Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/25599/?format=api
{ "id": 25599, "url": "https://patches.dpdk.org/api/patches/25599/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20170621074731.45013-21-pablo.de.lara.guarch@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20170621074731.45013-21-pablo.de.lara.guarch@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20170621074731.45013-21-pablo.de.lara.guarch@intel.com", "date": "2017-06-21T07:47:30", "name": "[dpdk-dev,21/22] cryptodev: use AES-GCM/CCM as AEAD algorithms", "commit_ref": null, "pull_url": null, "state": "not-applicable", "archived": true, "hash": "7ff82ab57b4d67d2b61d0708e483fa26a0285b9a", "submitter": { "id": 9, "url": "https://patches.dpdk.org/api/people/9/?format=api", "name": "De Lara Guarch, Pablo", "email": "pablo.de.lara.guarch@intel.com" }, "delegate": null, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20170621074731.45013-21-pablo.de.lara.guarch@intel.com/mbox/", "series": [], "comments": "https://patches.dpdk.org/api/patches/25599/comments/", "check": "fail", "checks": "https://patches.dpdk.org/api/patches/25599/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [IPv6:::1])\n\tby dpdk.org (Postfix) with ESMTP id CBF99910D;\n\tWed, 21 Jun 2017 17:48:15 +0200 (CEST)", "from mga02.intel.com (mga02.intel.com [134.134.136.20])\n\tby dpdk.org (Postfix) with ESMTP id 4001B7CFA\n\tfor <dev@dpdk.org>; Wed, 21 Jun 2017 17:47:40 +0200 (CEST)", "from orsmga004.jf.intel.com ([10.7.209.38])\n\tby orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t21 Jun 2017 08:47:39 -0700", "from silpixa00399464.ir.intel.com (HELO\n\tsilpixa00399464.ger.corp.intel.com) ([10.237.222.157])\n\tby orsmga004.jf.intel.com with ESMTP; 21 Jun 2017 08:47:38 -0700" ], "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.39,369,1493708400\"; d=\"scan'208\";a=\"100153564\"", "From": "Pablo de Lara <pablo.de.lara.guarch@intel.com>", "To": "pablo.de.lara.guarch@intel.com", "Cc": "dev@dpdk.org", "Date": "Wed, 21 Jun 2017 08:47:30 +0100", "Message-Id": "<20170621074731.45013-21-pablo.de.lara.guarch@intel.com>", "X-Mailer": "git-send-email 2.9.4", "In-Reply-To": "<20170621074731.45013-1-pablo.de.lara.guarch@intel.com>", "References": "<20170621074731.45013-1-pablo.de.lara.guarch@intel.com>", "Subject": "[dpdk-dev] [PATCH 21/22] cryptodev: use AES-GCM/CCM as AEAD\n\talgorithms", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<http://dpdk.org/ml/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://dpdk.org/ml/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<http://dpdk.org/ml/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>\n---\n app/test-crypto-perf/cperf_ops.c | 134 +++----\n app/test-crypto-perf/cperf_options.h | 21 +-\n app/test-crypto-perf/cperf_options_parsing.c | 137 +++++--\n app/test-crypto-perf/cperf_test_latency.c | 8 +-\n app/test-crypto-perf/cperf_test_throughput.c | 8 +-\n app/test-crypto-perf/cperf_test_vector_parsing.c | 12 +-\n app/test-crypto-perf/cperf_test_vectors.c | 106 +++---\n app/test-crypto-perf/cperf_test_vectors.h | 12 +\n app/test-crypto-perf/cperf_test_verify.c | 10 +-\n app/test-crypto-perf/main.c | 40 +-\n doc/guides/sample_app_ug/ipsec_secgw.rst | 43 ++-\n