang, Roy Fan
  2 siblings, 0 replies; 14+ messages in thread
From: Doherty, Declan @ 2021-01-19 18:02 UTC (permalink / raw)
  To: Akhil Goyal, Tejasree Kondoj, Radu Nicolau, Trahe, Fiona, Fan Zhang
  Cc: Anoob Joseph, Ankur Dwivedi, dev



On 19/01/2021 5:00 PM, Akhil Goyal wrote:
> Hi Tejasree,
> 
>> Subject: [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
>>
>> Adding support for SSL/TLS way of cipher-auth operations order
>>      - auth generation followed by encryption
>>      - decryption followed by auth verify
>>
>> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
>> ---
> 
> With this patch the following existing case is failing on NXP platforms. Please check.
> 
>    10) TestCase AES-128-CBC HMAC-SHA1 Encryption Digest Scatter Gather line 634 FAILED: Generated digest data not as expected
> 
> Fiona/Fan,
> Could you please check this patch on intel platform?
> 
> Regards,
> Akhil
> 
> 


Hey Akhil, we'll check it out and let you know tomorrow.

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
  2021-01-19 17:00   ` Akhil Goyal
  2021-01-19 18:02     ` Doherty, Declan
@ 2021-01-20 12:51     ` Zhang, Roy Fan
  2021-01-20 14:34     ` Zhang, Roy Fan
  2 siblings, 0 replies; 14+ messages in thread
From: Zhang, Roy Fan @ 2021-01-20 12:51 UTC (permalink / raw)
  To: Akhil Goyal, Tejasree Kondoj, Nicolau, Radu, Trahe, Fiona
  Cc: Anoob Joseph, Ankur Dwivedi, dev

Hi Akhil and Tejasree,

Yes it failed at RAW API tests

RTE>>cryptodev_qat_raw_api_autotest
...
  49) TestCase AES-128-CBC HMAC-SHA1 Encryption Digest(SSL/TLS order) line 619 FAILED: Crypto data not as expected
  50) TestCase AES-128-CBC HMAC-SHA1 Encryption Digest Scatter Gather (SSL/TLS order) line 619 FAILED: Crypto data not as expected
  51) TestCase AES-128-CBC HMAC-SHA1 Encryption Digest (short buffers) (SSL/TLS order) line 619 FAILED: Crypto data not as expected
  52) TestCase AES-128-CBC HMAC-SHA1 Encryption Digest Scatter Gather (SSL/TLS order) line 619 FAILED: Crypto data not as expected
Device doesn't support sessionless operations Test Skipped.
  53) TestCase AES-192-CBC HMAC-SHA1 Encryption Digest Sessionless (SSL/TLS order) SKIPPED
Device doesn't support sessionless operations Test Skipped.
  54) TestCase AES-256-CBC HMAC-SHA1 Encryption Digest Scatter Gather Sessionless (SSL/TLS order) SKIPPED
  55) TestCase AES-128-CBC HMAC-SHA1 Decryption Digest Verify (SSL/TLS order) line 591 FAILED: Operation failed (0x5)
  56) TestCase AES-128-CBC HMAC-SHA1 Decryption Digest Verify Scatter Gather (SSL/TLS order) line 591 FAILED: Operation failed (0x5)
  57) TestCase AES-128-CBC HMAC-SHA1 Decryption Digest Verify (short buffers) (SSL/TLS order) line 591 FAILED: Operation failed (0x5)
  58) TestCase AES-128-CBC HMAC-SHA1 Decryption Digest Verify Scatter Gather (SSL/TLS order) line 591 FAILED: Operation failed (0x5)
Device doesn't support sessionless operations Test Skipped.
  59) TestCase AES-256-CBC HMAC-SHA1 Decryption Digest Verify Sessionless (SSL/TLS order) SKIPPED
Device doesn't support sessionless operations Test Skipped.
  60) TestCase AES-192-CBC HMAC-SHA1 Decryption Digest Verify Scatter Gather Sessionless (SSL/TLS order) SKIPPED
Device doesn't support sessionless operations Test Skipped.
  61) TestCase AES-128-CBC HMAC-SHA1 Decryption Digest Verify Sessionless (SSL/TLS order) SKIPPED
EAL: Test assert test_blockcipher line 1937 failed: Test failed
 + TestCase [ 8] : test_AES_cipheronly_all failed

Looks like the " AES-128-CBC HMAC-SHA1 * (SSL/TLS order)" tests are in the wrong place as this is a cipher only test sub-suite but you are testing chained operation.

Regards,
Fan

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Tuesday, January 19, 2021 5:01 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Nicolau, Radu
> <radu.nicolau@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>; Zhang,
> Roy Fan <roy.fan.zhang@intel.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; dev@dpdk.org
> Subject: RE: [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth
> operations
> 
> Hi Tejasree,
> 
> > Subject: [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth
> operations
> >
> > Adding support for SSL/TLS way of cipher-auth operations order
> >     - auth generation followed by encryption
> >     - decryption followed by auth verify
> >
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > ---
> 
> With this patch the following existing case is failing on NXP platforms. Please
> check.
> 
>   10) TestCase AES-128-CBC HMAC-SHA1 Encryption Digest Scatter Gather line
> 634 FAILED: Generated digest data not as expected
> 
> Fiona/Fan,
> Could you please check this patch on intel platform?
> 
> Regards,
> Akhil
> 


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
  2021-01-19 17:00   ` Akhil Goyal
  2021-01-19 18:02     ` Doherty, Declan
  2021-01-20 12:51     ` Zhang, Roy Fan
@ 2021-01-20 14:34     ` Zhang, Roy Fan
  2021-01-20 14:40       ` Tejasree Kondoj
  2 siblings, 1 reply; 14+ messages in thread
From: Zhang, Roy Fan @ 2021-01-20 14:34 UTC (permalink / raw)
  To: Akhil Goyal, Tejasree Kondoj, Nicolau, Radu, Trahe, Fiona
  Cc: Anoob Joseph, Ankur Dwivedi, dev

Hi Akhil,

I just did the check. QAT Raw API test did failed on newly added cases.
The patch needs to be updated - as all newly added tests are in aes_cipheronly_test_cases array, where clearly they are chained algorithm tests.

But the problem is not the only reason that causes the test fail - I will submit a QAT PMD fix patch for that.

Regards,
Fan

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Tuesday, January 19, 2021 5:01 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Nicolau, Radu
> <radu.nicolau@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>; Zhang,
> Roy Fan <roy.fan.zhang@intel.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; dev@dpdk.org
> Subject: RE: [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth
> operations
> 
> Hi Tejasree,
> 
> > Subject: [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth
> operations
> >
> > Adding support for SSL/TLS way of cipher-auth operations order
> >     - auth generation followed by encryption
> >     - decryption followed by auth verify
> >
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > ---
> 
> With this patch the following existing case is failing on NXP platforms. Please
> check.
> 
>   10) TestCase AES-128-CBC HMAC-SHA1 Encryption Digest Scatter Gather line
> 634 FAILED: Generated digest data not as expected
> 
> Fiona/Fan,
> Could you please check this patch on intel platform?
> 
> Regards,
> Akhil
> 


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
  2021-01-20 14:34     ` Zhang, Roy Fan
@ 2021-01-20 14:40       ` Tejasree Kondoj
  0 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2021-01-20 14:40 UTC (permalink / raw)
  To: Zhang, Roy Fan, Akhil Goyal, Nicolau, Radu, Trahe, Fiona
  Cc: Anoob Joseph, Ankur Dwivedi, dev

Hi Akhil and Fan,

I'll send v2 moving SSL/TLS test cases to aes_chain_test_cases array.

Thanks
Tejasree

> -----Original Message-----
> From: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Sent: Wednesday, January 20, 2021 8:04 PM
> To: Akhil Goyal <akhil.goyal@nxp.com>; Tejasree Kondoj
> <ktejasree@marvell.com>; Nicolau, Radu <radu.nicolau@intel.com>; Trahe,
> Fiona <fiona.trahe@intel.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; dev@dpdk.org
> Subject: [EXT] RE: [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-
> auth operations
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Akhil,
> 
> I just did the check. QAT Raw API test did failed on newly added cases.
> The patch needs to be updated - as all newly added tests are in
> aes_cipheronly_test_cases array, where clearly they are chained algorithm
> tests.
> 
> But the problem is not the only reason that causes the test fail - I will submit
> a QAT PMD fix patch for that.
> 
> Regards,
> Fan
> 
> > -----Original Message-----
> > From: Akhil Goyal <akhil.goyal@nxp.com>
> > Sent: Tuesday, January 19, 2021 5:01 PM
> > To: Tejasree Kondoj <ktejasree@marvell.com>; Nicolau, Radu
> > <radu.nicolau@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>; Zhang,
> > Roy Fan <roy.fan.zhang@intel.com>
> > Cc: Anoob Joseph <anoobj@marvell.com>; Ankur Dwivedi
> > <adwivedi@marvell.com>; dev@dpdk.org
> > Subject: RE: [PATCH 2/2] test/crypto: support SSL/TLS way of
> > cipher-auth operations
> >
> > Hi Tejasree,
> >
> > > Subject: [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth
> > operations
> > >
> > > Adding support for SSL/TLS way of cipher-auth operations order
> > >     - auth generation followed by encryption
> > >     - decryption followed by auth verify
> > >
> > > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > > ---
> >
> > With this patch the following existing case is failing on NXP
> > platforms. Please check.
> >
> >   10) TestCase AES-128-CBC HMAC-SHA1 Encryption Digest Scatter Gather
> > line
> > 634 FAILED: Generated digest data not as expected
> >
> > Fiona/Fan,
> > Could you please check this patch on intel platform?
> >
> > Regards,
> > Akhil
> >


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations
  2020-12-18 14:10 [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations Tejasree Kondoj
                   ` (2 preceding siblings ...)
  2021-01-15  5:31 ` [dpdk-dev] [PATCH 0/2] " Anoob Joseph
@ 2021-01-21  7:26 ` Tejasree Kondoj
  2021-01-25 16:56   ` Akhil Goyal
  3 siblings, 1 reply; 14+ messages in thread
From: Tejasree Kondoj @ 2021-01-21  7:26 UTC (permalink / raw)
  To: Tejasree Kondoj, Akhil Goyal, Radu Nicolau
  Cc: Anoob Joseph, Ankur Dwivedi, dev, Zhang, Roy Fan, Trahe, Fiona

Hi Akhil,

I'm planning to add device feature flag(RTE_CRYPTODEV_FF_SSL_ORDER) 
along with SSL test cases movement to chain array in v2. Would that be fine?
Feature flag is needed to skip SSL test cases if device doesn't support them.

Thanks
Tejasree

> -----Original Message-----
> From: Tejasree Kondoj <ktejasree@marvell.com>
> Sent: Friday, December 18, 2020 7:40 PM
> To: Akhil Goyal <akhil.goyal@nxp.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Tejasree Kondoj <ktejasree@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> dev@dpdk.org
> Subject: [PATCH 0/2] support SSL/TLS way of cipher-auth operations
> 
> This series adds SSL/TLS way of cipher-auth operations support i.e. auth
> generation followed by encryption and decryption followed by auth verify in
> OCTEON TX, OCTEON TX2 PMDs and sample unit test application.
> 
> Tejasree Kondoj (2):
>   common/cpt: support SSL/TLS way of cipher-auth operations
>   test/crypto: support SSL/TLS way of cipher-auth operations
> 
>  app/test/test_cryptodev_aes_test_vectors.h    | 576 ++++++++++++++++++
>  app/test/test_cryptodev_blockcipher.c         |  98 ++-
>  app/test/test_cryptodev_blockcipher.h         |   9 +
>  doc/guides/rel_notes/release_21_02.rst        |  12 +
>  drivers/common/cpt/cpt_mcode_defines.h        |   7 +-
>  drivers/common/cpt/cpt_ucode.h                |  42 +-
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   |   8 +-
>  drivers/crypto/octeontx2/otx2_cryptodev_ops.c |   8 +-
>  8 files changed, 736 insertions(+), 24 deletions(-)
> 
> --
> 2.27.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
  2020-12-18 14:10 ` [dpdk-dev] [PATCH 2/2] test/crypto: " Tejasree Kondoj
  2021-01-19 17:00   ` Akhil Goyal
@ 2021-01-21  9:26   ` Kusztal, ArkadiuszX
  2021-01-21 10:02     ` Tejasree Kondoj
  1 sibling, 1 reply; 14+ messages in thread
From: Kusztal, ArkadiuszX @ 2021-01-21  9:26 UTC (permalink / raw)
  To: Tejasree Kondoj, Akhil Goyal, Nicolau, Radu
  Cc: Anoob Joseph, Ankur Dwivedi, dev

