DPDK patches and discussions
 help / color / mirror / Atom feed
From: Ciara Power <ciara.power@intel.com>
To: dev@dpdk.org
Cc: kai.ji@intel.com, Pablo de Lara <pablo.de.lara.guarch@intel.com>,
	Ciara Power <ciara.power@intel.com>
Subject: [PATCH 5/8] crypto/ipsec_mb: store template job
Date: Fri, 21 Apr 2023 13:12:17 +0000	[thread overview]
Message-ID: <20230421131221.1732314-6-ciara.power@intel.com> (raw)
In-Reply-To: <20230421131221.1732314-1-ciara.power@intel.com>

From: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Store template IMB_JOB in session that
will have filled all session-related fields.
These fields include cipher direction, chain order, cipher mode,
hash algorithm, key length, IV lengths, AAD length, digest length,
and key pointers.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 403 ++++++++------------
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |  20 +-
 2 files changed, 159 insertions(+), 264 deletions(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 3ebbade8ca..8ccdd2ad2e 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -76,7 +76,7 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 	uint32_t auth_precompute = 1;
 
 	if (xform == NULL) {
-		sess->auth.algo = IMB_AUTH_NULL;
+		sess->template_job.hash_alg = IMB_AUTH_NULL;
 		return 0;
 	}
 
@@ -87,7 +87,6 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 
 	/* Set IV parameters */
 	sess->auth_iv.offset = xform->auth.iv.offset;
-	sess->auth_iv.length = xform->auth.iv.length;
 
 	/* Set the request digest size */
 	sess->auth.req_digest_len = xform->auth.digest_length;
@@ -97,13 +96,13 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 
 	/* Set Authentication Parameters */
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_NULL) {
-		sess->auth.algo = IMB_AUTH_NULL;
-		sess->auth.gen_digest_len = 0;
+		sess->template_job.hash_alg = IMB_AUTH_NULL;
+		sess->template_job.auth_tag_output_len_in_bytes = 0;
 		return 0;
 	}
 
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
-		sess->auth.algo = IMB_AUTH_AES_XCBC;
+		sess->template_job.hash_alg = IMB_AUTH_AES_XCBC;
 
 		uint16_t xcbc_mac_digest_len =
 			get_truncated_digest_byte_length(IMB_AUTH_AES_XCBC);
@@ -111,18 +110,21 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
 		}
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		IMB_AES_XCBC_KEYEXP(mb_mgr, xform->auth.key.data,
 				sess->auth.xcbc.k1_expanded,
 				sess->auth.xcbc.k2, sess->auth.xcbc.k3);
+		sess->template_job.u.XCBC._k1_expanded = sess->auth.xcbc.k1_expanded;
+		sess->template_job.u.XCBC._k2 = sess->auth.xcbc.k2;
+		sess->template_job.u.XCBC._k3 = sess->auth.xcbc.k3;
 		return 0;
 	}
 
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_CMAC) {
 		uint32_t dust[4*15];
 
-		sess->auth.algo = IMB_AUTH_AES_CMAC;
+		sess->template_job.hash_alg = IMB_AUTH_AES_CMAC;
 
 		uint16_t cmac_digest_len =
 				get_digest_byte_length(IMB_AUTH_AES_CMAC);
@@ -140,70 +142,74 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		 * the requested number of bytes.
 		 */
 		if (sess->auth.req_digest_len < 4)
-			sess->auth.gen_digest_len = cmac_digest_len;
+			sess->template_job.auth_tag_output_len_in_bytes = cmac_digest_len;
 		else
-			sess->auth.gen_digest_len = sess->auth.req_digest_len;
+			sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		IMB_AES_KEYEXP_128(mb_mgr, xform->auth.key.data,
 				sess->auth.cmac.expkey, dust);
 		IMB_AES_CMAC_SUBKEY_GEN_128(mb_mgr, sess->auth.cmac.expkey,
 				sess->auth.cmac.skey1, sess->auth.cmac.skey2);
+		sess->template_job.u.CMAC._key_expanded = sess->auth.cmac.expkey;
+		sess->template_job.u.CMAC._skey1 = sess->auth.cmac.skey1;
+		sess->template_job.u.CMAC._skey2 = sess->auth.cmac.skey2;
 		return 0;
 	}
 
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
 		if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) {
-			sess->cipher.direction = IMB_DIR_ENCRYPT;
-			sess->chain_order = IMB_ORDER_CIPHER_HASH;
+			sess->template_job.cipher_direction = IMB_DIR_ENCRYPT;
+			sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		} else
-			sess->cipher.direction = IMB_DIR_DECRYPT;
+			sess->template_job.cipher_direction = IMB_DIR_DECRYPT;
 
 		if (sess->auth.req_digest_len >
 			get_digest_byte_length(IMB_AUTH_AES_GMAC)) {
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
 		}
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
-		sess->iv.length = xform->auth.iv.length;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
+		sess->template_job.u.GMAC.iv_len_in_bytes = xform->auth.iv.length;
 		sess->iv.offset = xform->auth.iv.offset;
 
 		switch (xform->auth.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->auth.algo = IMB_AUTH_AES_GMAC_128;
+			sess->template_job.hash_alg = IMB_AUTH_AES_GMAC_128;
 			IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			break;
 		case IMB_KEY_192_BYTES:
-			sess->auth.algo = IMB_AUTH_AES_GMAC_192;
+			sess->template_job.hash_alg = IMB_AUTH_AES_GMAC_192;
 			IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
-			sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_192_BYTES;
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->auth.algo = IMB_AUTH_AES_GMAC_256;
+			sess->template_job.hash_alg = IMB_AUTH_AES_GMAC_256;
 			IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			break;
 		default:
 			IPSEC_MB_LOG(ERR, "Invalid authentication key length\n");
 			return -EINVAL;
 		}
+		sess->template_job.u.GMAC._key = &sess->cipher.gcm_key;
 