doc/guides/sample_app_ug/l2_forward_crypto.rst | 24 +-\n doc/guides/tools/cryptoperf.rst | 36 +-\n drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 76 ++--\n drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 24 +-\n drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 8 -\n drivers/crypto/openssl/rte_openssl_pmd.c | 140 +++++--\n drivers/crypto/openssl/rte_openssl_pmd_ops.c | 26 +-\n drivers/crypto/openssl/rte_openssl_pmd_private.h | 4 +\n drivers/crypto/qat/qat_crypto.c | 187 +++++++---\n drivers/crypto/qat/qat_crypto.h | 4 +\n drivers/crypto/qat/qat_crypto_capabilities.h | 34 +-\n examples/ipsec-secgw/esp.c | 223 +++++++-----\n examples/ipsec-secgw/ipsec.h | 1 +\n examples/ipsec-secgw/sa.c | 298 ++++++++++-----\n examples/l2fwd-crypto/main.c | 386 +++++++++++++++++---\n lib/librte_cryptodev/rte_crypto_sym.h | 105 +-----\n lib/librte_cryptodev/rte_cryptodev.c | 6 +-\n lib/librte_cryptodev/rte_cryptodev.h | 2 +\n test/test/test_cryptodev.c | 218 +++++------\n test/test/test_cryptodev_perf.c | 446 ++++++++++++-----------\n 31 files changed, 1713 insertions(+), 1066 deletions(-)", "diff": "diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c\nindex 9548584..a76ad8c 100644\n--- a/app/test-crypto-perf/cperf_ops.c\n+++ b/app/test-crypto-perf/cperf_ops.c\n@@ -176,8 +176,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,\n \t\t\t\t\tuint8_t *, offset);\n \t\t\tsym_op->auth.digest.phys_addr =\n \t\t\t\t\trte_pktmbuf_mtophys_offset(buf,\toffset);\n-\t\t\tsym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;\n-\t\t\tsym_op->auth.aad.data = test_vector->aad.data;\n \n \t\t}\n \n@@ -262,8 +260,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,\n \t\t\t\t\tuint8_t *, offset);\n \t\t\tsym_op->auth.digest.phys_addr =\n \t\t\t\t\trte_pktmbuf_mtophys_offset(buf,\toffset);\n-\t\t\tsym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;\n-\t\t\tsym_op->auth.aad.data = test_vector->aad.data;\n \t\t}\n \n \t\tif (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||\n@@ -301,23 +297,22 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,\n \t\t\t\ttest_vector->cipher_iv.data,\n \t\t\t\ttest_vector->cipher_iv.length);\n \n-\t\t/* cipher parameters */\n-\t\tsym_op->cipher.data.length = options->test_buffer_size;\n-\t\tsym_op->cipher.data.offset =\n-\t\t\t\tRTE_ALIGN_CEIL(options->auth_aad_sz, 16);\n+\t\t/* AEAD parameters */\n+\t\tsym_op->aead.data.length = options->test_buffer_size;\n+\t\tsym_op->aead.data.offset =\n+\t\t\t\tRTE_ALIGN_CEIL(options->aead_aad_sz, 16);\n \n-\t\tsym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);\n-\t\tsym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);\n+\t\tsym_op->aead.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);\n+\t\tsym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);\n \n-\t\t/* authentication parameters */\n-\t\tif (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {\n-\t\t\tsym_op->auth.digest.data = test_vector->digest.data;\n-\t\t\tsym_op->auth.digest.phys_addr =\n+\t\tif (options->aead_op == RTE_CRYPTO_AEAD_OP_DECRYPT) {\n+\t\t\tsym_op->aead.digest.data = test_vector->digest.data;\n+\t\t\tsym_op->aead.digest.phys_addr =\n \t\t\t\t\ttest_vector->digest.phys_addr;\n \t\t} else {\n \n-\t\t\tuint32_t offset = sym_op->cipher.data.length +\n-\t\t\t\t\t\tsym_op->cipher.data.offset;\n+\t\t\tuint32_t offset = sym_op->aead.data.length +\n+\t\t\t\t\t\tsym_op->aead.data.offset;\n \t\t\tstruct rte_mbuf *buf, *tbuf;\n \n \t\t\tif (options->out_of_place) {\n@@ -333,14 +328,11 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,\n \t\t\t\t}\n \t\t\t}\n \n-\t\t\tsym_op->auth.digest.data = rte_pktmbuf_mtod_offset(buf,\n+\t\t\tsym_op->aead.digest.data = rte_pktmbuf_mtod_offset(buf,\n \t\t\t\t\tuint8_t *, offset);\n-\t\t\tsym_op->auth.digest.phys_addr =\n+\t\t\tsym_op->aead.digest.phys_addr =\n \t\t\t\t\trte_pktmbuf_mtophys_offset(buf,\toffset);\n \t\t}\n-\n-\t\tsym_op->auth.data.length = options->test_buffer_size;\n-\t\tsym_op->auth.data.offset = options->auth_aad_sz;\n \t}\n \n \treturn 0;\n@@ -354,6 +346,7 @@ cperf_create_session(uint8_t dev_id,\n {\n \tstruct rte_crypto_sym_xform cipher_xform;\n \tstruct rte_crypto_sym_xform auth_xform;\n+\tstruct rte_crypto_sym_xform aead_xform;\n \tstruct rte_cryptodev_sym_session *sess = NULL;\n \n \t/*\n@@ -393,9 +386,7 @@ cperf_create_session(uint8_t dev_id,\n \t\t/* auth different than null */\n \t\tif (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {\n \t\t\tauth_xform.auth.digest_length =\n-\t\t\t\t\toptions->auth_digest_sz;\n-\t\t\tauth_xform.auth.add_auth_data_length =\n-\t\t\t\t\toptions->auth_aad_sz;\n+\t\t\t\t\toptions->digest_sz;\n \t\t\tauth_xform.auth.key.length =\n \t\t\t\t\ttest_vector->auth_key.length;\n \t\t\tauth_xform.auth.key.data = test_vector->auth_key.data;\n@@ -414,9 +405,7 @@ cperf_create_session(uint8_t dev_id,\n \t * cipher and auth\n \t */\n \t} else if (options->op_type == CPERF_CIPHER_THEN_AUTH\n-\t\t\t|| options->op_type == CPERF_AUTH_THEN_CIPHER\n-\t\t\t|| options->op_type == CPERF_AEAD) {\n-\n+\t\t\t|| options->op_type == CPERF_AUTH_THEN_CIPHER) {\n \t\t/*\n \t\t * cipher\n \t\t */\n@@ -450,23 +439,12 @@ cperf_create_session(uint8_t dev_id,\n \n \t\t/* auth different than null */\n \t\tif (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {\n-\t\t\tauth_xform.auth.digest_length = options->auth_digest_sz;\n-\t\t\tauth_xform.auth.add_auth_data_length =\n-\t\t\t\t\toptions->auth_aad_sz;\n-\t\t\t/* auth options for aes gcm */\n-\t\t\tif (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&\n-\t\t\t\toptions->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {\n-\t\t\t\tauth_xform.auth.key.length = 0;\n-\t\t\t\tauth_xform.auth.key.data = NULL;\n-\t\t\t\tauth_xform.auth.iv.length = 0;\n-\t\t\t} else { /* auth options for others */\n-\t\t\t\tauth_xform.auth.key.length =\n+\t\t\tauth_xform.auth.digest_length = options->digest_sz;\n+\t\t\tauth_xform.auth.iv.length = test_vector->auth_iv.length;\n+\t\t\tauth_xform.auth.key.length =\n \t\t\t\t\ttest_vector->auth_key.length;\n-\t\t\t\tauth_xform.auth.key.data =\n-\t\t\t\t\t\ttest_vector->auth_key.data;\n-\t\t\t\tauth_xform.auth.iv.length =\n-\t\t\t\t\t\ttest_vector->auth_iv.length;\n-\t\t\t}\n+\t\t\tauth_xform.auth.key.data =\n+\t\t\t\t\ttest_vector->auth_key.data;\n \t\t} else {\n \t\t\tauth_xform.auth.digest_length = 0;\n \t\t\tauth_xform.auth.add_auth_data_length = 0;\n@@ -475,35 +453,39 @@ cperf_create_session(uint8_t dev_id,\n \t\t\tauth_xform.auth.iv.length = 0;\n \t\t}\n \n-\t\t/* create crypto session for aes gcm */\n-\t\tif (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM) {\n-\t\t\tif (options->cipher_op ==\n-\t\t\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT) {\n-\t\t\t\tcipher_xform.next = &auth_xform;\n-\t\t\t\t/* create crypto session */\n-\t\t\t\tsess = rte_cryptodev_sym_session_create(dev_id,\n-\t\t\t\t\t&cipher_xform);\n-\t\t\t} else { /* decrypt */\n-\t\t\t\tauth_xform.next = &cipher_xform;\n-\t\t\t\t/* create crypto session */\n-\t\t\t\tsess = rte_cryptodev_sym_session_create(dev_id,\n-\t\t\t\t\t&auth_xform);\n-\t\t\t}\n-\t\t} else { /* create crypto session for other */\n-\t\t\t/* cipher then auth */\n-\t\t\tif (options->op_type == CPERF_CIPHER_THEN_AUTH) {\n-\t\t\t\tcipher_xform.next = &auth_xform;\n-\t\t\t\t/* create crypto session */\n-\t\t\t\tsess = rte_cryptodev_sym_session_create(dev_id,\n+\t\t/* cipher then auth */\n+\t\tif (options->op_type == CPERF_CIPHER_THEN_AUTH) {\n+\t\t\tcipher_xform.next = &auth_xform;\n+\t\t\t/* create crypto session */\n+\t\t\tsess = rte_cryptodev_sym_session_create(dev_id,\n \t\t\t\t\t\t&cipher_xform);\n-\t\t\t} else { /* auth then cipher */\n-\t\t\t\tauth_xform.next = &cipher_xform;\n-\t\t\t\t/* create crypto session */\n-\t\t\t\tsess = rte_cryptodev_sym_session_create(dev_id,\n-\t\t\t\t\t\t&auth_xform);\n-\t\t\t}\n+\t\t} else { /* auth then cipher */\n+\t\t\tauth_xform.next = &cipher_xform;\n+\t\t\t/* create crypto session */\n+\t\t\tsess = rte_cryptodev_sym_session_create(dev_id,\n+\t\t\t\t\t&auth_xform);\n \t\t}\n+\t} else { /* options->op_type == CPERF_AEAD */\n+\t\taead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\t\taead_xform.next = NULL;\n+\t\taead_xform.aead.algo = options->aead_algo;\n+\t\taead_xform.aead.op = options->aead_op;\n+\t\taead_xform.aead.iv.offset = iv_offset;\n+\n+\t\taead_xform.aead.key.data =\n+\t\t\t\t\ttest_vector->aead_key.data;\n+\t\taead_xform.aead.key.length =\n+\t\t\t\t\ttest_vector->aead_key.length;\n+\t\taead_xform.aead.iv.length = test_vector->aead_iv.length;\n+\n+\t\taead_xform.aead.digest_length = options->digest_sz;\n+\t\taead_xform.aead.add_auth_data_length =\n+\t\t\t\t\toptions->aead_aad_sz;\n+\n+\t\t/* Create crypto session */\n+\t\tsess = rte_cryptodev_sym_session_create(dev_id, &aead_xform);\n \t}\n+\n \treturn sess;\n }\n \n@@ -515,14 +497,14 @@ cperf_get_op_functions(const struct cperf_options *options,\n \n \top_fns->sess_create = cperf_create_session;\n \n-\tif (options->op_type == CPERF_AEAD\n-\t\t\t|| options->op_type == CPERF_AUTH_THEN_CIPHER\n+\tif (options->op_type == CPERF_AEAD) {\n+\t\top_fns->populate_ops = cperf_set_ops_aead;\n+\t\treturn 0;\n+\t}\n+\n+\tif (options->op_type == CPERF_AUTH_THEN_CIPHER\n \t\t\t|| options->op_type == CPERF_CIPHER_THEN_AUTH) {\n-\t\tif (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM &&\n-\t\t\t\toptions->auth_algo == RTE_CRYPTO_AUTH_AES_GCM)\n-\t\t\top_fns->populate_ops = cperf_set_ops_aead;\n-\t\telse\n-\t\t\top_fns->populate_ops = cperf_set_ops_cipher_auth;\n+\t\top_fns->populate_ops = cperf_set_ops_cipher_auth;\n \t\treturn 0;\n \t}\n \tif (options->op_type == CPERF_AUTH_ONLY) {\ndiff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h\nindex 0e53c03..2f1e282 