Hi Tejasree,

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Tejasree Kondoj
> Sent: piątek, 18 grudnia 2020 15:10
> To: Akhil Goyal <akhil.goyal@nxp.com>; Nicolau, Radu
> <radu.nicolau@intel.com>
> Cc: Tejasree Kondoj <ktejasree@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> dev@dpdk.org
> Subject: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth
> operations
> 
> Adding support for SSL/TLS way of cipher-auth operations order
>     - auth generation followed by encryption
>     - decryption followed by auth verify
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
>  app/test/test_cryptodev_aes_test_vectors.h | 576 +++++++++++++++++++++
>  app/test/test_cryptodev_blockcipher.c      |  98 +++-
>  app/test/test_cryptodev_blockcipher.h      |   9 +
>  doc/guides/rel_notes/release_21_02.rst     |   6 +
>  4 files changed, 677 insertions(+), 12 deletions(-)
> 
> diff --git a/app/test/test_cryptodev_aes_test_vectors.h
> b/app/test/test_cryptodev_aes_test_vectors.h
> index c192d75a7e..c239c1cb35 100644
> --- a/app/test/test_cryptodev_aes_test_vectors.h
> +++ b/app/test/test_cryptodev_aes_test_vectors.h
> @@ -1093,6 +1093,172 @@ static const uint8_t
> ciphertext512_aes128cbc_aad[] = {
>  	0x73, 0x65, 0x72, 0x73, 0x2C, 0x20, 0x73, 0x75  };
> 
> +static const uint8_t plaintext_aes_common_ssl[] = {
> +	0x57, 0x68, 0x61, 0x74, 0x20, 0x61, 0x20, 0x6C,
> +	0x6F, 0x75, 0x73, 0x79, 0x20, 0x65, 0x61, 0x72,
> +	0x74, 0x68, 0x21, 0x20, 0x48, 0x65, 0x20, 0x77,
> +	0x6F, 0x6E, 0x64, 0x65, 0x72, 0x65, 0x64, 0x20,
> +	0x68, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E, 0x79,
> +	0x20, 0x70, 0x65, 0x6F, 0x70, 0x6C, 0x65, 0x20,
> +	0x77, 0x65, 0x72, 0x65, 0x20, 0x64, 0x65, 0x73,
> +	0x74, 0x69, 0x74, 0x75, 0x74, 0x65, 0x20, 0x74,
> +	0x68, 0x61, 0x74, 0x20, 0x73, 0x61, 0x6D, 0x65,
> +	0x20, 0x6E, 0x69, 0x67, 0x68, 0x74, 0x20, 0x65,
> +	0x76, 0x65, 0x6E, 0x20, 0x69, 0x6E, 0x20, 0x68,
> +	0x69, 0x73, 0x20, 0x6F, 0x77, 0x6E, 0x20, 0x70,
> +	0x72, 0x6F, 0x73, 0x70, 0x65, 0x72, 0x6F, 0x75,
> +	0x73, 0x20, 0x63, 0x6F, 0x75, 0x6E, 0x74, 0x72,
> +	0x79, 0x2C, 0x20, 0x68, 0x6F, 0x77, 0x20, 0x6D,
> +	0x61, 0x6E, 0x79, 0x20, 0x68, 0x6F, 0x6D, 0x65,
> +	0x73, 0x20, 0x77, 0x65, 0x72, 0x65, 0x20, 0x73,
> +	0x68, 0x61, 0x6E, 0x74, 0x69, 0x65, 0x73, 0x2C,
> +	0x20, 0x68, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E,
> +	0x79, 0x20, 0x68, 0x75, 0x73, 0x62, 0x61, 0x6E,
> +	0x64, 0x73, 0x20, 0x77, 0x65, 0x72, 0x65, 0x20,
> +	0x64, 0x72, 0x75, 0x6E, 0x6B, 0x20, 0x61, 0x6E,
> +	0x64, 0x20, 0x77, 0x69, 0x76, 0x65, 0x73, 0x20,
> +	0x73, 0x6F, 0x63, 0x6B, 0x65, 0x64, 0x2C, 0x20,
> +	0x61, 0x6E, 0x64, 0x20, 0x68, 0x6F, 0x77, 0x20,
> +	0x6D, 0x61, 0x6E, 0x79, 0x20, 0x63, 0x68, 0x69,
> +	0x6C, 0x64, 0x72, 0x65, 0x6E, 0x20, 0x77, 0x65,
> +	0x72, 0x65, 0x20, 0x62, 0x75, 0x6C, 0x6C, 0x69,
> +	0x65, 0x64, 0x2C, 0x20, 0x61, 0x62, 0x75, 0x73,
> +	0x65, 0x64, 0x2C, 0x20, 0x6F, 0x72, 0x20, 0x61,
> +	0x62, 0x61, 0x6E, 0x64, 0x6F, 0x6E, 0x65, 0x64,
> +	0x2E, 0x20, 0x48, 0x6F, 0x77, 0x20, 0x6D, 0x61,
> +	0x6E, 0x79, 0x20, 0x66, 0x61, 0x6D, 0x69, 0x6C,
> +	0x69, 0x65, 0x73, 0x20, 0x68, 0x75, 0x6E, 0x67,
> +	0x65, 0x72, 0x65, 0x64, 0x20, 0x66, 0x6F, 0x72,
> +	0x20, 0x66, 0x6F, 0x6F, 0x64, 0x20, 0x74, 0x68,
> +	0x65, 0x79, 0x20, 0x63, 0x6F, 0x75, 0x6C, 0x64,
> +	0x20, 0x6E, 0x6F, 0x74, 0x20, 0x61, 0x66, 0x66,
> +	0x6F, 0x72, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x62,
> +	0x75, 0x79, 0x3F, 0x20, 0x48, 0x6F, 0x77, 0x20,
> +	0x6D, 0x61, 0x6E, 0x79, 0x20, 0x68, 0x65, 0x61,
> +	0x72, 0x74, 0x73, 0x20, 0x77, 0x65, 0x72, 0x65,
> +	0x20, 0x62, 0x72, 0x6F, 0x6B, 0x65, 0x6E, 0x3F,
> +	0x20, 0x48, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E,
> +	0x79, 0x20, 0x73, 0x75, 0x69, 0x63, 0x69, 0x64,
> +	0x65, 0x73, 0x20, 0x77, 0x6F, 0x75, 0x6C, 0x64,
> +	0x20, 0x74, 0x61, 0x6B, 0x65, 0x20, 0x70, 0x6C,
> +	0x61, 0x63, 0x65, 0x20, 0x74, 0x68, 0x61, 0x74,
> +	0x20, 0x73, 0x61, 0x6D, 0x65, 0x20, 0x6E, 0x69,
> +	0x67, 0x68, 0x74, 0x2C, 0x20, 0x68, 0x6F, 0x77,
> +	0x20, 0x6D, 0x61, 0x6E, 0x79, 0x20, 0x70, 0x65,
> +	0x6F, 0x70, 0x6C, 0x65, 0x20, 0x77, 0x6F, 0x75,
> +	0x6C, 0x64, 0x20, 0x67, 0x6F, 0x20, 0x69, 0x6E,
> +	0x73, 0x61, 0x6E, 0x65, 0x3F, 0x20, 0x48, 0x6F,
> +	0x77, 0x20, 0x6D, 0x61, 0x6E, 0x79, 0x20, 0x63,
> +	0x6F, 0x63, 0x6B, 0x72, 0x6F, 0x61, 0x63, 0x68,
> +	0x65, 0x73, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x6C,
> +	0x61, 0x6E, 0x64, 0x6C, 0x6F, 0x72, 0x64, 0x73,
> +	0x20, 0x77, 0x6F, 0x75, 0x6C, 0x64, 0x20, 0x74,
> +	0x72, 0x69, 0x75, 0x6D, 0x70, 0x68, 0x3F, 0x20,
> +	0x48, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E, 0x79,
> +	0x20, 0x77, 0x69, 0x6E, 0x6E, 0x65, 0x72, 0x73,
> +	0x20, 0x77, 0x65, 0x72, 0x65, 0x20, 0x6c, 0x6f,
> +	0x73, 0x65, 0x72, 0x73, 0x2c, 0x20, 0x73, 0x75,
> +	/* mac */
> +	0xC4, 0xB7, 0x0E, 0x6B, 0xDE, 0xD1, 0xE7, 0x77,
> +	0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
> +	0x3F, 0x91, 0x64, 0x59
> +};
> +
> +static const uint8_t ciphertext512_aes128cbc_ssl[] = {
> +	0x8B, 0x4D, 0xDA, 0x1B, 0xCF, 0x04, 0xA0, 0x31,
> +	0xB4, 0xBF, 0xBD, 0x68, 0x43, 0x20, 0x7E, 0x76,
> +	0xB1, 0x96, 0x8B, 0xA2, 0x7C, 0xA2, 0x83, 0x9E,
> +	0x39, 0x5A, 0x2F, 0x7E, 0x92, 0xB4, 0x48, 0x1A,
> +	0x3F, 0x6B, 0x5D, 0xDF, 0x52, 0x85, 0x5F, 0x8E,
> +	0x42, 0x3C, 0xFB, 0xE9, 0x1A, 0x24, 0xD6, 0x08,
> +	0xDD, 0xFD, 0x16, 0xFB, 0xE9, 0x55, 0xEF, 0xF0,
> +	0xA0, 0x8D, 0x13, 0xAB, 0x81, 0xC6, 0x90, 0x01,
> +	0xB5, 0x18, 0x84, 0xB3, 0xF6, 0xE6, 0x11, 0x57,
> +	0xD6, 0x71, 0xC6, 0x3C, 0x3F, 0x2F, 0x33, 0xEE,
> +	0x24, 0x42, 0x6E, 0xAC, 0x0B, 0xCA, 0xEC, 0xF9,
> +	0x84, 0xF8, 0x22, 0xAA, 0x60, 0xF0, 0x32, 0xA9,
> +	0x75, 0x75, 0x3B, 0xCB, 0x70, 0x21, 0x0A, 0x8D,
> +	0x0F, 0xE0, 0xC4, 0x78, 0x2B, 0xF8, 0x97, 0xE3,
> +	0xE4, 0x26, 0x4B, 0x29, 0xDA, 0x88, 0xCD, 0x46,
> +	0xEC, 0xAA, 0xF9, 0x7F, 0xF1, 0x15, 0xEA, 0xC3,
> +	0x87, 0xE6, 0x31, 0xF2, 0xCF, 0xDE, 0x4D, 0x80,
> +	0x70, 0x91, 0x7E, 0x0C, 0xF7, 0x26, 0x3A, 0x92,
> +	0x4F, 0x18, 0x83, 0xC0, 0x8F, 0x59, 0x01, 0xA5,
> +	0x88, 0xD1, 0xDB, 0x26, 0x71, 0x27, 0x16, 0xF5,
> +	0xEE, 0x10, 0x82, 0xAC, 0x68, 0x26, 0x9B, 0xE2,
> +	0x6D, 0xD8, 0x9A, 0x80, 0xDF, 0x04, 0x31, 0xD5,
> +	0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
> +	0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
> +	0x73, 0x02, 0x42, 0xC9, 0x23, 0x18, 0x8E, 0xB4,
> +	0x6F, 0xB4, 0xA3, 0x54, 0x6E, 0x88, 0x3B, 0x62,
> +	0x7C, 0x02, 0x8D, 0x4C, 0x9F, 0xC8, 0x45, 0xF4,
> +	0xC9, 0xDE, 0x4F, 0xEB, 0x22, 0x83, 0x1B, 0xE4,
> +	0x49, 0x37, 0xE4, 0xAD, 0xE7, 0xCD, 0x21, 0x54,
> +	0xBC, 0x1C, 0xC2, 0x04, 0x97, 0xB4, 0x10, 0x61,
> +	0xF0, 0xE4, 0xEF, 0x27, 0x63, 0x3A, 0xDA, 0x91,
> +	0x41, 0x25, 0x62, 0x1C, 0x5C, 0xB6, 0x38, 0x4A,
> +	0x88, 0x71, 0x59, 0x5A, 0x8D, 0xA0, 0x09, 0xAF,
> +	0x72, 0x94, 0xD7, 0x79, 0x5C, 0x60, 0x7C, 0x8F,
> +	0x4C, 0xF5, 0xD9, 0xA1, 0x39, 0x6D, 0x81, 0x28,
> +	0xEF, 0x13, 0x28, 0xDF, 0xF5, 0x3E, 0xF7, 0x8E,
> +	0x09, 0x9C, 0x78, 0x18, 0x79, 0xB8, 0x68, 0xD7,
> +	0xA8, 0x29, 0x62, 0xAD, 0xDE, 0xE1, 0x61, 0x76,
> +	0x1B, 0x05, 0x16, 0xCD, 0xBF, 0x02, 0x8E, 0xA6,
> +	0x43, 0x6E, 0x92, 0x55, 0x4F, 0x60, 0x9C, 0x03,
> +	0xB8, 0x4F, 0xA3, 0x02, 0xAC, 0xA8, 0xA7, 0x0C,
> +	0x1E, 0xB5, 0x6B, 0xF8, 0xC8, 0x4D, 0xDE, 0xD2,
> +	0xB0, 0x29, 0x6E, 0x40, 0xE6, 0xD6, 0xC9, 0xE6,
> +	0xB9, 0x0F, 0xB6, 0x63, 0xF5, 0xAA, 0x2B, 0x96,
> +	0xA7, 0x16, 0xAC, 0x4E, 0x0A, 0x33, 0x1C, 0xA6,
> +	0xE6, 0xBD, 0x8A, 0xCF, 0x40, 0xA9, 0xB2, 0xFA,
> +	0x63, 0x27, 0xFD, 0x9B, 0xD9, 0xFC, 0xD5, 0x87,
> +	0x8D, 0x4C, 0xB6, 0xA4, 0xCB, 0xE7, 0x74, 0x55,
> +	0xF4, 0xFB, 0x41, 0x25, 0xB5, 0x4B, 0x0A, 0x1B,
> +	0xB1, 0xD6, 0xB7, 0xD9, 0x47, 0x2A, 0xC3, 0x98,
> +	0x6A, 0xC4, 0x03, 0x73, 0x1F, 0x93, 0x6E, 0x53,
> +	0x19, 0x25, 0x64, 0x15, 0x83, 0xF9, 0x73, 0x2A,
> +	0x74, 0xB4, 0x93, 0x69, 0xC4, 0x72, 0xFC, 0x26,
> +	0xA2, 0x9F, 0x43, 0x45, 0xDD, 0xB9, 0xEF, 0x36,
> +	0xC8, 0x3A, 0xCD, 0x99, 0x9B, 0x54, 0x1A, 0x36,
> +	0xC1, 0x59, 0xF8, 0x98, 0xA8, 0xCC, 0x28, 0x0D,
> +	0x73, 0x4C, 0xEE, 0x98, 0xCB, 0x7C, 0x58, 0x7E,
> +	0x20, 0x75, 0x1E, 0xB7, 0xC9, 0xF8, 0xF2, 0x0E,
> +	0x63, 0x9E, 0x05, 0x78, 0x1A, 0xB6, 0xA8, 0x7A,
> +	0xF9, 0x98, 0x6A, 0xA6, 0x46, 0x84, 0x2E, 0xF6,
> +	0x4B, 0xDC, 0x9B, 0x8F, 0x9B, 0x8F, 0xEE, 0xB4,
> +	0xAA, 0x3F, 0xEE, 0xC0, 0x37, 0x27, 0x76, 0xC7,
> +	0x95, 0xBB, 0x26, 0x74, 0x69, 0x12, 0x7F, 0xF1,
> +	0xBB, 0xFF, 0xAE, 0xB5, 0x99, 0x6E, 0xCB, 0x0C,
> +	/* encrypted mac */
> +	0x39, 0x34, 0x16, 0x84, 0xE7, 0x90, 0x02, 0xB1,
> +	0x3E, 0x92, 0xCB, 0x58, 0x98, 0xBA, 0x7C, 0x98,
> +	0x8B, 0x90, 0xFB, 0x5E, 0x9D, 0x74, 0xCC, 0x56,
> +	0xE3, 0x55, 0xB1, 0xC8, 0xC8, 0x7C, 0xB2, 0xE7 };
> +
> +static const uint8_t plaintext_aes_common_short_ssl[] = {
> +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> +	0xDD, 0xDD
> +};
> +
> +static const uint8_t ciphertext512_aes128cbc_short_ssl[] = {
> +	0x6D, 0xB1, 0x23, 0x86, 0x58, 0x54, 0x83, 0xE7,
> +	0x3B, 0x27, 0x85, 0xA7, 0x06, 0xBC, 0x4A, 0xFB,
> +	0x16, 0xD8, 0x56, 0x7C, 0x39, 0xC6, 0xE7, 0x1A,
> +	0x67, 0xA8, 0x48, 0x22, 0xD6, 0xFF, 0x96, 0xB3,
> +	0xA1, 0x52, 0x52, 0x83, 0xE6, 0x2E, 0x6A, 0xC9,
> +	0x57, 0x8E, 0x34, 0x6F, 0xEE, 0x41, 0xF5, 0xBD,
> +	0x6B, 0x89, 0x31, 0x64, 0x89, 0xAB, 0xDE, 0xA7,
> +	0xBD, 0xFD, 0x46, 0x40, 0xE7, 0x13, 0x23, 0x84,
> +	0xDD, 0xCB, 0x35, 0x87, 0x4E, 0x57, 0xB7, 0x97,
> +	0x9E, 0xAB, 0xFB, 0xE7, 0x18, 0x82, 0x05, 0xDF };
> +
>  /* AES128-CTR-SHA1 test vector */
>  static const struct blockcipher_test_data aes_test_data_1 = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CTR, @@ -1409,6 +1575,50
> @@ static const struct blockcipher_test_data aes_test_data_4 = {
>  	}
>  };
> 
> +/** AES-128-CBC SHA1 test vector (SSL/TLS order) */ static const struct
> +blockcipher_test_data aes_test_data_4_ssl = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
> +		},
> +		.len = 16
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_aes_common_ssl,
> +		.len = 512
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes128cbc_ssl,
> +		.len = 512
> +	},
> +	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
> +	.auth_key = {
> +		.data = {
> +			0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
> +			0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
> +			0xDE, 0xF4, 0xDE, 0xAD
> +		},
> +		.len = 20
> +	},
> +	.digest = {
> +		.data = {
> +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60,
> +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> +			0x18, 0x8C, 0x1D, 0x32
> +		},
> +		.len = 20,
> +	}
> +};
> +
>  /** AES-128-CBC SHA256 test vector */
>  static const struct blockcipher_test_data aes_test_data_5 = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, @@ -1733,6 +1943,77
> @@ static const uint8_t ciphertext512_aes192cbc[] = {
>  	0x4F, 0x2F, 0x50, 0xE2, 0x77, 0x62, 0xD9, 0xCC  };
> 
> +static const uint8_t ciphertext512_aes192cbc_ssl[] = {
> +	0x45, 0xee, 0x9a, 0xEA, 0x3C, 0x03, 0xFC, 0x4C,
> +	0x84, 0x36, 0xB0, 0xDA, 0xB0, 0xDC, 0xF3, 0x5B,
> +	0x75, 0xA7, 0xBE, 0x0E, 0xC0, 0x8D, 0x6C, 0xF8,
> +	0xC1, 0x0F, 0xD0, 0x35, 0x1D, 0x82, 0xAE, 0x7C,
> +	0x57, 0xC5, 0x7A, 0x55, 0x87, 0x1B, 0xD4, 0x03,
> +	0x0A, 0x64, 0xC9, 0xE0, 0xF4, 0xC7, 0x6F, 0x57,
> +	0x52, 0xC6, 0x73, 0xBA, 0x84, 0x0B, 0x5B, 0x89,
> +	0x21, 0xD2, 0x9B, 0x88, 0x68, 0xF5, 0xA9, 0x7F,
> +	0x3F, 0x49, 0xEB, 0xF4, 0xD4, 0x52, 0xD2, 0x64,
> +	0x80, 0xB2, 0x53, 0xDA, 0x19, 0xF6, 0x10, 0x24,
> +	0x23, 0x26, 0x7A, 0x7C, 0x07, 0x57, 0x4B, 0x0E,
> +	0x58, 0x49, 0x61, 0xD1, 0xDC, 0x9A, 0x32, 0x6B,
> +	0x0F, 0x43, 0x9E, 0x4D, 0xB4, 0x07, 0x4E, 0xB3,
> +	0x51, 0x74, 0xDE, 0x29, 0xBC, 0x98, 0xF9, 0xDF,
> +	0x78, 0x9A, 0x18, 0x9C, 0xD6, 0x7A, 0x55, 0x7C,
> +	0xE6, 0x1D, 0x5C, 0x1A, 0x99, 0xD2, 0xC3, 0x7B,
> +	0x9F, 0x96, 0x74, 0x2D, 0xE0, 0xEF, 0xD1, 0xE3,
> +	0x08, 0x9F, 0xAF, 0xE6, 0xED, 0xCA, 0xE1, 0xEA,
> +	0x23, 0x6F, 0x7C, 0x81, 0xA8, 0xC0, 0x5B, 0x8B,
> +	0x53, 0x90, 0x51, 0x2D, 0x0F, 0xF6, 0x7D, 0xA7,
> +	0x1C, 0xBD, 0x83, 0x84, 0x54, 0xA4, 0x15, 0xFB,
> +	0x3E, 0x25, 0xA7, 0x3A, 0x0A, 0x73, 0xD9, 0x88,
> +	0x6F, 0x80, 0x78, 0x95, 0x7F, 0x60, 0xAA, 0x86,
> +	0x8A, 0xFC, 0xDF, 0xC1, 0xCB, 0xDE, 0xBB, 0x25,
> +	0x52, 0x20, 0xC6, 0x79, 0xD4, 0x0F, 0x25, 0xE7,
> +	0xDB, 0xB2, 0x17, 0xA4, 0x6F, 0x3C, 0x6F, 0x91,
> +	0xF6, 0x44, 0x1E, 0xB6, 0x85, 0xBC, 0x7A, 0x14,
> +	0x10, 0x72, 0xBD, 0x16, 0x63, 0x39, 0x9E, 0x7B,
> +	0x84, 0x5B, 0x17, 0x61, 0xB1, 0x5D, 0x82, 0x0B,
> +	0x6D, 0x37, 0xD7, 0x79, 0xB8, 0x24, 0x91, 0x30,
> +	0x82, 0x91, 0x02, 0xB1, 0x18, 0x4B, 0xE0, 0xF4,
> +	0x13, 0x1B, 0xB2, 0x4C, 0xDA, 0xB8, 0x99, 0x96,
> +	0x83, 0x2F, 0xBE, 0x53, 0x8D, 0xDE, 0xFA, 0xAD,
> +	0xF6, 0x5C, 0xDB, 0xE5, 0x66, 0x26, 0x8F, 0x13,
> +	0x2B, 0x76, 0x47, 0x73, 0xDE, 0x1A, 0x74, 0xA6,