 		return 0;
 	}
 
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 		if (xform->auth.key.length == 16) {
-			sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
+			sess->template_job.hash_alg = IMB_AUTH_ZUC_EIA3_BITLEN;
 
 			if (sess->auth.req_digest_len != 4) {
 				IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 				return -EINVAL;
 			}
 		} else if (xform->auth.key.length == 32) {
-			sess->auth.algo = IMB_AUTH_ZUC256_EIA3_BITLEN;
+			sess->template_job.hash_alg = IMB_AUTH_ZUC256_EIA3_BITLEN;
 #if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 			if (sess->auth.req_digest_len != 4 &&
 					sess->auth.req_digest_len != 8 &&
@@ -219,13 +225,14 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		memcpy(sess->auth.zuc_auth_key, xform->auth.key.data,
 			xform->auth.key.length);
+		sess->template_job.u.ZUC_EIA3._key = sess->auth.zuc_auth_key;
 		return 0;
 	} else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
-		sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN;
+		sess->template_job.hash_alg = IMB_AUTH_SNOW3G_UIA2_BITLEN;
 		uint16_t snow3g_uia2_digest_len =
 			get_truncated_digest_byte_length(
 						IMB_AUTH_SNOW3G_UIA2_BITLEN);
@@ -233,33 +240,37 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
 		}
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data,
 					&sess->auth.pKeySched_snow3g_auth);
+		sess->template_job.u.SNOW3G_UIA2._key = (void *)
+			&sess->auth.pKeySched_snow3g_auth;
 		return 0;
 	} else if (xform->auth.algo == RTE_CRYPTO_AUTH_KASUMI_F9) {
-		sess->auth.algo = IMB_AUTH_KASUMI_UIA1;
+		sess->template_job.hash_alg = IMB_AUTH_KASUMI_UIA1;
 		uint16_t kasumi_f9_digest_len =
 			get_truncated_digest_byte_length(IMB_AUTH_KASUMI_UIA1);
 		if (sess->auth.req_digest_len != kasumi_f9_digest_len) {
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
 		}
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		IMB_KASUMI_INIT_F9_KEY_SCHED(mb_mgr, xform->auth.key.data,
 					&sess->auth.pKeySched_kasumi_auth);
+		sess->template_job.u.KASUMI_UIA1._key = (void *)
+			&sess->auth.pKeySched_kasumi_auth;
 		return 0;
 	}
 
 	switch (xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
-		sess->auth.algo = IMB_AUTH_MD5;
+		sess->template_job.hash_alg = IMB_AUTH_MD5;
 		hash_oneblock_fn = mb_mgr->md5_one_block;
 		break;
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_1;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1;
 		hash_oneblock_fn = mb_mgr->sha1_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_1)) {
@@ -271,11 +282,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA1:
-		sess->auth.algo = IMB_AUTH_SHA_1;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_1;
 		auth_precompute = 0;
 		break;
 	case RTE_CRYPTO_AUTH_SHA224_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_224;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
 		hash_oneblock_fn = mb_mgr->sha224_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_224)) {
@@ -287,11 +298,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA224:
-		sess->auth.algo = IMB_AUTH_SHA_224;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_224;
 		auth_precompute = 0;
 		break;
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_256;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
 		hash_oneblock_fn = mb_mgr->sha256_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_256)) {
@@ -303,11 +314,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA256:
-		sess->auth.algo = IMB_AUTH_SHA_256;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_256;
 		auth_precompute = 0;
 		break;
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_384;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384;
 		hash_oneblock_fn = mb_mgr->sha384_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_384)) {
@@ -319,11 +330,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA384:
-		sess->auth.algo = IMB_AUTH_SHA_384;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_384;
 		auth_precompute = 0;
 		break;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_512;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512;
 		hash_oneblock_fn = mb_mgr->sha512_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_512)) {
@@ -335,7 +346,7 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA512:
-		sess->auth.algo = IMB_AUTH_SHA_512;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_512;
 		auth_precompute = 0;
 		break;
 	default:
@@ -344,9 +355,9 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		return -ENOTSUP;
 	}
 	uint16_t trunc_digest_size =
-			get_truncated_digest_byte_length(sess->auth.algo);
+			get_truncated_digest_byte_length(sess->template_job.hash_alg);
 	uint16_t full_digest_size =
-			get_digest_byte_length(sess->auth.algo);
+			get_digest_byte_length(sess->template_job.hash_alg);
 
 	if (sess->auth.req_digest_len > full_digest_size ||
 			sess->auth.req_digest_len == 0) {
@@ -356,9 +367,9 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 
 	if (sess->auth.req_digest_len != trunc_digest_size &&
 			sess->auth.req_digest_len != full_digest_size)
-		sess->auth.gen_digest_len = full_digest_size;
+		sess->template_job.auth_tag_output_len_in_bytes = full_digest_size;
 	else
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 	/* Plain SHA does not require precompute key */
 	if (auth_precompute == 0)
@@ -370,14 +381,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 			sess->auth.pads.inner, sess->auth.pads.outer,
 			hashed_key,
 			xform->auth.key.length,
-			get_auth_algo_blocksize(sess->auth.algo));
+			get_auth_algo_blocksize(sess->template_job.hash_alg));
 	} else {
 		calculate_auth_precomputes(hash_oneblock_fn,
 			sess->auth.pads.inner, sess->auth.pads.outer,
 			xform->auth.key.data,
 			xform->auth.key.length,
-			get_auth_algo_blocksize(sess->auth.algo));
+			get_auth_algo_blocksize(sess->template_job.hash_alg));
 	}
+	sess->template_job.u.HMAC._hashed_auth_key_xor_ipad =
+		sess->auth.pads.inner;
+	sess->template_job.u.HMAC._hashed_auth_key_xor_opad =
+		sess->auth.pads.outer;
 
 	return 0;
 }
@@ -396,7 +411,7 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	uint8_t is_kasumi = 0;
 
 	if (xform == NULL) {
-		sess->cipher.mode = IMB_CIPHER_NULL;
+		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
 		return 0;
 	}
 
@@ -408,10 +423,10 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	/* Select cipher direction */
 	switch (xform->cipher.op) {
 	case RTE_CRYPTO_CIPHER_OP_ENCRYPT:
-		sess->cipher.direction = IMB_DIR_ENCRYPT;
+		sess->template_job.cipher_direction = IMB_DIR_ENCRYPT;
 		break;
 	case RTE_CRYPTO_CIPHER_OP_DECRYPT:
-		sess->cipher.direction = IMB_DIR_DECRYPT;
+		sess->template_job.cipher_direction = IMB_DIR_DECRYPT;
 		break;
 	default:
 		IPSEC_MB_LOG(ERR, "Invalid cipher operation parameter");
@@ -421,48 +436,48 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	/* Select cipher mode */
 	switch (xform->cipher.algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
-		sess->cipher.mode = IMB_CIPHER_CBC;
+		sess->template_job.cipher_mode = IMB_CIPHER_CBC;
 		is_aes = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
-		sess->cipher.mode = IMB_CIPHER_CNTR;
+		sess->template_job.cipher_mode = IMB_CIPHER_CNTR;
 		is_aes = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_DOCSISBPI:
-		sess->cipher.mode = IMB_CIPHER_DOCSIS_SEC_BPI;
+		sess->template_job.cipher_mode = IMB_CIPHER_DOCSIS_SEC_BPI;
 		is_docsis = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_DES_CBC:
-		sess->cipher.mode = IMB_CIPHER_DES;
+		sess->template_job.cipher_mode = IMB_CIPHER_DES;
 		break;
 	case RTE_CRYPTO_CIPHER_DES_DOCSISBPI:
-		sess->cipher.mode = IMB_CIPHER_DOCSIS_DES;
+		sess->template_job.cipher_mode = IMB_CIPHER_DOCSIS_DES;
 		break;
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
-		sess->cipher.mode = IMB_CIPHER_DES3;
+		sess->template_job.cipher_mode = IMB_CIPHER_DES3;
 		is_3DES = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_ECB:
-		sess->cipher.mode = IMB_CIPHER_ECB;
+		sess->template_job.cipher_mode = IMB_CIPHER_ECB;
 		is_aes = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_ZUC_EEA3:
-		sess->cipher.mode = IMB_CIPHER_ZUC_EEA3;
+		sess->template_job.cipher_mode = IMB_CIPHER_ZUC_EEA3;
 		is_zuc = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
-		sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
+		sess->template_job.cipher_mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
 		is_snow3g = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_KASUMI_F8:
-		sess->cipher.mode = IMB_CIPHER_KASUMI_UEA1_BITLEN;
+		sess->template_job.cipher_mode = IMB_CIPHER_KASUMI_UEA1_BITLEN;
 		is_kasumi = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_NULL:
-		sess->cipher.mode = IMB_CIPHER_NULL;
-		sess->cipher.key_length_in_bytes = 0;
+		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
+		sess->template_job.key_len_in_bytes = 0;
 		sess->iv.offset = xform->cipher.iv.offset;
-		sess->iv.length = xform->cipher.iv.length;
+		sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
 		return 0;
 	default:
 		IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
@@ -471,25 +486,25 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 
 	/* Set IV parameters */
 	sess->iv.offset = xform->cipher.iv.offset;
-	sess->iv.length = xform->cipher.iv.length;
+	sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
 
 	/* Check key length and choose key expansion function for AES */
 	if (is_aes) {
 		switch (xform->cipher.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			IMB_AES_KEYEXP_128(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
 			break;
 		case IMB_KEY_192_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_192_BYTES;
 			IMB_AES_KEYEXP_192(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
@@ -498,16 +513,19 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
+
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 	} else if (is_docsis) {
 		switch (xform->cipher.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			IMB_AES_KEYEXP_128(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
@@ -516,6 +534,8 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 	} else if (is_3DES) {
 		uint64_t *keys[3] = {sess->cipher.exp_3des_keys.key[0],
 				sess->cipher.exp_3des_keys.key[1],
@@ -559,38 +579,46 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
-		sess->cipher.key_length_in_bytes = 24;
+		sess->template_job.enc_keys = sess->cipher.exp_3des_keys.ks_ptr;
+		sess->template_job.dec_keys = sess->cipher.exp_3des_keys.ks_ptr;
+		sess->template_job.key_len_in_bytes = 24;
 	} else if (is_zuc) {
 		if (xform->cipher.key.length != 16 &&
 				xform->cipher.key.length != 32) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = xform->cipher.key.length;
+		sess->template_job.key_len_in_bytes = xform->cipher.key.length;
 		memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
 			xform->cipher.key.length);
+		sess->template_job.enc_keys = sess->cipher.zuc_cipher_key;
+		sess->template_job.dec_keys = sess->cipher.zuc_cipher_key;
 	} else if (is_snow3g) {
 		if (xform->cipher.key.length != 16) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = 16;
+		sess->template_job.key_len_in_bytes = 16;
 		IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data,
 					&sess->cipher.pKeySched_snow3g_cipher);
+		sess->template_job.enc_keys = &sess->cipher.pKeySched_snow3g_cipher;
+		sess->template_job.dec_keys = &sess->cipher.pKeySched_snow3g_cipher;
 	} else if (is_kasumi) {
 		if (xform->cipher.key.length != 16) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = 16;
+		sess->template_job.key_len_in_bytes = 16;
 		IMB_KASUMI_INIT_F8_KEY_SCHED(mb_mgr, xform->cipher.key.data,
 					&sess->cipher.pKeySched_kasumi_cipher);
+		sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
+		sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
 	} else {
 		if (xform->cipher.key.length != 8) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = 8;
+		sess->template_job.key_len_in_bytes = 8;
 