> +	0x30, 0xAF, 0x42, 0xA0, 0xE5, 0xD2, 0x8F, 0xC2,
> +	0xED, 0x3E, 0x9E, 0x29, 0x54, 0x3C, 0xDE, 0x9F,
> +	0x5D, 0x30, 0x2B, 0x63, 0xFB, 0xE3, 0xB1, 0x07,
> +	0xEE, 0x74, 0x4A, 0xAF, 0xB1, 0x20, 0x8D, 0xEC,
> +	0xE6, 0x78, 0x16, 0x8D, 0xA4, 0x6E, 0x34, 0x7D,
> +	0x47, 0xFB, 0x0B, 0xC1, 0x32, 0xD7, 0x0D, 0x6C,
> +	0x6F, 0x93, 0x9C, 0x5E, 0xEF, 0x1F, 0x9C, 0x45,
> +	0x80, 0x6B, 0x74, 0xA6, 0x81, 0xF2, 0xF6, 0xFA,
> +	0xAA, 0x9D, 0x4F, 0xCA, 0xB5, 0x90, 0x59, 0xB0,
> +	0x3B, 0xF2, 0xF0, 0x75, 0xFD, 0x8A, 0xD8, 0x97,
> +	0x65, 0x88, 0x56, 0x4C, 0x44, 0xDF, 0x73, 0xF7,
> +	0x56, 0x9C, 0x48, 0x7E, 0xB0, 0x1F, 0x1D, 0x7D,
> +	0x6A, 0x11, 0xF5, 0xC2, 0xF4, 0x17, 0xEF, 0x58,
> +	0xD8, 0x2A, 0xAF, 0x56, 0x2F, 0xCF, 0xEC, 0xA4,
> +	0x58, 0x8B, 0x60, 0xCE, 0xD4, 0x0F, 0x9C, 0x21,
> +	0xEC, 0x3E, 0x74, 0x7B, 0x81, 0x3D, 0x69, 0xC6,
> +	0x5E, 0x12, 0x83, 0xE9, 0xEF, 0x81, 0x58, 0x36,
> +	0x6A, 0x60, 0x0F, 0x54, 0x28, 0x11, 0xF9, 0x64,
> +	0x36, 0xAD, 0x79, 0xF5, 0x1C, 0x74, 0xD0, 0xC3,
> +	0x7B, 0x61, 0xE1, 0x92, 0xB0, 0x13, 0x91, 0x87,
> +	0x32, 0x1F, 0xF2, 0x5A, 0xDA, 0x25, 0x69, 0xEB,
> +	0xD7, 0x32, 0x7F, 0xF5, 0x23, 0x21, 0x54, 0x47,
> +	0x7B, 0x1B, 0x33, 0xB0, 0x3D, 0xF6, 0xE2, 0x7E,
> +	0x3E, 0xA2, 0x9E, 0xCA, 0x48, 0x0B, 0x4A, 0x29,
> +	0x81, 0xD4, 0x4E, 0xD5, 0x69, 0xFB, 0xCD, 0x37,
> +	0x8A, 0xC1, 0x5B, 0x50, 0xFF, 0xB5, 0x7D, 0x43,
> +	0x0F, 0xAE, 0xA6, 0xC2, 0xE5, 0x8F, 0x45, 0xB2,
> +	0x85, 0x99, 0x02, 0xA2, 0x9B, 0xBE, 0x90, 0x43,
> +	0x4F, 0x2F, 0x50, 0xE2, 0x77, 0x62, 0xD9, 0xCC,
> +	0x5D, 0x93, 0x6A, 0x97, 0xFB, 0x1D, 0x01, 0x17,
> +	0x90, 0x61, 0x41, 0xD5, 0x5C, 0x43, 0x60, 0xBC,
> +	0x21, 0x04, 0x5B, 0xB9, 0xFF, 0x75, 0xF8, 0x1F,
> +	0x5C, 0x85, 0x91, 0x08, 0x02, 0xA2, 0xFD, 0x88, };
> +
>  /** AES-192-CBC test vector */
>  static const struct blockcipher_test_data aes_test_data_10 = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, @@ -1761,6 +2042,51
> @@ static const struct blockcipher_test_data aes_test_data_10 = {
>  	}
>  };
> 
> +/** AES-192-CBC SHA1 test vector (SSL/TLS order) */ static const struct
> +blockcipher_test_data aes_test_data_10_ssl = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
> +			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0
> +		},
> +		.len = 24
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_aes_common_ssl,
> +		.len = 512
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes192cbc_ssl,
> +		.len = 512
> +	},
> +	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
> +	.auth_key = {
> +		.data = {
> +			0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
> +			0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
> +			0xDE, 0xF4, 0xDE, 0xAD
> +		},
> +		.len = 20
> +	},
> +	.digest = {
> +		.data = {
> +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60,
> +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> +			0x18, 0x8C, 0x1D, 0x32
> +		},
> +		.len = 20,
> +	}
> +};
> +
>  static const uint8_t ciphertext512_aes256cbc[] = {
>  	0xF3, 0xDD, 0xF0, 0x0B, 0xFF, 0xA2, 0x6A, 0x04,
>  	0xBE, 0xDA, 0x52, 0xA6, 0xFE, 0x6B, 0xA6, 0xA7, @@ -1828,6 +2154,77
> @@ static const uint8_t ciphertext512_aes256cbc[] = {
>  	0xB7, 0x1C, 0x6D, 0xF2, 0xAE, 0x79, 0xA4, 0x7C  };
> 
> +static const uint8_t ciphertext512_aes256cbc_ssl[] = {
> +	0xF3, 0xDD, 0xF0, 0x0B, 0xFF, 0xA2, 0x6A, 0x04,
> +	0xBE, 0xDA, 0x52, 0xA6, 0xFE, 0x6B, 0xA6, 0xA7,
> +	0x48, 0x1D, 0x7D, 0x98, 0x65, 0xDB, 0xEF, 0x06,
> +	0x26, 0xB5, 0x8E, 0xEB, 0x05, 0x0E, 0x77, 0x98,
> +	0x17, 0x8E, 0xD0, 0xD4, 0x7B, 0x92, 0x8F, 0x5C,
> +	0xD0, 0x74, 0x5C, 0xA8, 0x4B, 0x54, 0xB6, 0x2F,
> +	0x83, 0x72, 0x2C, 0xFF, 0x72, 0xE9, 0xE4, 0x15,
> +	0x4C, 0x32, 0xAF, 0xC8, 0xC9, 0x89, 0x3C, 0x6E,
> +	0x31, 0xD5, 0xC0, 0x16, 0xC0, 0x31, 0x7D, 0x11,
> +	0xAB, 0xCB, 0xDE, 0xD2, 0xD6, 0xAA, 0x76, 0x5E,
> +	0xBA, 0xF6, 0xE2, 0x92, 0xCB, 0x86, 0x07, 0xFA,
> +	0xD4, 0x9E, 0x83, 0xED, 0xFD, 0xB8, 0x70, 0x54,
> +	0x6B, 0xBE, 0xEC, 0x72, 0xDD, 0x28, 0x5E, 0x95,
> +	0x78, 0xA5, 0x28, 0x43, 0x3D, 0x6D, 0xB1, 0xD9,
> +	0x69, 0x1F, 0xC9, 0x66, 0x0E, 0x32, 0x44, 0x08,
> +	0xD2, 0xAE, 0x2C, 0x43, 0xF2, 0xD0, 0x7D, 0x26,
> +	0x70, 0xE5, 0xA1, 0xCA, 0x37, 0xE9, 0x7D, 0xC7,
> +	0xA3, 0xFA, 0x81, 0x91, 0x64, 0xAA, 0x64, 0x91,
> +	0x9A, 0x95, 0x2D, 0xC9, 0xF9, 0xCE, 0xFE, 0x9F,
> +	0xC4, 0xD8, 0x81, 0xBE, 0x57, 0x84, 0xC5, 0x02,
> +	0xDB, 0x30, 0xC1, 0xD9, 0x0E, 0xA0, 0xA6, 0x00,
> +	0xD6, 0xF3, 0x52, 0x7E, 0x0D, 0x23, 0x6B, 0x2B,
> +	0x34, 0x99, 0x1F, 0x70, 0x27, 0x6D, 0x58, 0x84,
> +	0x93, 0x77, 0xB8, 0x3E, 0xF1, 0x71, 0x58, 0x42,
> +	0x8B, 0x2B, 0xC8, 0x6D, 0x05, 0x84, 0xFF, 0x4E,
> +	0x85, 0xEF, 0x4A, 0x9D, 0x91, 0x6A, 0xD5, 0xE1,
> +	0xAF, 0x01, 0xEB, 0x83, 0x8F, 0x23, 0x7C, 0x7F,
> +	0x12, 0x91, 0x05, 0xF0, 0x4E, 0xD9, 0x17, 0x62,
> +	0x75, 0xBB, 0xAC, 0x97, 0xEE, 0x3B, 0x4E, 0xC7,
> +	0xE5, 0x92, 0xF8, 0x9D, 0x4C, 0xF9, 0xEE, 0x55,
> +	0x18, 0xBB, 0xCC, 0xB4, 0xF2, 0x59, 0xB9, 0xFC,
> +	0x7A, 0x0F, 0x98, 0xD4, 0x8B, 0xFE, 0xF7, 0x83,
> +	0x46, 0xE2, 0x83, 0x33, 0x3E, 0x95, 0x8D, 0x17,
> +	0x1E, 0x85, 0xF8, 0x8C, 0x51, 0xB0, 0x6C, 0xB5,
> +	0x5E, 0x95, 0xBA, 0x4B, 0x69, 0x1B, 0x48, 0x69,
> +	0x0B, 0x8F, 0xA5, 0x18, 0x13, 0xB9, 0x77, 0xD1,
> +	0x80, 0x32, 0x32, 0x6D, 0x53, 0xA1, 0x95, 0x40,
> +	0x96, 0x8A, 0xCC, 0xA3, 0x69, 0xF8, 0x9F, 0xB5,
> +	0x8E, 0xD2, 0x68, 0x07, 0x4F, 0xA7, 0xEC, 0xF8,
> +	0x20, 0x21, 0x58, 0xF8, 0xD8, 0x9E, 0x5F, 0x40,
> +	0xBA, 0xB9, 0x76, 0x57, 0x3B, 0x17, 0xAD, 0xEE,
> +	0xCB, 0xDF, 0x07, 0xC1, 0xDF, 0x66, 0xA8, 0x0D,
> +	0xC2, 0xCE, 0x8F, 0x79, 0xC3, 0x32, 0xE0, 0x8C,
> +	0xFE, 0x5A, 0xF3, 0x55, 0x27, 0x73, 0x6F, 0xA1,
> +	0x54, 0xC6, 0xFC, 0x28, 0x9D, 0xBE, 0x97, 0xB9,
> +	0x54, 0x97, 0x72, 0x3A, 0x61, 0xAF, 0x6F, 0xDE,
> +	0xF8, 0x0E, 0xBB, 0x6B, 0x96, 0x84, 0xDD, 0x9B,
> +	0x62, 0xBA, 0x47, 0xB5, 0xC9, 0x3B, 0x4E, 0x8C,
> +	0x78, 0x2A, 0xCC, 0x0A, 0x69, 0x54, 0x25, 0x5E,
> +	0x8B, 0xAC, 0x56, 0xD9, 0xFE, 0x48, 0xBA, 0xCE,
> +	0xA9, 0xCE, 0xA6, 0x1D, 0xBF, 0x3E, 0x3C, 0x66,
> +	0x40, 0x71, 0x79, 0xAD, 0x5B, 0x26, 0xAD, 0xBE,
> +	0x58, 0x13, 0x64, 0x60, 0x7C, 0x05, 0xFC, 0xE3,
> +	0x51, 0x7A, 0xF2, 0xCC, 0x54, 0x16, 0x2C, 0xA4,
> +	0xCE, 0x5F, 0x59, 0x12, 0x77, 0xEB, 0xD9, 0x23,
> +	0xE3, 0x86, 0xFB, 0xD7, 0x48, 0x76, 0x9D, 0xE3,
> +	0x89, 0x87, 0x39, 0xFA, 0x7B, 0x21, 0x0B, 0x76,
> +	0xB2, 0xED, 0x1C, 0x27, 0x4B, 0xD5, 0x27, 0x05,
> +	0x8C, 0x7D, 0x58, 0x6C, 0xCA, 0xA5, 0x54, 0x9A,
> +	0x0F, 0xCB, 0xE9, 0x88, 0x31, 0xAD, 0x49, 0xEE,
> +	0x38, 0xFB, 0xC9, 0xFB, 0xB4, 0x7A, 0x00, 0x58,
> +	0x20, 0x32, 0xD3, 0x53, 0x5A, 0xDD, 0x74, 0x95,
> +	0x60, 0x59, 0x09, 0xAE, 0x7E, 0xEC, 0x74, 0xA3,
> +	0xB7, 0x1C, 0x6D, 0xF2, 0xAE, 0x79, 0xA4, 0x7C,
> +	0x50, 0xB1, 0x8D, 0x56, 0x22, 0x75, 0xD6, 0x8F,
> +	0x93, 0xB5, 0xED, 0xE8, 0x3D, 0x20, 0x4F, 0x9F,
> +	0x80, 0x2F, 0x56, 0x95, 0xA0, 0x80, 0xC6, 0xC2,
> +	0xA8, 0x27, 0xFB, 0x48, 0x96, 0x58, 0xA1, 0x93, };
> +
>  /** AES-256-CBC test vector */
>  static const struct blockcipher_test_data aes_test_data_11 = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, @@ -1857,6 +2254,52
> @@ static const struct blockcipher_test_data aes_test_data_11 = {
>  	}
>  };
> 
> +/** AES-256-CBC SHA1 test vector (SSL/TLS order) */ static const struct
> +blockcipher_test_data aes_test_data_11_ssl = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
> +			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0,
> +			0x37, 0x07, 0xB8, 0x23, 0xA2, 0xA3, 0xB5, 0x8D
> +		},
> +		.len = 32
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_aes_common_ssl,
> +		.len = 512
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes256cbc_ssl,
> +		.len = 512
> +	},
> +	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
> +	.auth_key = {
> +		.data = {
> +			0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
> +			0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
> +			0xDE, 0xF4, 0xDE, 0xAD
> +		},
> +		.len = 20
> +	},
> +	.digest = {
> +		.data = {
> +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60,
> +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> +			0x18, 0x8C, 0x1D, 0x32
> +		},
> +		.len = 20,
> +	}
> +};
> +
>  /** AES-128-CBC SHA256 HMAC test vector (160 bytes) */  static const struct
> blockcipher_test_data aes_test_data_12 = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, @@ -1949,6 +2392,50
> @@ static const struct blockcipher_test_data aes_test_data_13 = {
>  	}
>  };
> 
> +/** AES-128-CBC SHA1 test vector (SSL/TLS order) */ static const struct
> +blockcipher_test_data aes_test_data_13_ssl = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
> +		},
> +		.len = 16
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_aes_common_short_ssl,
> +		.len = 50
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes128cbc_short_ssl,
> +		.len = 50
> +	},
> +	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
> +	.auth_key = {
> +		.data = {
> +			0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
> +			0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
> +			0xAA, 0xAA, 0xAA, 0xAA
> +		},
> +		.len = 20
> +	},
> +	.digest = {
> +		.data = {
> +			0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD,
> +			0x91, 0xA3, 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F,
> +			0x63, 0xF1, 0x75, 0xD3
> +		},
> +		.len = 20,
> +	}
> +};
> +
>  /** XTS-AES-128 test vector (2 keys * 128 bit) */  static const uint8_t
> plaintext_aes128xts_16bytes[] = {
>  	0xEB, 0xAB, 0xCE, 0x95, 0xB1, 0x4D, 0x3C, 0x8D, @@ -2886,6 +3373,95
> @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
>  		.test_data = &aes_test_data_21,
>  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
>  	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest"
> +			"(SSL/TLS order)",
> +		.test_data = &aes_test_data_4_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> +			"Scatter Gather (SSL/TLS order)",
> +		.test_data = &aes_test_data_4_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> +			"(short buffers) (SSL/TLS order)",
> +		.test_data = &aes_test_data_13_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> +			"Scatter Gather (SSL/TLS order)",
> +		.test_data = &aes_test_data_4_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
> +	},
> +	{
> +		.test_descr = "AES-192-CBC HMAC-SHA1 Encryption Digest "
> +			"Sessionless (SSL/TLS order)",
> +		.test_data = &aes_test_data_10_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> +	},
> +	{
> +		.test_descr = "AES-256-CBC HMAC-SHA1 Encryption Digest "
> +			"Scatter Gather Sessionless (SSL/TLS order)",
> +		.test_data = &aes_test_data_11_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +			BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify (SSL/TLS order)",
> +		.test_data = &aes_test_data_4_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Scatter Gather (SSL/TLS order)",
> +		.test_data = &aes_test_data_4_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify (short buffers) (SSL/TLS order)",
> +		.test_data = &aes_test_data_13_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Scatter Gather (SSL/TLS order)",
> +		.test_data = &aes_test_data_4_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
> +	},
> +	{
> +		.test_descr = "AES-256-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Sessionless (SSL/TLS order)",
> +		.test_data = &aes_test_data_11_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> +	},
> +	{
> +		.test_descr = "AES-192-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Scatter Gather Sessionless (SSL/TLS order)",
> +		.test_data = &aes_test_data_10_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS |
> +				BLOCKCIPHER_TEST_FEATURE_SG,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Sessionless (SSL/TLS order)",
> +		.test_data = &aes_test_data_4_ssl,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> +	}
>  };
> 
>  static const struct blockcipher_test_case aes_docsis_test_cases[] = { diff --git
> a/app/test/test_cryptodev_blockcipher.c
> b/app/test/test_cryptodev_blockcipher.c
> index 135e57b9fa..9d112d033c 100644
> --- a/app/test/test_cryptodev_blockcipher.c
> +++ b/app/test/test_cryptodev_blockcipher.c
> @@ -94,6 +94,7 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  	uint8_t dst_pattern = 0xb6;
>  	uint8_t tmp_src_buf[MBUF_SIZE];
>  	uint8_t tmp_dst_buf[MBUF_SIZE];
> +	uint32_t pad_len;
> 
>  	int nb_segs = 1;
>  	uint32_t nb_iterates = 0;
> @@ -185,6 +186,22 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH)
>  		buf_len += digest_len;
> 
> +	/* only aes-cbc cipher is supported for
> +	 * auth followed by encryption case
> +	 */
[Arek] - I though that without extension all non-AEAD algorithms (excluding AES-CCM) are MAC-then-encrypt in TLS.