 		IMB_DES_KEYSCHED(mb_mgr,
 			(uint64_t *)sess->cipher.expanded_aes_keys.encode,
@@ -598,6 +626,8 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 		IMB_DES_KEYSCHED(mb_mgr,
 			(uint64_t *)sess->cipher.expanded_aes_keys.decode,
 				xform->cipher.key.data);
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 	}
 
 	return 0;
@@ -610,11 +640,11 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 {
 	switch (xform->aead.op) {
 	case RTE_CRYPTO_AEAD_OP_ENCRYPT:
-		sess->cipher.direction = IMB_DIR_ENCRYPT;
+		sess->template_job.cipher_direction = IMB_DIR_ENCRYPT;
 		sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
 		break;
 	case RTE_CRYPTO_AEAD_OP_DECRYPT:
-		sess->cipher.direction = IMB_DIR_DECRYPT;
+		sess->template_job.cipher_direction = IMB_DIR_DECRYPT;
 		sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
 		break;
 	default:
@@ -624,27 +654,28 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 
 	/* Set IV parameters */
 	sess->iv.offset = xform->aead.iv.offset;
-	sess->iv.length = xform->aead.iv.length;
+	sess->template_job.iv_len_in_bytes = xform->aead.iv.length;
 
 	/* Set digest sizes */
 	sess->auth.req_digest_len = xform->aead.digest_length;
-	sess->auth.gen_digest_len = sess->auth.req_digest_len;
+	sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 	switch (xform->aead.algo) {
 	case RTE_CRYPTO_AEAD_AES_CCM:
-		sess->cipher.mode = IMB_CIPHER_CCM;
-		sess->auth.algo = IMB_AUTH_AES_CCM;
+		sess->template_job.cipher_mode = IMB_CIPHER_CCM;
+		sess->template_job.hash_alg = IMB_AUTH_AES_CCM;
+		sess->template_job.u.CCM.aad_len_in_bytes = xform->aead.aad_length;
 
 		/* Check key length and choose key expansion function for AES */
 		switch (xform->aead.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			IMB_AES_KEYEXP_128(mb_mgr, xform->aead.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			IMB_AES_KEYEXP_256(mb_mgr, xform->aead.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
@@ -654,6 +685,8 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 		/* CCM digests must be between 4 and 16 and an even number */
 		if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN ||
 			sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN ||
@@ -664,22 +697,23 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 		break;
 
 	case RTE_CRYPTO_AEAD_AES_GCM:
-		sess->cipher.mode = IMB_CIPHER_GCM;
-		sess->auth.algo = IMB_AUTH_AES_GMAC;
+		sess->template_job.cipher_mode = IMB_CIPHER_GCM;
+		sess->template_job.hash_alg = IMB_AUTH_AES_GMAC;
+		sess->template_job.u.GCM.aad_len_in_bytes = xform->aead.aad_length;
 
 		switch (xform->aead.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			IMB_AES128_GCM_PRE(mb_mgr, xform->aead.key.data,
 				&sess->cipher.gcm_key);
 			break;
 		case IMB_KEY_192_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_192_BYTES;
 			IMB_AES192_GCM_PRE(mb_mgr, xform->aead.key.data,
 				&sess->cipher.gcm_key);
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			IMB_AES256_GCM_PRE(mb_mgr, xform->aead.key.data,
 				&sess->cipher.gcm_key);
 			break;
@@ -688,6 +722,8 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		sess->template_job.enc_keys = &sess->cipher.gcm_key;
+		sess->template_job.dec_keys = &sess->cipher.gcm_key;
 		/* GCM digest size must be between 1 and 16 */
 		if (sess->auth.req_digest_len == 0 ||
 				sess->auth.req_digest_len > 16) {
@@ -697,16 +733,20 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 		break;
 
 	case RTE_CRYPTO_AEAD_CHACHA20_POLY1305:
-		sess->cipher.mode = IMB_CIPHER_CHACHA20_POLY1305;
-		sess->auth.algo = IMB_AUTH_CHACHA20_POLY1305;
+		sess->template_job.cipher_mode = IMB_CIPHER_CHACHA20_POLY1305;
+		sess->template_job.hash_alg = IMB_AUTH_CHACHA20_POLY1305;
+		sess->template_job.u.CHACHA20_POLY1305.aad_len_in_bytes =
+			xform->aead.aad_length;
 
 		if (xform->aead.key.length != 32) {
 			IPSEC_MB_LOG(ERR, "Invalid key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = 32;
+		sess->template_job.key_len_in_bytes = 32;
 		memcpy(sess->cipher.expanded_aes_keys.encode,
 			xform->aead.key.data, 32);
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 		if (sess->auth.req_digest_len != 16) {
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
@@ -741,16 +781,16 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
 	/* Select Crypto operation - hash then cipher / cipher then hash */
 	switch (mode) {
 	case IPSEC_MB_OP_HASH_VERIFY_THEN_DECRYPT:
-		sess->chain_order = IMB_ORDER_HASH_CIPHER;
+		sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		break;
 	case IPSEC_MB_OP_ENCRYPT_THEN_HASH_GEN:
 	case IPSEC_MB_OP_DECRYPT_THEN_HASH_VERIFY:
-		sess->chain_order = IMB_ORDER_CIPHER_HASH;
+		sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		break;
 	case IPSEC_MB_OP_HASH_GEN_ONLY:
 	case IPSEC_MB_OP_HASH_VERIFY_ONLY:
 	case IPSEC_MB_OP_HASH_GEN_THEN_ENCRYPT:
-		sess->chain_order = IMB_ORDER_HASH_CIPHER;
+		sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		break;
 	/*
 	 * Multi buffer library operates only at two modes,
@@ -760,18 +800,16 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
 	 * the first operation and decryption the last one.
 	 */
 	case IPSEC_MB_OP_ENCRYPT_ONLY:
-		sess->chain_order = IMB_ORDER_CIPHER_HASH;
+		sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		break;
 	case IPSEC_MB_OP_DECRYPT_ONLY:
-		sess->chain_order = IMB_ORDER_HASH_CIPHER;
+		sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		break;
 	case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
-		sess->chain_order = IMB_ORDER_CIPHER_HASH;
-		sess->aead.aad_len = xform->aead.aad_length;
+		sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		break;
 	case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT:
-		sess->chain_order = IMB_ORDER_HASH_CIPHER;
-		sess->aead.aad_len = xform->aead.aad_length;
+		sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		break;
 	case IPSEC_MB_OP_NOT_SUPPORTED:
 	default:
@@ -781,8 +819,7 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
 	}
 
 	/* Default IV length = 0 */
-	sess->iv.length = 0;
-	sess->auth_iv.length = 0;
+	sess->template_job.iv_len_in_bytes = 0;
 
 	ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform);
 	if (ret != 0) {
@@ -864,10 +901,10 @@ aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess,
 
 	/* Select CRC generate/verify */
 	if (xform->direction == RTE_SECURITY_DOCSIS_UPLINK) {
-		sess->auth.algo = IMB_AUTH_DOCSIS_CRC32;
+		sess->template_job.hash_alg = IMB_AUTH_DOCSIS_CRC32;
 		sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
 	} else if (xform->direction == RTE_SECURITY_DOCSIS_DOWNLINK) {
-		sess->auth.algo = IMB_AUTH_DOCSIS_CRC32;
+		sess->template_job.hash_alg = IMB_AUTH_DOCSIS_CRC32;
 		sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
 	} else {
 		IPSEC_MB_LOG(ERR, "Unsupported DOCSIS direction");
@@ -875,7 +912,7 @@ aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess,
 	}
 
 	sess->auth.req_digest_len = RTE_ETHER_CRC_LEN;
-	sess->auth.gen_digest_len = RTE_ETHER_CRC_LEN;
+	sess->template_job.auth_tag_output_len_in_bytes = RTE_ETHER_CRC_LEN;
 
 	return 0;
 }
@@ -907,12 +944,12 @@ aesni_mb_set_docsis_sec_session_parameters(
 
 	switch (conf->docsis.direction) {
 	case RTE_SECURITY_DOCSIS_UPLINK:
-		ipsec_sess->chain_order = IMB_ORDER_CIPHER_HASH;
+		ipsec_sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		docsis_xform = &conf->docsis;
 		cipher_xform = conf->crypto_xform;
 		break;
 	case RTE_SECURITY_DOCSIS_DOWNLINK:
-		ipsec_sess->chain_order = IMB_ORDER_HASH_CIPHER;
+		ipsec_sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		cipher_xform = conf->crypto_xform;
 		docsis_xform = &conf->docsis;
 		break;
@@ -923,7 +960,7 @@ aesni_mb_set_docsis_sec_session_parameters(
 	}
 
 	/* Default IV length = 0 */
-	ipsec_sess->iv.length = 0;
+	ipsec_sess->template_job.iv_len_in_bytes = 0;
 
 	ret = aesni_mb_set_docsis_sec_session_auth_parameters(ipsec_sess,
 			docsis_xform);
@@ -958,7 +995,7 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
 	uint32_t cipher_end, auth_end;
 
 	/* Only cipher then hash needs special calculation. */
-	if (!oop || session->chain_order != IMB_ORDER_CIPHER_HASH || lb_sgl)
+	if (!oop || session->template_job.chain_order != IMB_ORDER_CIPHER_HASH || lb_sgl)
 		return auth_offset;
 
 	m_src = op->sym->m_src;
@@ -1004,80 +1041,35 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 		struct rte_crypto_va_iova_ptr *iv,
 		struct rte_crypto_va_iova_ptr *aad, void *digest, void *udata)
 {
-	/* Set crypto operation */
-	job->chain_order = session->chain_order;
-
-	/* Set cipher parameters */
-	job->cipher_direction = session->cipher.direction;
-	job->cipher_mode = session->cipher.mode;
-
-	job->key_len_in_bytes = session->cipher.key_length_in_bytes;
+	memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	/* Set authentication parameters */
-	job->hash_alg = session->auth.algo;
 	job->iv = iv->va;
 
 	switch (job->hash_alg) {
-	case IMB_AUTH_AES_XCBC:
-		job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
-		job->u.XCBC._k2 = session->auth.xcbc.k2;
-		job->u.XCBC._k3 = session->auth.xcbc.k3;
-
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		break;
-
 	case IMB_AUTH_AES_CCM:
 		job->u.CCM.aad = (uint8_t *)aad->va + 18;
-		job->u.CCM.aad_len_in_bytes = session->aead.aad_len;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
 		job->iv++;
 		break;
 