> +	if ((t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER) &&
> +		(t->test_data->crypto_algo != RTE_CRYPTO_CIPHER_AES_CBC))
> {
> +		snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> +			"line %u FAILED: %s",
> +			__LINE__, "Unsupported cipher algorithm");
> +		status = TEST_FAILED;
> +		goto error_exit;
> +	}
> +
> +	pad_len = RTE_ALIGN(buf_len, 16) - buf_len;
> +	if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
> +		buf_len += pad_len;
> +
>  	/* for contiguous mbuf, nb_segs is 1 */
>  	ibuf = create_segmented_mbuf(mbuf_pool,
>  			tdata->ciphertext.len, nb_segs, src_pattern); @@ -
> 209,9 +226,31 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
> 
>  	buf_p = rte_pktmbuf_append(ibuf, digest_len);
>  	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
> -		rte_memcpy(buf_p, tdata->digest.data, digest_len);
> +		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
> +			rte_memcpy(buf_p,
> +				tdata->ciphertext.data + tdata->ciphertext.len,
> +				 digest_len);
> +		else
> +			rte_memcpy(buf_p, tdata->digest.data, digest_len);
>  	else
>  		memset(buf_p, 0, digest_len);
> +	if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER) {
> +		buf_p = rte_pktmbuf_append(ibuf, pad_len);
> +		if (!buf_p) {
> +			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line
> %u "
> +				"FAILED: %s", __LINE__,
> +				"No room to append mbuf");
> +			status = TEST_FAILED;
> +			goto error_exit;
> +		}
> +		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY) {
> +			const uint8_t *temp_p = tdata->ciphertext.data +
> +					tdata->ciphertext.len +
> +					digest_len;
> +			rte_memcpy(buf_p, temp_p, pad_len);
> +		} else
> +			memset(buf_p, 0xa5, pad_len);
> +	}
> 
>  	if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP) {
>  		obuf = rte_pktmbuf_alloc(mbuf_pool);
> @@ -224,7 +263,7 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  		}
>  		memset(obuf->buf_addr, dst_pattern, obuf->buf_len);
> 
> -		buf_p = rte_pktmbuf_append(obuf, buf_len);
> +		buf_p = rte_pktmbuf_append(obuf, buf_len + pad_len);
>  		if (!buf_p) {
>  			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line
> %u "
>  				"FAILED: %s", __LINE__,
> @@ -359,6 +398,26 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  			cipher_xform->next = NULL;
>  			init_xform = auth_xform;
>  		}
> +	} else if (t->op_mask == BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC) {
> +		if (t->feature_mask &
> BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
> +			auth_xform = op->sym->xform;
> +			cipher_xform = auth_xform->next;
> +			cipher_xform->next = NULL;
> +		} else {
> +			auth_xform->next = cipher_xform;
> +			cipher_xform->next = NULL;
> +			init_xform = auth_xform;
> +		}
> +	} else if (t->op_mask == BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY) {
> +		if (t->feature_mask &
> BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
> +			cipher_xform = op->sym->xform;
> +			auth_xform = cipher_xform->next;
> +			auth_xform->next = NULL;
> +		} else {
> +			cipher_xform->next = auth_xform;
> +			auth_xform->next = NULL;
> +			init_xform = cipher_xform;
> +		}
>  	} else if ((t->op_mask == BLOCKCIPHER_TEST_OP_ENCRYPT) ||
>  			(t->op_mask == BLOCKCIPHER_TEST_OP_DECRYPT)) {
>  		if (t->feature_mask &
> BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)
> @@ -403,6 +462,10 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  		sym_op->cipher.data.offset = tdata->cipher_offset;
>  		sym_op->cipher.data.length = tdata->ciphertext.len -
>  				tdata->cipher_offset;
> +		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER) {
> +			sym_op->cipher.data.length += tdata->digest.len;
> +			sym_op->cipher.data.length += pad_len;
> +		}
>  		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *,
> IV_OFFSET),
>  				tdata->iv.data,
>  				tdata->iv.len);
> @@ -540,6 +603,8 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  					tdata->cipher_offset;
>  			compare_len = tdata->ciphertext.len -
>  					tdata->cipher_offset;
> +			if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
> +				compare_len += tdata->digest.len;
>  		} else {
>  			compare_ref = tdata->plaintext.data +
>  					tdata->cipher_offset;
> @@ -558,18 +623,20 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  		}
>  	}
> 
> -	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> -		uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> -					tdata->ciphertext.len);
> +	/* Check digest data only in enc-then-auth_gen case */
> +	if (!(t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER))
> +		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> +			uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> +						tdata->ciphertext.len);
> 
> -		if (memcmp(auth_res, tdata->digest.data, digest_len)) {
> -			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line
> %u "
> -				"FAILED: %s", __LINE__, "Generated "
> -				"digest data not as expected");
> -			status = TEST_FAILED;
> -			goto error_exit;
> +			if (memcmp(auth_res, tdata->digest.data, digest_len)) {
> +				snprintf(test_msg,
> BLOCKCIPHER_TEST_MSG_LEN, "line %u "
> +					"FAILED: %s", __LINE__, "Generated "
> +					"digest data not as expected");
> +				status = TEST_FAILED;
> +				goto error_exit;
> +			}
>  		}
> -	}
> 
>  	/* The only parts that should have changed in the buffer are
>  	 * plaintext/ciphertext and digest.
> @@ -631,6 +698,10 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  			changed_len = sym_op->cipher.data.length;
>  		}
> 
> +		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
> +			changed_len = sym_op->cipher.data.length +
> +				digest_len + pad_len;
> +
>  		for (i = 0; i < mbuf->buf_len; i++) {
>  			if (i == head_unchanged_len)
>  				i += changed_len;
> @@ -687,6 +758,9 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
>  			changed_len += digest_len;
> 
> +		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
> +			changed_len = sym_op->cipher.data.length;
> +
>  		for (i = 0; i < mbuf->buf_len; i++) {
> 
>  			/* Skip headroom used by PMD */
> diff --git a/app/test/test_cryptodev_blockcipher.h
> b/app/test/test_cryptodev_blockcipher.h
> index 8990716844..c72cfe5342 100644
> --- a/app/test/test_cryptodev_blockcipher.h
> +++ b/app/test/test_cryptodev_blockcipher.h
> @@ -13,6 +13,7 @@
>  #define BLOCKCIPHER_TEST_OP_DECRYPT		0x02
>  #define BLOCKCIPHER_TEST_OP_AUTH_GEN	0x04
>  #define BLOCKCIPHER_TEST_OP_AUTH_VERIFY	0x08
> +#define BLOCKCIPHER_TEST_OP_SSL_ORDER	0x10
> 
>  #define BLOCKCIPHER_TEST_FEATURE_OOP			0x01
>  #define BLOCKCIPHER_TEST_FEATURE_SESSIONLESS	0x02
> @@ -31,6 +32,14 @@
>  #define BLOCKCIPHER_TEST_OP_AUTH_VERIFY_DEC
> 	(BLOCKCIPHER_TEST_OP_DECRYPT | \
> 
> 	BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
> 
> +#define BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC
> 	(BLOCKCIPHER_TEST_OP_ENCRYPT | \
> +					BLOCKCIPHER_TEST_OP_AUTH_GEN |
> \
> +					BLOCKCIPHER_TEST_OP_SSL_ORDER)
> +
> +#define BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY
> 	(BLOCKCIPHER_TEST_OP_DECRYPT | \
> +					BLOCKCIPHER_TEST_OP_AUTH_VERIFY
> | \
> +					BLOCKCIPHER_TEST_OP_SSL_ORDER)
> +
>  enum blockcipher_test_type {
>  	BLKCIPHER_AES_CHAIN_TYPE,	/* use aes_chain_test_cases[] */
>  	BLKCIPHER_AES_CIPHERONLY_TYPE,	/* use
> aes_cipheronly_test_cases[] */
> diff --git a/doc/guides/rel_notes/release_21_02.rst
> b/doc/guides/rel_notes/release_21_02.rst
> index d1d4b25665..eb2d4ab2d9 100644
> --- a/doc/guides/rel_notes/release_21_02.rst
> +++ b/doc/guides/rel_notes/release_21_02.rst
> @@ -61,6 +61,12 @@ New Features
>      followed by encryption and decryption followed by auth verify in OCTEONT
> TX
>      and OCTEON TX2 crypto PMDs.
> 
> +* **Updated unit test sample application.**
> +
> +  * Added SSL/TLS way of cipher-auth operations support i.e. auth generation
> +    followed by encryption and decryption followed by auth verify in sample
> +    unit test application.
> +
> 
>  Removed Items
>  -------------
> --
> 2.27.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of cipher-auth operations
  2021-01-21  9:26   ` Kusztal, ArkadiuszX
@ 2021-01-21 10:02     ` Tejasree Kondoj
  0 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2021-01-21 10:02 UTC (permalink / raw)
  To: Kusztal, ArkadiuszX, Akhil Goyal, Nicolau, Radu
  Cc: Anoob Joseph, Ankur Dwivedi, dev

Hi Arek,

Please see inline.

Thanks
Tejasree

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, January 21, 2021 2:56 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Akhil Goyal
> <akhil.goyal@nxp.com>; Nicolau, Radu <radu.nicolau@intel.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; dev@dpdk.org
> Subject: [EXT] RE: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way
> of cipher-auth operations
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Tejasree,
> 
> > -----Original Message-----
> > From: dev <dev-bounces@dpdk.org> On Behalf Of Tejasree Kondoj
> > Sent: piątek, 18 grudnia 2020 15:10
> > To: Akhil Goyal <akhil.goyal@nxp.com>; Nicolau, Radu
> > <radu.nicolau@intel.com>
> > Cc: Tejasree Kondoj <ktejasree@marvell.com>; Anoob Joseph
> > <anoobj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> > dev@dpdk.org
> > Subject: [dpdk-dev] [PATCH 2/2] test/crypto: support SSL/TLS way of
> > cipher-auth operations
> >
> > Adding support for SSL/TLS way of cipher-auth operations order
> >     - auth generation followed by encryption
> >     - decryption followed by auth verify
> >
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > ---
> >  app/test/test_cryptodev_aes_test_vectors.h | 576
> +++++++++++++++++++++
> >  app/test/test_cryptodev_blockcipher.c      |  98 +++-
> >  app/test/test_cryptodev_blockcipher.h      |   9 +
> >  doc/guides/rel_notes/release_21_02.rst     |   6 +
> >  4 files changed, 677 insertions(+), 12 deletions(-)
> >
> > diff --git a/app/test/test_cryptodev_aes_test_vectors.h
> > b/app/test/test_cryptodev_aes_test_vectors.h
> > index c192d75a7e..c239c1cb35 100644
> > --- a/app/test/test_cryptodev_aes_test_vectors.h
> > +++ b/app/test/test_cryptodev_aes_test_vectors.h
> > @@ -1093,6 +1093,172 @@ static const uint8_t
> > ciphertext512_aes128cbc_aad[] = {
> >  	0x73, 0x65, 0x72, 0x73, 0x2C, 0x20, 0x73, 0x75  };
> >
> > +static const uint8_t plaintext_aes_common_ssl[] = {
> > +	0x57, 0x68, 0x61, 0x74, 0x20, 0x61, 0x20, 0x6C,
> > +	0x6F, 0x75, 0x73, 0x79, 0x20, 0x65, 0x61, 0x72,
> > +	0x74, 0x68, 0x21, 0x20, 0x48, 0x65, 0x20, 0x77,
> > +	0x6F, 0x6E, 0x64, 0x65, 0x72, 0x65, 0x64, 0x20,
> > +	0x68, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E, 0x79,
> > +	0x20, 0x70, 0x65, 0x6F, 0x70, 0x6C, 0x65, 0x20,
> > +	0x77, 0x65, 0x72, 0x65, 0x20, 0x64, 0x65, 0x73,
> > +	0x74, 0x69, 0x74, 0x75, 0x74, 0x65, 0x20, 0x74,
> > +	0x68, 0x61, 0x74, 0x20, 0x73, 0x61, 0x6D, 0x65,
> > +	0x20, 0x6E, 0x69, 0x67, 0x68, 0x74, 0x20, 0x65,
> > +	0x76, 0x65, 0x6E, 0x20, 0x69, 0x6E, 0x20, 0x68,
> > +	0x69, 0x73, 0x20, 0x6F, 0x77, 0x6E, 0x20, 0x70,
> > +	0x72, 0x6F, 0x73, 0x70, 0x65, 0x72, 0x6F, 0x75,
> > +	0x73, 0x20, 0x63, 0x6F, 0x75, 0x6E, 0x74, 0x72,
> > +	0x79, 0x2C, 0x20, 0x68, 0x6F, 0x77, 0x20, 0x6D,
> > +	0x61, 0x6E, 0x79, 0x20, 0x68, 0x6F, 0x6D, 0x65,
> > +	0x73, 0x20, 0x77, 0x65, 0x72, 0x65, 0x20, 0x73,
> > +	0x68, 0x61, 0x6E, 0x74, 0x69, 0x65, 0x73, 0x2C,
> > +	0x20, 0x68, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E,
> > +	0x79, 0x20, 0x68, 0x75, 0x73, 0x62, 0x61, 0x6E,
> > +	0x64, 0x73, 0x20, 0x77, 0x65, 0x72, 0x65, 0x20,
> > +	0x64, 0x72, 0x75, 0x6E, 0x6B, 0x20, 0x61, 0x6E,
> > +	0x64, 0x20, 0x77, 0x69, 0x76, 0x65, 0x73, 0x20,
> > +	0x73, 0x6F, 0x63, 0x6B, 0x65, 0x64, 0x2C, 0x20,
> > +	0x61, 0x6E, 0x64, 0x20, 0x68, 0x6F, 0x77, 0x20,
> > +	0x6D, 0x61, 0x6E, 0x79, 0x20, 0x63, 0x68, 0x69,
> > +	0x6C, 0x64, 0x72, 0x65, 0x6E, 0x20, 0x77, 0x65,
> > +	0x72, 0x65, 0x20, 0x62, 0x75, 0x6C, 0x6C, 0x69,
> > +	0x65, 0x64, 0x2C, 0x20, 0x61, 0x62, 0x75, 0x73,
> > +	0x65, 0x64, 0x2C, 0x20, 0x6F, 0x72, 0x20, 0x61,
> > +	0x62, 0x61, 0x6E, 0x64, 0x6F, 0x6E, 0x65, 0x64,
> > +	0x2E, 0x20, 0x48, 0x6F, 0x77, 0x20, 0x6D, 0x61,
> > +	0x6E, 0x79, 0x20, 0x66, 0x61, 0x6D, 0x69, 0x6C,
> > +	0x69, 0x65, 0x73, 0x20, 0x68, 0x75, 0x6E, 0x67,
> > +	0x65, 0x72, 0x65, 0x64, 0x20, 0x66, 0x6F, 0x72,
> > +	0x20, 0x66, 0x6F, 0x6F, 0x64, 0x20, 0x74, 0x68,
> > +	0x65, 0x79, 0x20, 0x63, 0x6F, 0x75, 0x6C, 0x64,
> > +	0x20, 0x6E, 0x6F, 0x74, 0x20, 0x61, 0x66, 0x66,
> > +	0x6F, 0x72, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x62,
> > +	0x75, 0x79, 0x3F, 0x20, 0x48, 0x6F, 0x77, 0x20,
> > +	0x6D, 0x61, 0x6E, 0x79, 0x20, 0x68, 0x65, 0x61,
> > +	0x72, 0x74, 0x73, 0x20, 0x77, 0x65, 0x72, 0x65,
> > +	0x20, 0x62, 0x72, 0x6F, 0x6B, 0x65, 0x6E, 0x3F,
> > +	0x20, 0x48, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E,
> > +	0x79, 0x20, 0x73, 0x75, 0x69, 0x63, 0x69, 0x64,
> > +	0x65, 0x73, 0x20, 0x77, 0x6F, 0x75, 0x6C, 0x64,
> > +	0x20, 0x74, 0x61, 0x6B, 0x65, 0x20, 0x70, 0x6C,
> > +	0x61, 0x63, 0x65, 0x20, 0x74, 0x68, 0x61, 0x74,
> > +	0x20, 0x73, 0x61, 0x6D, 0x65, 0x20, 0x6E, 0x69,
> > +	0x67, 0x68, 0x74, 0x2C, 0x20, 0x68, 0x6F, 0x77,
> > +	0x20, 0x6D, 0x61, 0x6E, 0x79, 0x20, 0x70, 0x65,
> > +	0x6F, 0x70, 0x6C, 0x65, 0x20, 0x77, 0x6F, 0x75,
> > +	0x6C, 0x64, 0x20, 0x67, 0x6F, 0x20, 0x69, 0x6E,
> > +	0x73, 0x61, 0x6E, 0x65, 0x3F, 0x20, 0x48, 0x6F,
> > +	0x77, 0x20, 0x6D, 0x61, 0x6E, 0x79, 0x20, 0x63,
> > +	0x6F, 0x63, 0x6B, 0x72, 0x6F, 0x61, 0x63, 0x68,
> > +	0x65, 0x73, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x6C,
> > +	0x61, 0x6E, 0x64, 0x6C, 0x6F, 0x72, 0x64, 0x73,
> > +	0x20, 0x77, 0x6F, 0x75, 0x6C, 0x64, 0x20, 0x74,
> > +	0x72, 0x69, 0x75, 0x6D, 0x70, 0x68, 0x3F, 0x20,
> > +	0x48, 0x6F, 0x77, 0x20, 0x6D, 0x61, 0x6E, 0x79,
> > +	0x20, 0x77, 0x69, 0x6E, 0x6E, 0x65, 0x72, 0x73,
> > +	0x20, 0x77, 0x65, 0x72, 0x65, 0x20, 0x6c, 0x6f,
> > +	0x73, 0x65, 0x72, 0x73, 0x2c, 0x20, 0x73, 0x75,
> > +	/* mac */
> > +	0xC4, 0xB7, 0x0E, 0x6B, 0xDE, 0xD1, 0xE7, 0x77,
> > +	0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
> > +	0x3F, 0x91, 0x64, 0x59
> > +};
> > +
> > +static const uint8_t ciphertext512_aes128cbc_ssl[] = {
> > +	0x8B, 0x4D, 0xDA, 0x1B, 0xCF, 0x04, 0xA0, 0x31,
> > +	0xB4, 0xBF, 0xBD, 0x68, 0x43, 0x20, 0x7E, 0x76,
> > +	0xB1, 0x96, 0x8B, 0xA2, 0x7C, 0xA2, 0x83, 0x9E,
> > +	0x39, 0x5A, 0x2F, 0x7E, 0x92, 0xB4, 0x48, 0x1A,
> > +	0x3F, 0x6B, 0x5D, 0xDF, 0x52, 0x85, 0x5F, 0x8E,
> > +	0x42, 0x3C, 0xFB, 0xE9, 0x1A, 0x24, 0xD6, 0x08,
> > +	0xDD, 0xFD, 0x16, 0xFB, 0xE9, 0x55, 0xEF, 0xF0,
> > +	0xA0, 0x8D, 0x13, 0xAB, 0x81, 0xC6, 0x90, 0x01,
> > +	0xB5, 0x18, 0x84, 0xB3, 0xF6, 0xE6, 0x11, 0x57,
> > +	0xD6, 0x71, 0xC6, 0x3C, 0x3F, 0x2F, 0x33, 0xEE,
> > +	0x24, 0x42, 0x6E, 0xAC, 0x0B, 0xCA, 0xEC, 0xF9,
> > +	0x84, 0xF8, 0x22, 0xAA, 0x60, 0xF0, 0x32, 0xA9,
> > +	0x75, 0x75, 0x3B, 0xCB, 0x70, 0x21, 0x0A, 0x8D,
> > +	0x0F, 0xE0, 0xC4, 0x78, 0x2B, 0xF8, 0x97, 0xE3,
> > +	0xE4, 0x26, 0x4B, 0x29, 0xDA, 0x88, 0xCD, 0x46,
> > +	0xEC, 0xAA, 0xF9, 0x7F, 0xF1, 0x15, 0xEA, 0xC3,
> > +	0x87, 0xE6, 0x31, 0xF2, 0xCF, 0xDE, 0x4D, 0x80,
> > +	0x70, 0x91, 0x7E, 0x0C, 0xF7, 0x26, 0x3A, 0x92,
> > +	0x4F, 0x18, 0x83, 0xC0, 0x8F, 0x59, 0x01, 0xA5,
> > +	0x88, 0xD1, 0xDB, 0x26, 0x71, 0x27, 0x16, 0xF5,
> > +	0xEE, 0x10, 0x82, 0xAC, 0x68, 0x26, 0x9B, 0xE2,
> > +	0x6D, 0xD8, 0x9A, 0x80, 0xDF, 0x04, 0x31, 0xD5,
> > +	0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
> > +	0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
> > +	0x73, 0x02, 0x42, 0xC9, 0x23, 0x18, 0x8E, 0xB4,
> > +	0x6F, 0xB4, 0xA3, 0x54, 0x6E, 0x88, 0x3B, 0x62,
> > +	0x7C, 0x02, 0x8D, 0x4C, 0x9F, 0xC8, 0x45, 0xF4,
> > +	0xC9, 0xDE, 0x4F, 0xEB, 0x22, 0x83, 0x1B, 0xE4,
> > +	0x49, 0x37, 0xE4, 0xAD, 0xE7, 0xCD, 0x21, 0x54,
> > +	0xBC, 0x1C, 0xC2, 0x04, 0x97, 0xB4, 0x10, 0x61,
> > +	0xF0, 0xE4, 0xEF, 0x27, 0x63, 0x3A, 0xDA, 0x91,
> > +	0x41, 0x25, 0x62, 0x1C, 0x5C, 0xB6, 0x38, 0x4A,
> > +	0x88, 0x71, 0x59, 0x5A, 0x8D, 0xA0, 0x09, 0xAF,
> > +	0x72, 0x94, 0xD7, 0x79, 0x5C, 0x60, 0x7C, 0x8F,
> > +	0x4C, 0xF5, 0xD9, 0xA1, 0x39, 0x6D, 0x81, 0x28,
> > +	0xEF, 0x13, 0x28, 0xDF, 0xF5, 0x3E, 0xF7, 0x8E,
> > +	0x09, 0x9C, 0x78, 0x18, 0x79, 0xB8, 0x68, 0xD7,
> > +	0xA8, 0x29, 0x62, 0xAD, 0xDE, 0xE1, 0x61, 0x76,
> > +	0x1B, 0x05, 0x16, 0xCD, 0xBF, 0x02, 0x8E, 0xA6,
> > +	0x43, 0x6E, 0x92, 0x55, 0x4F, 0x60, 0x9C, 0x03,
> > +	0xB8, 0x4F, 0xA3, 0x02, 0xAC, 0xA8, 0xA7, 0x0C,
> > +	0x1E, 0xB5, 0x6B, 0xF8, 0xC8, 0x4D, 0xDE, 0xD2,
> > +	0xB0, 0x29, 0x6E, 0x40, 0xE6, 0xD6, 0xC9, 0xE6,
> > +	0xB9, 0x0F, 0xB6, 0x63, 0xF5, 0xAA, 0x2B, 0x96,
> > +	0xA7, 0x16, 0xAC, 0x4E, 0x0A, 0x33, 0x1C, 0xA6,
> > +	0xE6, 0xBD, 0x8A, 0xCF, 0x40, 0xA9, 0xB2, 0xFA,
> > +	0x63, 0x27, 0xFD, 0x9B, 0xD9, 0xFC, 0xD5, 0x87,
> > +	0x8D, 0x4C, 0xB6, 0xA4, 0xCB, 0xE7, 0x74, 0x55,
> > +	0xF4, 0xFB, 0x41, 0x25, 0xB5, 0x4B, 0x0A, 0x1B,
> > +	0xB1, 0xD6, 0xB7, 0xD9, 0x47, 0x2A, 0xC3, 0x98,
> > +	0x6A, 0xC4, 0x03, 0x73, 0x1F, 0x93, 0x6E, 0x53,
> > +	0x19, 0x25, 0x64, 0x15, 0x83, 0xF9, 0x73, 0x2A,
> > +	0x74, 0xB4, 0x93, 0x69, 0xC4, 0x72, 0xFC, 0x26,
> > +	0xA2, 0x9F, 0x43, 0x45, 0xDD, 0xB9, 0xEF, 0x36,
> > +	0xC8, 0x3A, 0xCD, 0x99, 0x9B, 0x54, 0x1A, 0x36,
> > +	0xC1, 0x59, 0xF8, 0x98, 0xA8, 0xCC, 0x28, 0x0D,
> > +	0x73, 0x4C, 0xEE, 0x98, 0xCB, 0x7C, 0x58, 0x7E,
> > +	0x20, 0x75, 0x1E, 0xB7, 0xC9, 0xF8, 0xF2, 0x0E,
> > +	0x63, 0x9E, 0x05, 0x78, 0x1A, 0xB6, 0xA8, 0x7A,
> > +	0xF9, 0x98, 0x6A, 0xA6, 0x46, 0x84, 0x2E, 0xF6,
> > +	0x4B, 0xDC, 0x9B, 0x8F, 0x9B, 0x8F, 0xEE, 0xB4,
> > +	0xAA, 0x3F, 0xEE, 0xC0, 0x37, 0x27, 0x76, 0xC7,
> > +	0x95, 0xBB, 0x26, 0x74, 0x69, 0x12, 0x7F, 0xF1,
> > +	0xBB, 0xFF, 0xAE, 0xB5, 0x99, 0x6E, 0xCB, 0x0C,
> > +	/* encrypted mac */
> > +	0x39, 0x34, 0x16, 0x84, 0xE7, 0x90, 0x02, 0xB1,
> > +	0x3E, 0x92, 0xCB, 0x58, 0x98, 0xBA, 0x7C, 0x98,
> > +	0x8B, 0x90, 0xFB, 0x5E, 0x9D, 0x74, 0xCC, 0x56,
> > +	0xE3, 0x55, 0xB1, 0xC8, 0xC8, 0x7C, 0xB2, 0xE7 };
> > +
> > +static const uint8_t plaintext_aes_common_short_ssl[] = {