-	case IMB_AUTH_AES_CMAC:
-		job->u.CMAC._key_expanded = session->auth.cmac.expkey;
-		job->u.CMAC._skey1 = session->auth.cmac.skey1;
-		job->u.CMAC._skey2 = session->auth.cmac.skey2;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		break;
-
 	case IMB_AUTH_AES_GMAC:
 		job->u.GCM.aad = aad->va;
-		job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
-		job->enc_keys = &session->cipher.gcm_key;
-		job->dec_keys = &session->cipher.gcm_key;
 		break;
 
 	case IMB_AUTH_AES_GMAC_128:
 	case IMB_AUTH_AES_GMAC_192:
 	case IMB_AUTH_AES_GMAC_256:
-		job->u.GMAC._key = &session->cipher.gcm_key;
 		job->u.GMAC._iv = iv->va;
-		job->u.GMAC.iv_len_in_bytes = session->iv.length;
 		break;
 
 	case IMB_AUTH_CHACHA20_POLY1305:
 		job->u.CHACHA20_POLY1305.aad = aad->va;
-		job->u.CHACHA20_POLY1305.aad_len_in_bytes =
-			session->aead.aad_len;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.encode;
 		break;
 	default:
 		job->u.HMAC._hashed_auth_key_xor_ipad =
 				session->auth.pads.inner;
 		job->u.HMAC._hashed_auth_key_xor_opad =
 				session->auth.pads.outer;
-
-		if (job->cipher_mode == IMB_CIPHER_DES3) {
-			job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
-			job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
-		} else {
-			job->enc_keys = session->cipher.expanded_aes_keys.encode;
-			job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		}
 	}
 
 	/*
@@ -1087,10 +1079,6 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 
 	/* Set digest location and length */
 	job->auth_tag_output = digest;
-	job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
-
-	/* Set IV parameters */
-	job->iv_len_in_bytes = session->iv.length;
 
 	/* Data Parameters */
 	job->src = buf;
@@ -1235,8 +1223,10 @@ handle_sgl_linear(IMB_JOB *job, struct rte_crypto_op *op, uint32_t dst_offset,
 static inline int
 imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
 {
-	if (alg == IMB_CIPHER_CHACHA20_POLY1305
-			|| alg == IMB_CIPHER_GCM)
+	if (alg == IMB_CIPHER_CHACHA20_POLY1305 ||
+			alg == IMB_CIPHER_CHACHA20_POLY1305_SGL ||
+			alg == IMB_CIPHER_GCM_SGL ||
+			alg == IMB_CIPHER_GCM)
 		return 1;
 	return 0;
 }
@@ -1413,28 +1403,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		return -1;
 	}
 
-	/* Set crypto operation */
-	job->chain_order = session->chain_order;
-
-	/* Set cipher parameters */
-	job->cipher_direction = session->cipher.direction;
-	job->cipher_mode = session->cipher.mode;
-
-	job->key_len_in_bytes = session->cipher.key_length_in_bytes;
+	memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	/* Set authentication parameters */
-	job->hash_alg = session->auth.algo;
-
 	const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
 
-	if (job->cipher_mode == IMB_CIPHER_DES3) {
-		job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
-		job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
-	} else {
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-	}
-
 	if (!op->sym->m_dst) {
 		/* in-place operation */
 		m_dst = m_src;
@@ -1451,89 +1424,49 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 
 	if (m_src->nb_segs > 1 || m_dst->nb_segs > 1) {
 		sgl = 1;
-		if (!imb_lib_support_sgl_algo(session->cipher.mode))
+		if (!imb_lib_support_sgl_algo(job->cipher_mode))
 			lb_sgl = 1;
 	}
 
 	switch (job->hash_alg) {
-	case IMB_AUTH_AES_XCBC:
-		job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
-		job->u.XCBC._k2 = session->auth.xcbc.k2;
-		job->u.XCBC._k3 = session->auth.xcbc.k3;
-
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		break;
-
 	case IMB_AUTH_AES_CCM:
 		job->u.CCM.aad = op->sym->aead.aad.data + 18;
-		job->u.CCM.aad_len_in_bytes = session->aead.aad_len;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		break;
-
-	case IMB_AUTH_AES_CMAC:
-		job->u.CMAC._key_expanded = session->auth.cmac.expkey;
-		job->u.CMAC._skey1 = session->auth.cmac.skey1;
-		job->u.CMAC._skey2 = session->auth.cmac.skey2;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
 		break;
 
 	case IMB_AUTH_AES_GMAC:
 		job->u.GCM.aad = op->sym->aead.aad.data;
-		job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
 		if (sgl) {
 			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_GCM_SGL;
 			job->hash_alg = IMB_AUTH_GCM_SGL;
 		}
-		job->enc_keys = &session->cipher.gcm_key;
-		job->dec_keys = &session->cipher.gcm_key;
 		break;
 	case IMB_AUTH_AES_GMAC_128:
 	case IMB_AUTH_AES_GMAC_192:
 	case IMB_AUTH_AES_GMAC_256:
-		job->u.GMAC._key = &session->cipher.gcm_key;
 		job->u.GMAC._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 						session->auth_iv.offset);
-		job->u.GMAC.iv_len_in_bytes = session->auth_iv.length;
 		break;
 	case IMB_AUTH_ZUC_EIA3_BITLEN:
 	case IMB_AUTH_ZUC256_EIA3_BITLEN:
-		job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
 		job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 						session->auth_iv.offset);
 		break;
 	case IMB_AUTH_SNOW3G_UIA2_BITLEN:
-		job->u.SNOW3G_UIA2._key = (void *)
-			&session->auth.pKeySched_snow3g_auth;
 		job->u.SNOW3G_UIA2._iv =
 			rte_crypto_op_ctod_offset(op, uint8_t *,
 						session->auth_iv.offset);
 		break;
-	case IMB_AUTH_KASUMI_UIA1:
-		job->u.KASUMI_UIA1._key = (void *)
-			&session->auth.pKeySched_kasumi_auth;
-		break;
 	case IMB_AUTH_CHACHA20_POLY1305:
 		job->u.CHACHA20_POLY1305.aad = op->sym->aead.aad.data;
-		job->u.CHACHA20_POLY1305.aad_len_in_bytes =
-			session->aead.aad_len;
 		if (sgl) {
 			job->u.CHACHA20_POLY1305.ctx = &qp_data->chacha_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
 			job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
 		}
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.encode;
 		break;
 	default:
-		job->u.HMAC._hashed_auth_key_xor_ipad =
-			session->auth.pads.inner;
-		job->u.HMAC._hashed_auth_key_xor_opad =
-			session->auth.pads.outer;
-
+		break;
 	}
 