> > +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> > +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> > +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> > +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> > +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> > +	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
> > +	0xDD, 0xDD
> > +};
> > +
> > +static const uint8_t ciphertext512_aes128cbc_short_ssl[] = {
> > +	0x6D, 0xB1, 0x23, 0x86, 0x58, 0x54, 0x83, 0xE7,
> > +	0x3B, 0x27, 0x85, 0xA7, 0x06, 0xBC, 0x4A, 0xFB,
> > +	0x16, 0xD8, 0x56, 0x7C, 0x39, 0xC6, 0xE7, 0x1A,
> > +	0x67, 0xA8, 0x48, 0x22, 0xD6, 0xFF, 0x96, 0xB3,
> > +	0xA1, 0x52, 0x52, 0x83, 0xE6, 0x2E, 0x6A, 0xC9,
> > +	0x57, 0x8E, 0x34, 0x6F, 0xEE, 0x41, 0xF5, 0xBD,
> > +	0x6B, 0x89, 0x31, 0x64, 0x89, 0xAB, 0xDE, 0xA7,
> > +	0xBD, 0xFD, 0x46, 0x40, 0xE7, 0x13, 0x23, 0x84,
> > +	0xDD, 0xCB, 0x35, 0x87, 0x4E, 0x57, 0xB7, 0x97,
> > +	0x9E, 0xAB, 0xFB, 0xE7, 0x18, 0x82, 0x05, 0xDF };
> > +
> >  /* AES128-CTR-SHA1 test vector */
> >  static const struct blockcipher_test_data aes_test_data_1 = {
> >  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CTR, @@ -1409,6 +1575,50
> @@
> > static const struct blockcipher_test_data aes_test_data_4 = {
> >  	}
> >  };
> >
> > +/** AES-128-CBC SHA1 test vector (SSL/TLS order) */ static const
> > +struct blockcipher_test_data aes_test_data_4_ssl = {
> > +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> > +	.cipher_key = {
> > +		.data = {
> > +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> > +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
> > +		},
> > +		.len = 16
> > +	},
> > +	.iv = {
> > +		.data = {
> > +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> > +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> > +		},
> > +		.len = 16
> > +	},
> > +	.plaintext = {
> > +		.data = plaintext_aes_common_ssl,
> > +		.len = 512
> > +	},
> > +	.ciphertext = {
> > +		.data = ciphertext512_aes128cbc_ssl,
> > +		.len = 512
> > +	},
> > +	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
> > +	.auth_key = {
> > +		.data = {
> > +			0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
> > +			0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
> > +			0xDE, 0xF4, 0xDE, 0xAD
> > +		},
> > +		.len = 20
> > +	},
> > +	.digest = {
> > +		.data = {
> > +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60,
> > +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> > +			0x18, 0x8C, 0x1D, 0x32
> > +		},
> > +		.len = 20,
> > +	}
> > +};
> > +
> >  /** AES-128-CBC SHA256 test vector */  static const struct
> > blockcipher_test_data aes_test_data_5 = {
> >  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, @@ -1733,6 +1943,77
> @@
> > static const uint8_t ciphertext512_aes192cbc[] = {
> >  	0x4F, 0x2F, 0x50, 0xE2, 0x77, 0x62, 0xD9, 0xCC  };
> >
> > +static const uint8_t ciphertext512_aes192cbc_ssl[] = {
> > +	0x45, 0xee, 0x9a, 0xEA, 0x3C, 0x03, 0xFC, 0x4C,
> > +	0x84, 0x36, 0xB0, 0xDA, 0xB0, 0xDC, 0xF3, 0x5B,
> > +	0x75, 0xA7, 0xBE, 0x0E, 0xC0, 0x8D, 0x6C, 0xF8,
> > +	0xC1, 0x0F, 0xD0, 0x35, 0x1D, 0x82, 0xAE, 0x7C,
> > +	0x57, 0xC5, 0x7A, 0x55, 0x87, 0x1B, 0xD4, 0x03,
> > +	0x0A, 0x64, 0xC9, 0xE0, 0xF4, 0xC7, 0x6F, 0x57,
> > +	0x52, 0xC6, 0x73, 0xBA, 0x84, 0x0B, 0x5B, 0x89,
> > +	0x21, 0xD2, 0x9B, 0x88, 0x68, 0xF5, 0xA9, 0x7F,
> > +	0x3F, 0x49, 0xEB, 0xF4, 0xD4, 0x52, 0xD2, 0x64,
> > +	0x80, 0xB2, 0x53, 0xDA, 0x19, 0xF6, 0x10, 0x24,
> > +	0x23, 0x26, 0x7A, 0x7C, 0x07, 0x57, 0x4B, 0x0E,
> > +	0x58, 0x49, 0x61, 0xD1, 0xDC, 0x9A, 0x32, 0x6B,
> > +	0x0F, 0x43, 0x9E, 0x4D, 0xB4, 0x07, 0x4E, 0xB3,
> > +	0x51, 0x74, 0xDE, 0x29, 0xBC, 0x98, 0xF9, 0xDF,
> > +	0x78, 0x9A, 0x18, 0x9C, 0xD6, 0x7A, 0x55, 0x7C,
> > +	0xE6, 0x1D, 0x5C, 0x1A, 0x99, 0xD2, 0xC3, 0x7B,
> > +	0x9F, 0x96, 0x74, 0x2D, 0xE0, 0xEF, 0xD1, 0xE3,
> > +	0x08, 0x9F, 0xAF, 0xE6, 0xED, 0xCA, 0xE1, 0xEA,
> > +	0x23, 0x6F, 0x7C, 0x81, 0xA8, 0xC0, 0x5B, 0x8B,
> > +	0x53, 0x90, 0x51, 0x2D, 0x0F, 0xF6, 0x7D, 0xA7,
> > +	0x1C, 0xBD, 0x83, 0x84, 0x54, 0xA4, 0x15, 0xFB,
> > +	0x3E, 0x25, 0xA7, 0x3A, 0x0A, 0x73, 0xD9, 0x88,
> > +	0x6F, 0x80, 0x78, 0x95, 0x7F, 0x60, 0xAA, 0x86,
> > +	0x8A, 0xFC, 0xDF, 0xC1, 0xCB, 0xDE, 0xBB, 0x25,
> > +	0x52, 0x20, 0xC6, 0x79, 0xD4, 0x0F, 0x25, 0xE7,
> > +	0xDB, 0xB2, 0x17, 0xA4, 0x6F, 0x3C, 0x6F, 0x91,
> > +	0xF6, 0x44, 0x1E, 0xB6, 0x85, 0xBC, 0x7A, 0x14,
> > +	0x10, 0x72, 0xBD, 0x16, 0x63, 0x39, 0x9E, 0x7B,
> > +	0x84, 0x5B, 0x17, 0x61, 0xB1, 0x5D, 0x82, 0x0B,
> > +	0x6D, 0x37, 0xD7, 0x79, 0xB8, 0x24, 0x91, 0x30,
> > +	0x82, 0x91, 0x02, 0xB1, 0x18, 0x4B, 0xE0, 0xF4,
> > +	0x13, 0x1B, 0xB2, 0x4C, 0xDA, 0xB8, 0x99, 0x96,
> > +	0x83, 0x2F, 0xBE, 0x53, 0x8D, 0xDE, 0xFA, 0xAD,
> > +	0xF6, 0x5C, 0xDB, 0xE5, 0x66, 0x26, 0x8F, 0x13,
> > +	0x2B, 0x76, 0x47, 0x73, 0xDE, 0x1A, 0x74, 0xA6,
> > +	0x30, 0xAF, 0x42, 0xA0, 0xE5, 0xD2, 0x8F, 0xC2,
> > +	0xED, 0x3E, 0x9E, 0x29, 0x54, 0x3C, 0xDE, 0x9F,
> > +	0x5D, 0x30, 0x2B, 0x63, 0xFB, 0xE3, 0xB1, 0x07,
> > +	0xEE, 0x74, 0x4A, 0xAF, 0xB1, 0x20, 0x8D, 0xEC,
> > +	0xE6, 0x78, 0x16, 0x8D, 0xA4, 0x6E, 0x34, 0x7D,
> > +	0x47, 0xFB, 0x0B, 0xC1, 0x32, 0xD7, 0x0D, 0x6C,
> > +	0x6F, 0x93, 0x9C, 0x5E, 0xEF, 0x1F, 0x9C, 0x45,
> > +	0x80, 0x6B, 0x74, 0xA6, 0x81, 0xF2, 0xF6, 0xFA,
> > +	0xAA, 0x9D, 0x4F, 0xCA, 0xB5, 0x90, 0x59, 0xB0,
> > +	0x3B, 0xF2, 0xF0, 0x75, 0xFD, 0x8A, 0xD8, 0x97,
> > +	0x65, 0x88, 0x56, 0x4C, 0x44, 0xDF, 0x73, 0xF7,
> > +	0x56, 0x9C, 0x48, 0x7E, 0xB0, 0x1F, 0x1D, 0x7D,
> > +	0x6A, 0x11, 0xF5, 0xC2, 0xF4, 0x17, 0xEF, 0x58,
> > +	0xD8, 0x2A, 0xAF, 0x56, 0x2F, 0xCF, 0xEC, 0xA4,
> > +	0x58, 0x8B, 0x60, 0xCE, 0xD4, 0x0F, 0x9C, 0x21,
> > +	0xEC, 0x3E, 0x74, 0x7B, 0x81, 0x3D, 0x69, 0xC6,
> > +	0x5E, 0x12, 0x83, 0xE9, 0xEF, 0x81, 0x58, 0x36,
> > +	0x6A, 0x60, 0x0F, 0x54, 0x28, 0x11, 0xF9, 0x64,
> > +	0x36, 0xAD, 0x79, 0xF5, 0x1C, 0x74, 0xD0, 0xC3,
> > +	0x7B, 0x61, 0xE1, 0x92, 0xB0, 0x13, 0x91, 0x87,
> > +	0x32, 0x1F, 0xF2, 0x5A, 0xDA, 0x25, 0x69, 0xEB,
> > +	0xD7, 0x32, 0x7F, 0xF5, 0x23, 0x21, 0x54, 0x47,
> > +	0x7B, 0x1B, 0x33, 0xB0, 0x3D, 0xF6, 0xE2, 0x7E,
> > +	0x3E, 0xA2, 0x9E, 0xCA, 0x48, 0x0B, 0x4A, 0x29,
> > +	0x81, 0xD4, 0x4E, 0xD5, 0x69, 0xFB, 0xCD, 0x37,
> > +	0x8A, 0xC1, 0x5B, 0x50, 0xFF, 0xB5, 0x7D, 0x43,
> > +	0x0F, 0xAE, 0xA6, 0xC2, 0xE5, 0x8F, 0x45, 0xB2,
> > +	0x85, 0x99, 0x02, 0xA2, 0x9B, 0xBE, 0x90, 0x43,
> > +	0x4F, 0x2F, 0x50, 0xE2, 0x77, 0x62, 0xD9, 0xCC,
> > +	0x5D, 0x93, 0x6A, 0x97, 0xFB, 0x1D, 0x01, 0x17,
> > +	0x90, 0x61, 0x41, 0xD5, 0x5C, 0x43, 0x60, 0xBC,
> > +	0x21, 0x04, 0x5B, 0xB9, 0xFF, 0x75, 0xF8, 0x1F,
> > +	0x5C, 0x85, 0x91, 0x08, 0x02, 0xA2, 0xFD, 0x88, };
> > +
> >  /** AES-192-CBC test vector */
> >  static const struct blockcipher_test_data aes_test_data_10 = {
> >  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, @@ -1761,6 +2042,51
> @@
> > static const struct blockcipher_test_data aes_test_data_10 = {
> >  	}
> >  };
> >
> > +/** AES-192-CBC SHA1 test vector (SSL/TLS order) */ static const
> > +struct blockcipher_test_data aes_test_data_10_ssl = {
> > +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> > +	.cipher_key = {
> > +		.data = {
> > +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> > +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
> > +			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0
> > +		},
> > +		.len = 24
> > +	},
> > +	.iv = {
> > +		.data = {
> > +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> > +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> > +		},
> > +		.len = 16
> > +	},
> > +	.plaintext = {
> > +		.data = plaintext_aes_common_ssl,
> > +		.len = 512
> > +	},
> > +	.ciphertext = {
> > +		.data = ciphertext512_aes192cbc_ssl,
> > +		.len = 512
> > +	},
> > +	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
> > +	.auth_key = {
> > +		.data = {
> > +			0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
> > +			0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
> > +			0xDE, 0xF4, 0xDE, 0xAD
> > +		},
> > +		.len = 20
> > +	},
> > +	.digest = {
> > +		.data = {
> > +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60,
> > +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> > +			0x18, 0x8C, 0x1D, 0x32
> > +		},
> > +		.len = 20,
> > +	}
> > +};
> > +
> >  static const uint8_t ciphertext512_aes256cbc[] = {
> >  	0xF3, 0xDD, 0xF0, 0x0B, 0xFF, 0xA2, 0x6A, 0x04,
> >  	0xBE, 0xDA, 0x52, 0xA6, 0xFE, 0x6B, 0xA6, 0xA7, @@ -1828,6
> +2154,77
> > @@ static const uint8_t ciphertext512_aes256cbc[] = {
> >  	0xB7, 0x1C, 0x6D, 0xF2, 0xAE, 0x79, 0xA4, 0x7C  };
> >
> > +static const uint8_t ciphertext512_aes256cbc_ssl[] = {
> > +	0xF3, 0xDD, 0xF0, 0x0B, 0xFF, 0xA2, 0x6A, 0x04,
> > +	0xBE, 0xDA, 0x52, 0xA6, 0xFE, 0x6B, 0xA6, 0xA7,
> > +	0x48, 0x1D, 0x7D, 0x98, 0x65, 0xDB, 0xEF, 0x06,
> > +	0x26, 0xB5, 0x8E, 0xEB, 0x05, 0x0E, 0x77, 0x98,
> > +	0x17, 0x8E, 0xD0, 0xD4, 0x7B, 0x92, 0x8F, 0x5C,
> > +	0xD0, 0x74, 0x5C, 0xA8, 0x4B, 0x54, 0xB6, 0x2F,
> > +	0x83, 0x72, 0x2C, 0xFF, 0x72, 0xE9, 0xE4, 0x15,
> > +	0x4C, 0x32, 0xAF, 0xC8, 0xC9, 0x89, 0x3C, 0x6E,
> > +	0x31, 0xD5, 0xC0, 0x16, 0xC0, 0x31, 0x7D, 0x11,
> > +	0xAB, 0xCB, 0xDE, 0xD2, 0xD6, 0xAA, 0x76, 0x5E,
> > +	0xBA, 0xF6, 0xE2, 0x92, 0xCB, 0x86, 0x07, 0xFA,
> > +	0xD4, 0x9E, 0x83, 0xED, 0xFD, 0xB8, 0x70, 0x54,
> > +	0x6B, 0xBE, 0xEC, 0x72, 0xDD, 0x28, 0x5E, 0x95,
> > +	0x78, 0xA5, 0x28, 0x43, 0x3D, 0x6D, 0xB1, 0xD9,
> > +	0x69, 0x1F, 0xC9, 0x66, 0x0E, 0x32, 0x44, 0x08,
> > +	0xD2, 0xAE, 0x2C, 0x43, 0xF2, 0xD0, 0x7D, 0x26,
> > +	0x70, 0xE5, 0xA1, 0xCA, 0x37, 0xE9, 0x7D, 0xC7,
> > +	0xA3, 0xFA, 0x81, 0x91, 0x64, 0xAA, 0x64, 0x91,
> > +	0x9A, 0x95, 0x2D, 0xC9, 0xF9, 0xCE, 0xFE, 0x9F,
> > +	0xC4, 0xD8, 0x81, 0xBE, 0x57, 0x84, 0xC5, 0x02,
> > +	0xDB, 0x30, 0xC1, 0xD9, 0x0E, 0xA0, 0xA6, 0x00,
> > +	0xD6, 0xF3, 0x52, 0x7E, 0x0D, 0x23, 0x6B, 0x2B,
> > +	0x34, 0x99, 0x1F, 0x70, 0x27, 0x6D, 0x58, 0x84,
> > +	0x93, 0x77, 0xB8, 0x3E, 0xF1, 0x71, 0x58, 0x42,
> > +	0x8B, 0x2B, 0xC8, 0x6D, 0x05, 0x84, 0xFF, 0x4E,
> > +	0x85, 0xEF, 0x4A, 0x9D, 0x91, 0x6A, 0xD5, 0xE1,
> > +	0xAF, 0x01, 0xEB, 0x83, 0x8F, 0x23, 0x7C, 0x7F,
> > +	0x12, 0x91, 0x05, 0xF0, 0x4E, 0xD9, 0x17, 0x62,
> > +	0x75, 0xBB, 0xAC, 0x97, 0xEE, 0x3B, 0x4E, 0xC7,
> > +	0xE5, 0x92, 0xF8, 0x9D, 0x4C, 0xF9, 0xEE, 0x55,
> > +	0x18, 0xBB, 0xCC, 0xB4, 0xF2, 0x59, 0xB9, 0xFC,
> > +	0x7A, 0x0F, 0x98, 0xD4, 0x8B, 0xFE, 0xF7, 0x83,
> > +	0x46, 0xE2, 0x83, 0x33, 0x3E, 0x95, 0x8D, 0x17,
> > +	0x1E, 0x85, 0xF8, 0x8C, 0x51, 0xB0, 0x6C, 0xB5,
> > +	0x5E, 0x95, 0xBA, 0x4B, 0x69, 0x1B, 0x48, 0x69,
> > +	0x0B, 0x8F, 0xA5, 0x18, 0x13, 0xB9, 0x77, 0xD1,
> > +	0x80, 0x32, 0x32, 0x6D, 0x53, 0xA1, 0x95, 0x40,
> > +	0x96, 0x8A, 0xCC, 0xA3, 0x69, 0xF8, 0x9F, 0xB5,
> > +	0x8E, 0xD2, 0x68, 0x07, 0x4F, 0xA7, 0xEC, 0xF8,
> > +	0x20, 0x21, 0x58, 0xF8, 0xD8, 0x9E, 0x5F, 0x40,
> > +	0xBA, 0xB9, 0x76, 0x57, 0x3B, 0x17, 0xAD, 0xEE,
> > +	0xCB, 0xDF, 0x07, 0xC1, 0xDF, 0x66, 0xA8, 0x0D,
> > +	0xC2, 0xCE, 0x8F, 0x79, 0xC3, 0x32, 0xE0, 0x8C,
> > +	0xFE, 0x5A, 0xF3, 0x55, 0x27, 0x73, 0x6F, 0xA1,
> > +	0x54, 0xC6, 0xFC, 0x28, 0x9D, 0xBE, 0x97, 0xB9,
> > +	0x54, 0x97, 0x72, 0x3A, 0x61, 0xAF, 0x6F, 0xDE,
> > +	0xF8, 0x0E, 0xBB, 0x6B, 0x96, 0x84, 0xDD, 0x9B,
> > +	0x62, 0xBA, 0x47, 0xB5, 0xC9, 0x3B, 0x4E, 0x8C,
> > +	0x78, 0x2A, 0xCC, 0x0A, 0x69, 0x54, 0x25, 0x5E,
> > +	0x8B, 0xAC, 0x56, 0xD9, 0xFE, 0x48, 0xBA, 0xCE,
> > +	0xA9, 0xCE, 0xA6, 0x1D, 0xBF, 0x3E, 0x3C, 0x66,
> > +	0x40, 0x71, 0x79, 0xAD, 0x5B, 0x26, 0xAD, 0xBE,
> > +	0x58, 0x13, 0x64, 0x60, 0x7C, 0x05, 0xFC, 0xE3,
> > +	0x51, 0x7A, 0xF2, 0xCC, 0x54, 0x16, 0x2C, 0xA4,
> > +	0xCE, 0x5F, 0x59, 0x12, 0x77, 0xEB, 0xD9, 0x23,
> > +	0xE3, 0x86, 0xFB, 0xD7, 0x48, 0x76, 0x9D, 0xE3,
> > +	0x89, 0x87, 0x39, 0xFA, 0x7B, 0x21, 0x0B, 0x76,
> > +	0xB2, 0xED, 0x1C, 0x27, 0x4B, 0xD5, 0x27, 0x05,
> > +	0x8C, 0x7D, 0x58, 0x6C, 0xCA, 0xA5, 0x54, 0x9A,
> > +	0x0F, 0xCB, 0xE9, 0x88, 0x31, 0xAD, 0x49, 0xEE,
> > +	0x38, 0xFB, 0xC9, 0xFB, 0xB4, 0x7A, 0x00, 0x58,
> > +	0x20, 0x32, 0xD3, 0x53, 0x5A, 0xDD, 0x74, 0x95,
> > +	0x60, 0x59, 0x09, 0xAE, 0x7E, 0xEC, 0x74, 0xA3,
> > +	0xB7, 0x1C, 0x6D, 0xF2, 0xAE, 0x79, 0xA4, 0x7C,
> > +	0x50, 0xB1, 0x8D, 0x56, 0x22, 0x75, 0xD6, 0x8F,
> > +	0x93, 0xB5, 0xED, 0xE8, 0x3D, 0x20, 0x4F, 0x9F,
> > +	0x80, 0x2F, 0x56, 0x95, 0xA0, 0x80, 0xC6, 0xC2,
> > +	0xA8, 0x27, 0xFB, 0x48, 0x96, 0x58, 0xA1, 0x93, };
> > +
> >  /** AES-256-CBC test vector */
> >  static const struct blockcipher_test_data aes_test_data_11 = {
> >  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, @@ -1857,6 +2254,52
> @@
> > static const struct blockcipher_test_data aes_test_data_11 = {
> >  	}
> >  };
> >
> > +/** AES-256-CBC SHA1 test vector (SSL/TLS order) */ static const
> > +struct blockcipher_test_data aes_test_data_11_ssl = {
> > +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> > +	.cipher_key = {
> > +		.data = {
> > +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> > +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
> > +			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0,
> > +			0x37, 0x07, 0xB8, 0x23, 0xA2, 0xA3, 0xB5, 0x8D
> > +		},
> > +		.len = 32
> > +	},
> > +	.iv = {
> > +		.data = {
> > +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> > +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> > +		},
> > +		.len = 16
> > +	},
> > +	.plaintext = {
> > +		.data = plaintext_aes_common_ssl,
> > +		.len = 512
> > +	},
> > +	.ciphertext = {
> > +		.data = ciphertext512_aes256cbc_ssl,
> > +		.len = 512
> > +	},
> > +	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
> > +	.auth_key = {
> > +		.data = {
> > +			0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
> > +			0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
> > +			0xDE, 0xF4, 0xDE, 0xAD
> > +		},
> > +		.len = 20
> > +	},
> > +	.digest = {
> > +		.data = {
> > +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60,
> > +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> > +			0x18, 0x8C, 0x1D, 0x32
> > +		},
> > +		.len = 20,
> > +	}
> > +};
> > +
> >  /** AES-128-CBC SHA256 HMAC test vector (160 bytes) */  static const
> > struct blockcipher_test_data aes_test_data_12 = {
> >  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, @@ -1949,6 +2392,50
> @@
> > static const struct blockcipher_test_data aes_test_data_13 = {
> >  	}
> >  };
> >
> > +/** AES-128-CBC SHA1 test vector (SSL/TLS order) */ static const
> > +struct blockcipher_test_data aes_test_data_13_ssl = {
> > +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> > +	.cipher_key = {
> > +		.data = {
> > +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> > +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
> > +		},
> > +		.len = 16
> > +	},
> > +	.iv = {
> > +		.data = {
> > +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> > +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> > +		},
> > +		.len = 16
> > +	},
> > +	.plaintext = {
> > +		.data = plaintext_aes_common_short_ssl,
> > +		.len = 50
> > +	},
> > +	.ciphertext = {
> > +		.data = ciphertext512_aes128cbc_short_ssl,
> > +		.len = 50
> > +	},
> > +	.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
> > +	.auth_key = {
> > +		.data = {
> > +			0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
> > +			0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
> > +			0xAA, 0xAA, 0xAA, 0xAA
> > +		},
> > +		.len = 20
> > +	},
> > +	.digest = {
> > +		.data = {
> > +			0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD,
> > +			0x91, 0xA3, 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F,
> > +			0x63, 0xF1, 0x75, 0xD3
> > +		},
> > +		.len = 20,
> > +	}
> > +};
> > +
> >  /** XTS-AES-128 test vector (2 keys * 128 bit) */  static const
> > uint8_t plaintext_aes128xts_16bytes[] = {
> >  	0xEB, 0xAB, 0xCE, 0x95, 0xB1, 0x4D, 0x3C, 0x8D, @@ -2886,6
> +3373,95
> > @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] =
> {
> >  		.test_data = &aes_test_data_21,
> >  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> >  	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest"
> > +			"(SSL/TLS order)",
> > +		.test_data = &aes_test_data_4_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> > +			"Scatter Gather (SSL/TLS order)",
> > +		.test_data = &aes_test_data_4_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> > +			"(short buffers) (SSL/TLS order)",
> > +		.test_data = &aes_test_data_13_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> > +			"Scatter Gather (SSL/TLS order)",
> > +		.test_data = &aes_test_data_4_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
> > +	},
> > +	{
> > +		.test_descr = "AES-192-CBC HMAC-SHA1 Encryption Digest "
> > +			"Sessionless (SSL/TLS order)",
> > +		.test_data = &aes_test_data_10_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> > +	},
> > +	{
> > +		.test_descr = "AES-256-CBC HMAC-SHA1 Encryption Digest "
> > +			"Scatter Gather Sessionless (SSL/TLS order)",
> > +		.test_data = &aes_test_data_11_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +			BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify (SSL/TLS order)",
> > +		.test_data = &aes_test_data_4_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Scatter Gather (SSL/TLS order)",
> > +		.test_data = &aes_test_data_4_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify (short buffers) (SSL/TLS order)",
> > +		.test_data = &aes_test_data_13_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Scatter Gather (SSL/TLS order)",
> > +		.test_data = &aes_test_data_4_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG,
> > +	},
> > +	{
> > +		.test_descr = "AES-256-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Sessionless (SSL/TLS order)",
> > +		.test_data = &aes_test_data_11_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> > +	},
> > +	{
> > +		.test_descr = "AES-192-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Scatter Gather Sessionless (SSL/TLS order)",
> > +		.test_data = &aes_test_data_10_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> |
> > +				BLOCKCIPHER_TEST_FEATURE_SG,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Sessionless (SSL/TLS order)",
> > +		.test_data = &aes_test_data_4_ssl,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> > +	}
> >  };
> >
> >  static const struct blockcipher_test_case aes_docsis_test_cases[] = {
> > diff --git a/app/test/test_cryptodev_blockcipher.c
> > b/app/test/test_cryptodev_blockcipher.c
> > index 135e57b9fa..9d112d033c 100644
> > --- a/app/test/test_cryptodev_blockcipher.c
> > +++ b/app/test/test_cryptodev_blockcipher.c
> > @@ -94,6 +94,7 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  	uint8_t dst_pattern = 0xb6;
> >  	uint8_t tmp_src_buf[MBUF_SIZE];
> >  	uint8_t tmp_dst_buf[MBUF_SIZE];
> > +	uint32_t pad_len;
> >
> >  	int nb_segs = 1;
> >  	uint32_t nb_iterates = 0;
> > @@ -185,6 +186,22 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH)
> >  		buf_len += digest_len;
> >
> > +	/* only aes-cbc cipher is supported for
> > +	 * auth followed by encryption case
> > +	 */
> [Arek] - I though that without extension all non-AEAD algorithms (excluding
> AES-CCM) are MAC-then-encrypt in TLS.