 	if (aead)
@@ -1542,14 +1475,10 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		m_offset = op->sym->cipher.data.offset;
 
 	if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
-		job->enc_keys = session->cipher.zuc_cipher_key;
-		job->dec_keys = session->cipher.zuc_cipher_key;
 		m_offset >>= 3;
 	} else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) {
-		job->enc_keys = &session->cipher.pKeySched_snow3g_cipher;
 		m_offset = 0;
 	} else if (job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) {
-		job->enc_keys = &session->cipher.pKeySched_kasumi_cipher;
 		m_offset = 0;
 	}
 
@@ -1565,7 +1494,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->auth_tag_output = op->sym->auth.digest.data;
 
 		if (session->auth.req_digest_len !=
-				session->auth.gen_digest_len) {
+				job->auth_tag_output_len_in_bytes) {
 			job->auth_tag_output =
 				qp_data->temp_digests[*digest_idx];
 			*digest_idx = (*digest_idx + 1) % IMB_MAX_JOBS;
@@ -1576,12 +1505,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	 * digest length as specified in the relevant IPsec RFCs
 	 */
 
-	/* Set digest length */
-	job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
-
-	/* Set IV parameters */
-	job->iv_len_in_bytes = session->iv.length;
-
 	/* Data Parameters */
 	if (sgl) {
 		job->src = NULL;
@@ -1773,8 +1696,8 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		return -1;
 	}
 	/* Only DOCSIS protocol operations supported now */
-	if (session->cipher.mode != IMB_CIPHER_DOCSIS_SEC_BPI ||
-			session->auth.algo != IMB_AUTH_DOCSIS_CRC32) {
+	if (session->template_job.cipher_mode != IMB_CIPHER_DOCSIS_SEC_BPI ||
+			session->template_job.hash_alg != IMB_AUTH_DOCSIS_CRC32) {
 		op->status = RTE_CRYPTO_OP_STATUS_ERROR;
 		return -1;
 	}
@@ -1791,31 +1714,19 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		return -ENOTSUP;
 	}
 
-	/* Set crypto operation */
-	job->chain_order = session->chain_order;
+	memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	/* Set cipher parameters */
-	job->cipher_direction = session->cipher.direction;
-	job->cipher_mode = session->cipher.mode;
-
-	job->key_len_in_bytes = session->cipher.key_length_in_bytes;
 	job->enc_keys = session->cipher.expanded_aes_keys.encode;
 	job->dec_keys = session->cipher.expanded_aes_keys.decode;
 
 	/* Set IV parameters */
-	job->iv_len_in_bytes = session->iv.length;
 	job->iv = (uint8_t *)op + session->iv.offset;
 
-	/* Set authentication parameters */
-	job->hash_alg = session->auth.algo;
-
 	/* Set digest output location */
 	job->auth_tag_output = qp_data->temp_digests[*digest_idx];
 	*digest_idx = (*digest_idx + 1) % IMB_MAX_JOBS;
 
-	/* Set digest length */
-	job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
-
 	/* Set data parameters */
 	job->src = rte_pktmbuf_mtod(m_src, uint8_t *);
 	job->dst = rte_pktmbuf_mtod_offset(m_dst, uint8_t *,
@@ -1865,7 +1776,7 @@ generate_digest(IMB_JOB *job, struct rte_crypto_op *op,
 		struct aesni_mb_session *sess)
 {
 	/* No extra copy needed */
-	if (likely(sess->auth.req_digest_len == sess->auth.gen_digest_len))
+	if (likely(sess->auth.req_digest_len == job->auth_tag_output_len_in_bytes))
 		return;
 
 	/*
@@ -1940,7 +1851,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 			if ((op->sym->m_src->nb_segs > 1 ||
 					(op->sym->m_dst != NULL &&
 					op->sym->m_dst->nb_segs > 1)) &&
-					!imb_lib_support_sgl_algo(sess->cipher.mode)) {
+					!imb_lib_support_sgl_algo(job->cipher_mode)) {
 				linear_buf = (uint8_t *) job->user_data2;
 				post_process_sgl_linear(op, job, sess, linear_buf);
 			}
@@ -1950,7 +1861,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 
 			if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 				if (is_aead_algo(job->hash_alg,
-						sess->cipher.mode))
+						job->cipher_mode))
 					verify_digest(job,
 						op->sym->aead.digest.data,
 						sess->auth.req_digest_len,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 3cf44f8bc4..ce9a6e4886 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -852,14 +852,12 @@ get_digest_byte_length(IMB_HASH_ALG algo)
 