[Tejasree] Yes but only AES-CBC cipher is supported in this patch. Other algorithms are not tested.

> 
> > +	if ((t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER) &&
> > +		(t->test_data->crypto_algo !=
> RTE_CRYPTO_CIPHER_AES_CBC))
> > {
> > +		snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> > +			"line %u FAILED: %s",
> > +			__LINE__, "Unsupported cipher algorithm");
> > +		status = TEST_FAILED;
> > +		goto error_exit;
> > +	}
> > +
> > +	pad_len = RTE_ALIGN(buf_len, 16) - buf_len;
> > +	if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
> > +		buf_len += pad_len;
> > +
> >  	/* for contiguous mbuf, nb_segs is 1 */
> >  	ibuf = create_segmented_mbuf(mbuf_pool,
> >  			tdata->ciphertext.len, nb_segs, src_pattern); @@ -
> > 209,9 +226,31 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >
> >  	buf_p = rte_pktmbuf_append(ibuf, digest_len);
> >  	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
> > -		rte_memcpy(buf_p, tdata->digest.data, digest_len);
> > +		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
> > +			rte_memcpy(buf_p,
> > +				tdata->ciphertext.data + tdata-
> >ciphertext.len,
> > +				 digest_len);
> > +		else
> > +			rte_memcpy(buf_p, tdata->digest.data, digest_len);
> >  	else
> >  		memset(buf_p, 0, digest_len);
> > +	if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER) {
> > +		buf_p = rte_pktmbuf_append(ibuf, pad_len);
> > +		if (!buf_p) {
> > +			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> "line
> > %u "
> > +				"FAILED: %s", __LINE__,
> > +				"No room to append mbuf");
> > +			status = TEST_FAILED;
> > +			goto error_exit;
> > +		}
> > +		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY) {
> > +			const uint8_t *temp_p = tdata->ciphertext.data +
> > +					tdata->ciphertext.len +
> > +					digest_len;
> > +			rte_memcpy(buf_p, temp_p, pad_len);
> > +		} else
> > +			memset(buf_p, 0xa5, pad_len);
> > +	}
> >
> >  	if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP) {
> >  		obuf = rte_pktmbuf_alloc(mbuf_pool); @@ -224,7 +263,7
> @@
> > test_blockcipher_one_case(const struct blockcipher_test_case *t,
> >  		}
> >  		memset(obuf->buf_addr, dst_pattern, obuf->buf_len);
> >
> > -		buf_p = rte_pktmbuf_append(obuf, buf_len);
> > +		buf_p = rte_pktmbuf_append(obuf, buf_len + pad_len);
> >  		if (!buf_p) {
> >  			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> "line %u "
> >  				"FAILED: %s", __LINE__,
> > @@ -359,6 +398,26 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  			cipher_xform->next = NULL;
> >  			init_xform = auth_xform;
> >  		}
> > +	} else if (t->op_mask == BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC) {
> > +		if (t->feature_mask &
> > BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
> > +			auth_xform = op->sym->xform;
> > +			cipher_xform = auth_xform->next;
> > +			cipher_xform->next = NULL;
> > +		} else {
> > +			auth_xform->next = cipher_xform;
> > +			cipher_xform->next = NULL;
> > +			init_xform = auth_xform;
> > +		}
> > +	} else if (t->op_mask == BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY)
> {
> > +		if (t->feature_mask &
> > BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
> > +			cipher_xform = op->sym->xform;
> > +			auth_xform = cipher_xform->next;
> > +			auth_xform->next = NULL;
> > +		} else {
> > +			cipher_xform->next = auth_xform;
> > +			auth_xform->next = NULL;
> > +			init_xform = cipher_xform;
> > +		}
> >  	} else if ((t->op_mask == BLOCKCIPHER_TEST_OP_ENCRYPT) ||
> >  			(t->op_mask == BLOCKCIPHER_TEST_OP_DECRYPT)) {
> >  		if (t->feature_mask &
> > BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)
> > @@ -403,6 +462,10 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  		sym_op->cipher.data.offset = tdata->cipher_offset;
> >  		sym_op->cipher.data.length = tdata->ciphertext.len -
> >  				tdata->cipher_offset;
> > +		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER) {
> > +			sym_op->cipher.data.length += tdata->digest.len;
> > +			sym_op->cipher.data.length += pad_len;
> > +		}
> >  		rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *,
> IV_OFFSET),
> >  				tdata->iv.data,
> >  				tdata->iv.len);
> > @@ -540,6 +603,8 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  					tdata->cipher_offset;
> >  			compare_len = tdata->ciphertext.len -
> >  					tdata->cipher_offset;
> > +			if (t->op_mask &
> BLOCKCIPHER_TEST_OP_SSL_ORDER)
> > +				compare_len += tdata->digest.len;
> >  		} else {
> >  			compare_ref = tdata->plaintext.data +
> >  					tdata->cipher_offset;
> > @@ -558,18 +623,20 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  		}
> >  	}
> >
> > -	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> > -		uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> > -					tdata->ciphertext.len);
> > +	/* Check digest data only in enc-then-auth_gen case */
> > +	if (!(t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER))
> > +		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> > +			uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> > +						tdata->ciphertext.len);
> >
> > -		if (memcmp(auth_res, tdata->digest.data, digest_len)) {
> > -			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> "line
> > %u "
> > -				"FAILED: %s", __LINE__, "Generated "
> > -				"digest data not as expected");
> > -			status = TEST_FAILED;
> > -			goto error_exit;
> > +			if (memcmp(auth_res, tdata->digest.data,
> digest_len)) {
> > +				snprintf(test_msg,
> > BLOCKCIPHER_TEST_MSG_LEN, "line %u "
> > +					"FAILED: %s", __LINE__, "Generated "
> > +					"digest data not as expected");
> > +				status = TEST_FAILED;
> > +				goto error_exit;
> > +			}
> >  		}
> > -	}
> >
> >  	/* The only parts that should have changed in the buffer are
> >  	 * plaintext/ciphertext and digest.
> > @@ -631,6 +698,10 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  			changed_len = sym_op->cipher.data.length;
> >  		}
> >
> > +		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
> > +			changed_len = sym_op->cipher.data.length +
> > +				digest_len + pad_len;
> > +
> >  		for (i = 0; i < mbuf->buf_len; i++) {
> >  			if (i == head_unchanged_len)
> >  				i += changed_len;
> > @@ -687,6 +758,9 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
> >  			changed_len += digest_len;
> >
> > +		if (t->op_mask & BLOCKCIPHER_TEST_OP_SSL_ORDER)
> > +			changed_len = sym_op->cipher.data.length;
> > +
> >  		for (i = 0; i < mbuf->buf_len; i++) {
> >
> >  			/* Skip headroom used by PMD */
> > diff --git a/app/test/test_cryptodev_blockcipher.h
> > b/app/test/test_cryptodev_blockcipher.h
> > index 8990716844..c72cfe5342 100644
> > --- a/app/test/test_cryptodev_blockcipher.h
> > +++ b/app/test/test_cryptodev_blockcipher.h
> > @@ -13,6 +13,7 @@
> >  #define BLOCKCIPHER_TEST_OP_DECRYPT		0x02
> >  #define BLOCKCIPHER_TEST_OP_AUTH_GEN	0x04
> >  #define BLOCKCIPHER_TEST_OP_AUTH_VERIFY	0x08
> > +#define BLOCKCIPHER_TEST_OP_SSL_ORDER	0x10
> >
> >  #define BLOCKCIPHER_TEST_FEATURE_OOP			0x01
> >  #define BLOCKCIPHER_TEST_FEATURE_SESSIONLESS	0x02
> > @@ -31,6 +32,14 @@
> >  #define BLOCKCIPHER_TEST_OP_AUTH_VERIFY_DEC
> > 	(BLOCKCIPHER_TEST_OP_DECRYPT | \
> >
> > 	BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
> >
> > +#define BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC
> > 	(BLOCKCIPHER_TEST_OP_ENCRYPT | \
> > +					BLOCKCIPHER_TEST_OP_AUTH_GEN |
> > \
> > +					BLOCKCIPHER_TEST_OP_SSL_ORDER)
> > +
> > +#define BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY
> > 	(BLOCKCIPHER_TEST_OP_DECRYPT | \
> > +
> 	BLOCKCIPHER_TEST_OP_AUTH_VERIFY
> > | \
> > +					BLOCKCIPHER_TEST_OP_SSL_ORDER)
> > +
> >  enum blockcipher_test_type {
> >  	BLKCIPHER_AES_CHAIN_TYPE,	/* use aes_chain_test_cases[] */
> >  	BLKCIPHER_AES_CIPHERONLY_TYPE,	/* use
> > aes_cipheronly_test_cases[] */
> > diff --git a/doc/guides/rel_notes/release_21_02.rst
> > b/doc/guides/rel_notes/release_21_02.rst
> > index d1d4b25665..eb2d4ab2d9 100644
> > --- a/doc/guides/rel_notes/release_21_02.rst
> > +++ b/doc/guides/rel_notes/release_21_02.rst
> > @@ -61,6 +61,12 @@ New Features
> >      followed by encryption and decryption followed by auth verify in
> > OCTEONT TX
> >      and OCTEON TX2 crypto PMDs.
> >
> > +* **Updated unit test sample application.**
> > +
> > +  * Added SSL/TLS way of cipher-auth operations support i.e. auth
> generation
> > +    followed by encryption and decryption followed by auth verify in
> sample
> > +    unit test application.
> > +
> >
> >  Removed Items
> >  -------------
> > --
> > 2.27.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations
  2021-01-21  7:26 ` Tejasree Kondoj
@ 2021-01-25 16:56   ` Akhil Goyal
  2021-01-27 12:00     ` Tejasree Kondoj
  0 siblings, 1 reply; 14+ messages in thread
From: Akhil Goyal @ 2021-01-25 16:56 UTC (permalink / raw)
  To: Tejasree Kondoj, Radu Nicolau
  Cc: Anoob Joseph, Ankur Dwivedi, dev, Zhang, Roy Fan, Trahe, Fiona

Hi Tejasree,

Sorry I missed this mail earlier. I believe it is same as Digest encrypted case.

> -----Original Message-----
> From: Tejasree Kondoj <ktejasree@marvell.com>
> Sent: Thursday, January 21, 2021 12:57 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Akhil Goyal
> <akhil.goyal@nxp.com>; Radu Nicolau <radu.nicolau@intel.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; dev@dpdk.org; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [PATCH 0/2] support SSL/TLS way of cipher-auth operations
> 
> Hi Akhil,
> 
> I'm planning to add device feature flag(RTE_CRYPTODEV_FF_SSL_ORDER)
> along with SSL test cases movement to chain array in v2. Would that be fine?
> Feature flag is needed to skip SSL test cases if device doesn't support them.
> 
> Thanks
> Tejasree
> 
> > -----Original Message-----
> > From: Tejasree Kondoj <ktejasree@marvell.com>
> > Sent: Friday, December 18, 2020 7:40 PM
> > To: Akhil Goyal <akhil.goyal@nxp.com>; Radu Nicolau
> > <radu.nicolau@intel.com>
> > Cc: Tejasree Kondoj <ktejasree@marvell.com>; Anoob Joseph
> > <anoobj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> > dev@dpdk.org
> > Subject: [PATCH 0/2] support SSL/TLS way of cipher-auth operations
> >
> > This series adds SSL/TLS way of cipher-auth operations support i.e. auth
> > generation followed by encryption and decryption followed by auth verify in
> > OCTEON TX, OCTEON TX2 PMDs and sample unit test application.
> >
> > Tejasree Kondoj (2):
> >   common/cpt: support SSL/TLS way of cipher-auth operations
> >   test/crypto: support SSL/TLS way of cipher-auth operations
> >
> >  app/test/test_cryptodev_aes_test_vectors.h    | 576 ++++++++++++++++++
> >  app/test/test_cryptodev_blockcipher.c         |  98 ++-
> >  app/test/test_cryptodev_blockcipher.h         |   9 +
> >  doc/guides/rel_notes/release_21_02.rst        |  12 +
> >  drivers/common/cpt/cpt_mcode_defines.h        |   7 +-
> >  drivers/common/cpt/cpt_ucode.h                |  42 +-
> >  drivers/crypto/octeontx/otx_cryptodev_ops.c   |   8 +-
> >  drivers/crypto/octeontx2/otx2_cryptodev_ops.c |   8 +-
> >  8 files changed, 736 insertions(+), 24 deletions(-)
> >
> > --
> > 2.27.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations
  2021-01-25 16:56   ` Akhil Goyal
@ 2021-01-27 12:00     ` Tejasree Kondoj
  0 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2021-01-27 12:00 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau
  Cc: Anoob Joseph, Ankur Dwivedi, dev, Zhang, Roy Fan, Trahe, Fiona

Hi Akhil,

Okay. Will use FF_DIGEST_ENCRYPTED flag instead of FF_SSL_ORDER.

Thanks
Tejasree

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Monday, January 25, 2021 10:27 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; dev@dpdk.org; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: [EXT] RE: [PATCH 0/2] support SSL/TLS way of cipher-auth operations
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Tejasree,
> 
> Sorry I missed this mail earlier. I believe it is same as Digest encrypted case.
> 
> > -----Original Message-----
> > From: Tejasree Kondoj <ktejasree@marvell.com>
> > Sent: Thursday, January 21, 2021 12:57 PM
> > To: Tejasree Kondoj <ktejasree@marvell.com>; Akhil Goyal
> > <akhil.goyal@nxp.com>; Radu Nicolau <radu.nicolau@intel.com>
> > Cc: Anoob Joseph <anoobj@marvell.com>; Ankur Dwivedi
> > <adwivedi@marvell.com>; dev@dpdk.org; Zhang, Roy Fan
> > <roy.fan.zhang@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> > Subject: RE: [PATCH 0/2] support SSL/TLS way of cipher-auth operations
> >
> > Hi Akhil,
> >
> > I'm planning to add device feature flag(RTE_CRYPTODEV_FF_SSL_ORDER)
> > along with SSL test cases movement to chain array in v2. Would that be
> fine?
> > Feature flag is needed to skip SSL test cases if device doesn't support them.
> >
> > Thanks
> > Tejasree
> >
> > > -----Original Message-----
> > > From: Tejasree Kondoj <ktejasree@marvell.com>
> > > Sent: Friday, December 18, 2020 7:40 PM
> > > To: Akhil Goyal <akhil.goyal@nxp.com>; Radu Nicolau
> > > <radu.nicolau@intel.com>
> > > Cc: Tejasree Kondoj <ktejasree@marvell.com>; Anoob Joseph
> > > <anoobj@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> > > dev@dpdk.org
> > > Subject: [PATCH 0/2] support SSL/TLS way of cipher-auth operations
> > >
> > > This series adds SSL/TLS way of cipher-auth operations support i.e.
> > > auth generation followed by encryption and decryption followed by
> > > auth verify in OCTEON TX, OCTEON TX2 PMDs and sample unit test
> application.
> > >
> > > Tejasree Kondoj (2):
> > >   common/cpt: support SSL/TLS way of cipher-auth operations
> > >   test/crypto: support SSL/TLS way of cipher-auth operations
> > >
> > >  app/test/test_cryptodev_aes_test_vectors.h    | 576
> ++++++++++++++++++
> > >  app/test/test_cryptodev_blockcipher.c         |  98 ++-
> > >  app/test/test_cryptodev_blockcipher.h         |   9 +
> > >  doc/guides/rel_notes/release_21_02.rst        |  12 +
> > >  drivers/common/cpt/cpt_mcode_defines.h        |   7 +-
> > >  drivers/common/cpt/cpt_ucode.h                |  42 +-
> > >  drivers/crypto/octeontx/otx_cryptodev_ops.c   |   8 +-
> > >  drivers/crypto/octeontx2/otx2_cryptodev_ops.c |   8 +-
> > >  8 files changed, 736 insertions(+), 24 deletions(-)
> > >
> > > --
> > > 2.27.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2021-01-27 12:00 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-18 14:10 [dpdk-dev] [PATCH 0/2] support SSL/TLS way of cipher-auth operations Tejasree Kondoj
2020-12-18 14:10 ` [dpdk-dev] [PATCH 1/2] common/cpt: " Tejasree Kondoj
2020-12-18 14:10 ` [dpdk-dev] [PATCH 2/2] test/crypto: " Tejasree Kondoj
2021-01-19 17:00   ` Akhil Goyal
2021-01-19 18:02     ` Doherty, Declan
2021-01-20 12:51     ` Zhang, Roy Fan
2021-01-20 14:34     ` Zhang, Roy Fan
2021-01-20 14:40       ` Tejasree Kondoj
2021-01-21  9:26   ` Kusztal, ArkadiuszX
2021-01-21 10:02     ` Tejasree Kondoj
2021-01-15  5:31 ` [dpdk-dev] [PATCH 0/2] " Anoob Joseph
2021-01-21  7:26 ` Tejasree Kondoj
2021-01-25 16:56   ` Akhil Goyal
2021-01-27 12:00     ` Tejasree Kondoj

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git