 /** AES-NI multi-buffer private session structure */
 struct aesni_mb_session {
-	IMB_CHAIN_ORDER chain_order;
-	/*  common job fields */
+	IMB_JOB template_job;
+	/*< Template job structure */
 	struct {
-		uint16_t length;
 		uint16_t offset;
 	} iv;
 	struct {
-		uint16_t length;
 		uint16_t offset;
 	} auth_iv;
 	/* *< IV parameters
@@ -868,13 +866,6 @@ struct aesni_mb_session {
 	/* * Cipher Parameters
 	 */
 	struct {
-		/* * Cipher direction - encrypt / decrypt */
-		IMB_CIPHER_DIRECTION direction;
-		/* * Cipher mode - CBC / Counter */
-		IMB_CIPHER_MODE mode;
-
-		uint64_t key_length_in_bytes;
-
 		union {
 			struct {
 				uint32_t encode[60] __rte_aligned(16);
@@ -907,7 +898,6 @@ struct aesni_mb_session {
 
 	/* *< Authentication Parameters */
 	struct {
-		IMB_HASH_ALG algo; /* *< Authentication Algorithm */
 		enum rte_crypto_auth_operation operation;
 		/* *< auth operation generate or verify */
 		union {
@@ -948,16 +938,10 @@ struct aesni_mb_session {
 			kasumi_key_sched_t pKeySched_kasumi_auth;
 			/* *< KASUMI scheduled authentication key */
 		};
-		/* * Generated digest size by the Multi-buffer library */
-		uint16_t gen_digest_len;
 		/* * Requested digest size from Cryptodev */
 		uint16_t req_digest_len;
 
 	} auth;
-	struct {
-		/* * AAD data length */
-		uint16_t aad_len;
-	} aead;
 } __rte_cache_aligned;
 
 typedef void (*hash_one_block_t)(const void *data, void *digest);
-- 
2.25.1


  parent reply	other threads:[~2023-04-21 13:13 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-21 13:12 [PATCH 0/8] add AESNI_MB optimisations Ciara Power
2023-04-21 13:12 ` [PATCH 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms Ciara Power
2023-04-21 13:12 ` [PATCH 2/8] crypto/ipsec_mb: use burst API in aesni_mb Ciara Power
2023-04-21 13:12 ` [PATCH 3/8] crypto/ipsec_mb: use new SGL API Ciara Power
2023-04-21 13:12 ` [PATCH 4/8] crypto/ipsec_mb: remove unneeded fields in crypto session Ciara Power
2023-04-21 13:12 ` Ciara Power [this message]
2023-04-21 13:12 ` [PATCH 6/8] crypto/ipsec_mb: optimize for GCM case Ciara Power
2023-04-21 13:12 ` [PATCH 7/8] crypto/ipsec_mb: do not free linear_sgl always Ciara Power
2023-04-21 13:12 ` [PATCH 8/8] crypto/ipsec_mb: set and use session ID Ciara Power
2024-02-22 20:52   ` Wathsala Wathawana Vithanage
2023-05-16 12:25 ` [EXT] [PATCH 0/8] add AESNI_MB optimisations Akhil Goyal
2023-05-16 12:54   ` Power, Ciara
2023-05-16 15:24 ` [PATCH v2 " Ciara Power
2023-05-16 15:24   ` [PATCH v2 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms Ciara Power
2023-05-16 15:24   ` [PATCH v2 2/8] crypto/ipsec_mb: use burst API in aesni_mb Ciara Power
2023-05-16 15:24   ` [PATCH v2 3/8] crypto/ipsec_mb: use new SGL API Ciara Power
2023-05-16 15:24   ` [PATCH v2 4/8] crypto/ipsec_mb: remove unneeded fields in crypto session Ciara Power
2023-05-16 15:24   ` [PATCH v2 5/8] crypto/ipsec_mb: store template job Ciara Power
2023-05-16 15:24   ` [PATCH v2 6/8] crypto/ipsec_mb: optimize for GCM case Ciara Power
2023-05-16 15:24   ` [PATCH v2 7/8] crypto/ipsec_mb: do not free linear_sgl always Ciara Power
2023-05-16 15:24   ` [PATCH v2 8/8] crypto/ipsec_mb: set and use session ID Ciara Power
2023-06-10 20:15     ` Thomas Monjalon
2023-06-14  5:35       ` [EXT] " Akhil Goyal
2023-06-15  2:46         ` Fangming Fang
2023-06-15  4:47           ` Akhil Goyal
2023-06-16  9:25             ` De Lara Guarch, Pablo
2023-06-16  9:38               ` Akhil Goyal
2023-06-20  6:32                 ` Fangming Fang
2024-02-21  5:01                   ` Patrick Robb
2024-02-21  5:10                     ` [EXT] " Honnappa Nagarahalli
2024-02-21  5:23                       ` Patrick Robb
2024-02-21  9:50                       ` Power, Ciara
2024-02-21 19:09                         ` Patrick Robb
2024-02-22  1:55                     ` [EXT] " Wathsala Wathawana Vithanage
2024-02-26 23:23                       ` Wathsala Wathawana Vithanage
2024-02-27  1:05                         ` Patrick Robb
2024-02-27  6:13                         ` Akhil Goyal
2024-03-05 17:36                         ` Wathsala Wathawana Vithanage
2023-06-20 14:41                 ` Thomas Monjalon
2023-06-21 19:11                   ` De Lara Guarch, Pablo
2023-05-17 16:44   ` [PATCH v2 0/8] add AESNI_MB optimisations Ji, Kai
2023-05-24 11:44     ` Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230421131221.1732314-6-ciara.power@intel.com \
    --to=ciara.power@intel.com \
    --cc=dev@dpdk.org \
    --cc=kai.ji@intel.com \
    --cc=pablo.de.lara.guarch@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).