100644\n--- a/app/test-crypto-perf/cperf_options.h\n+++ b/app/test-crypto-perf/cperf_options.h\n@@ -29,8 +29,15 @@\n #define CPERF_AUTH_OP\t\t(\"auth-op\")\n #define CPERF_AUTH_KEY_SZ\t(\"auth-key-sz\")\n #define CPERF_AUTH_IV_SZ\t(\"auth-iv-sz\")\n-#define CPERF_AUTH_DIGEST_SZ\t(\"auth-digest-sz\")\n-#define CPERF_AUTH_AAD_SZ\t(\"auth-aad-sz\")\n+\n+#define CPERF_AEAD_ALGO\t\t(\"aead-algo\")\n+#define CPERF_AEAD_OP\t\t(\"aead-op\")\n+#define CPERF_AEAD_KEY_SZ\t(\"aead-key-sz\")\n+#define CPERF_AEAD_IV_SZ\t(\"aead-iv-sz\")\n+#define CPERF_AEAD_AAD_SZ\t(\"aead-aad-sz\")\n+\n+#define CPERF_DIGEST_SZ \t(\"digest-sz\")\n+\n #define CPERF_CSV\t\t(\"csv-friendly\")\n \n #define MAX_LIST 32\n@@ -79,7 +86,15 @@ struct cperf_options {\n \tuint16_t auth_key_sz;\n \tuint16_t auth_iv_sz;\n \tuint16_t auth_digest_sz;\n-\tuint16_t auth_aad_sz;\n+\n+\tenum rte_crypto_aead_algorithm aead_algo;\n+\tenum rte_crypto_aead_operation aead_op;\n+\n+\tuint16_t aead_key_sz;\n+\tuint16_t aead_iv_sz;\n+\tuint16_t aead_aad_sz;\n+\n+\tuint16_t digest_sz;\n \n \tchar device_type[RTE_CRYPTODEV_NAME_LEN];\n \tenum cperf_op_type op_type;\ndiff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c\nindex 5c2dcff..3ec2c50 100644\n--- a/app/test-crypto-perf/cperf_options_parsing.c\n+++ b/app/test-crypto-perf/cperf_options_parsing.c\n@@ -543,9 +543,9 @@ parse_auth_key_sz(struct cperf_options *opts, const char *arg)\n }\n \n static int\n-parse_auth_digest_sz(struct cperf_options *opts, const char *arg)\n+parse_digest_sz(struct cperf_options *opts, const char *arg)\n {\n-\treturn parse_uint16_t(&opts->auth_digest_sz, arg);\n+\treturn parse_uint16_t(&opts->digest_sz, arg);\n }\n \n static int\n@@ -555,9 +555,64 @@ parse_auth_iv_sz(struct cperf_options *opts, const char *arg)\n }\n \n static int\n-parse_auth_aad_sz(struct cperf_options *opts, const char *arg)\n+parse_aead_algo(struct cperf_options *opts, const char *arg)\n {\n-\treturn parse_uint16_t(&opts->auth_aad_sz, arg);\n+\tenum rte_crypto_aead_algorithm aead_algo;\n+\n+\tif (rte_cryptodev_get_aead_algo_enum(&aead_algo, arg) < 0) {\n+\t\tRTE_LOG(ERR, USER1, \"Invalid AEAD algorithm specified\\n\");\n+\t\treturn -1;\n+\t}\n+\n+\topts->aead_algo = aead_algo;\n+\n+\treturn 0;\n+}\n+\n+static int\n+parse_aead_op(struct cperf_options *opts, const char *arg)\n+{\n+\tstruct name_id_map aead_op_namemap[] = {\n+\t\t{\n+\t\t\trte_crypto_aead_operation_strings\n+\t\t\t[RTE_CRYPTO_AEAD_OP_ENCRYPT],\n+\t\t\tRTE_CRYPTO_AEAD_OP_ENCRYPT },\n+\t\t{\n+\t\t\trte_crypto_aead_operation_strings\n+\t\t\t[RTE_CRYPTO_AEAD_OP_DECRYPT],\n+\t\t\tRTE_CRYPTO_AEAD_OP_DECRYPT\n+\t\t}\n+\t};\n+\n+\tint id = get_str_key_id_mapping(aead_op_namemap,\n+\t\t\tRTE_DIM(aead_op_namemap), arg);\n+\tif (id < 0) {\n+\t\tRTE_LOG(ERR, USER1, \"invalid AEAD operation specified\"\n+\t\t\t\t\"\\n\");\n+\t\treturn -1;\n+\t}\n+\n+\topts->aead_op = (enum rte_crypto_aead_operation)id;\n+\n+\treturn 0;\n+}\n+\n+static int\n+parse_aead_key_sz(struct cperf_options *opts, const char *arg)\n+{\n+\treturn parse_uint16_t(&opts->aead_key_sz, arg);\n+}\n+\n+static int\n+parse_aead_iv_sz(struct cperf_options *opts, const char *arg)\n+{\n+\treturn parse_uint16_t(&opts->aead_iv_sz, arg);\n+}\n+\n+static int\n+parse_aead_aad_sz(struct cperf_options *opts, const char *arg)\n+{\n+\treturn parse_uint16_t(&opts->aead_aad_sz, arg);\n }\n \n static int\n@@ -606,8 +661,17 @@ static struct option lgopts[] = {\n \t{ CPERF_AUTH_OP, required_argument, 0, 0 },\n \n \t{ CPERF_AUTH_KEY_SZ, required_argument, 0, 0 },\n-\t{ CPERF_AUTH_DIGEST_SZ, required_argument, 0, 0 },\n-\t{ CPERF_AUTH_AAD_SZ, required_argument, 0, 0 },\n+\t{ CPERF_AUTH_IV_SZ, required_argument, 0, 0 },\n+\n+\t{ CPERF_AEAD_ALGO, required_argument, 0, 0 },\n+\t{ CPERF_AEAD_OP, required_argument, 0, 0 },\n+\n+\t{ CPERF_AEAD_KEY_SZ, required_argument, 0, 0 },\n+\t{ CPERF_AEAD_AAD_SZ, required_argument, 0, 0 },\n+\t{ CPERF_AEAD_IV_SZ, required_argument, 0, 0 },\n+\n+\t{ CPERF_DIGEST_SZ, required_argument, 0, 0 },\n+\n \t{ CPERF_CSV, no_argument, 0, 0},\n \n \t{ NULL, 0, 0, 0 }\n@@ -658,7 +722,12 @@ cperf_options_default(struct cperf_options *opts)\n \topts->auth_key_sz = 64;\n \topts->auth_digest_sz = 12;\n \topts->auth_iv_sz = 0;\n-\topts->auth_aad_sz = 0;\n+\n+\topts->aead_key_sz = 0;\n+\topts->aead_iv_sz = 0;\n+\topts->aead_aad_sz = 0;\n+\n+\topts->digest_sz = 12;\n }\n \n static int\n@@ -686,9 +755,13 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)\n \t\t{ CPERF_AUTH_OP,\tparse_auth_op },\n \t\t{ CPERF_AUTH_KEY_SZ,\tparse_auth_key_sz },\n \t\t{ CPERF_AUTH_IV_SZ,\tparse_auth_iv_sz },\n-\t\t{ CPERF_AUTH_DIGEST_SZ,\tparse_auth_digest_sz },\n-\t\t{ CPERF_AUTH_AAD_SZ,\tparse_auth_aad_sz },\n-\t\t{ CPERF_CSV,\tparse_csv_friendly},\n+\t\t{ CPERF_AEAD_ALGO,\tparse_aead_algo },\n+\t\t{ CPERF_AEAD_OP,\tparse_aead_op },\n+\t\t{ CPERF_AEAD_KEY_SZ,\tparse_aead_key_sz },\n+\t\t{ CPERF_AEAD_IV_SZ,\tparse_aead_iv_sz },\n+\t\t{ CPERF_AEAD_AAD_SZ,\tparse_aead_aad_sz },\n+\t\t{ CPERF_DIGEST_SZ,\tparse_digest_sz },\n+\t\t{ CPERF_CSV,\t\tparse_csv_friendly},\n \t};\n \tunsigned int i;\n \n@@ -803,30 +876,7 @@ cperf_options_check(struct cperf_options *options)\n \t\t\t\t\t\" options: decrypt and verify.\\n\");\n \t\t\treturn -EINVAL;\n \t\t}\n-\t} else if (options->op_type == CPERF_AEAD) {\n-\t\tif (!(options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&\n-\t\t\t\toptions->auth_op ==\n-\t\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE) &&\n-\t\t\t\t!(options->cipher_op ==\n-\t\t\t\tRTE_CRYPTO_CIPHER_OP_DECRYPT &&\n-\t\t\t\toptions->auth_op ==\n-\t\t\t\tRTE_CRYPTO_AUTH_OP_VERIFY)) {\n-\t\t\tRTE_LOG(ERR, USER1, \"Use together options: encrypt and\"\n-\t\t\t\t\t\" generate or decrypt and verify.\\n\");\n-\t\t\treturn -EINVAL;\n-\t\t}\n-\t}\n-\n-\tif (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM ||\n-\t\t\toptions->cipher_algo == RTE_CRYPTO_CIPHER_AES_CCM ||\n-\t\t\toptions->auth_algo == RTE_CRYPTO_AUTH_AES_GCM ||\n-\t\t\toptions->auth_algo == RTE_CRYPTO_AUTH_AES_CCM) {\n-\t\tif (options->op_type != CPERF_AEAD) {\n-\t\t\tRTE_LOG(ERR, USER1, \"Use --optype aead\\n\");\n-\t\t\treturn -EINVAL;\n-\t\t}\n \t}\n-\n \tif (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC ||\n \t\t\toptions->cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB) {\n \t\tif (options->inc_buffer_size != 0)\n@@ -914,23 +964,20 @@ cperf_options_dump(struct cperf_options *opts)\n \n \tif (opts->op_type == CPERF_AUTH_ONLY ||\n \t\t\topts->op_type == CPERF_CIPHER_THEN_AUTH ||\n-\t\t\topts->op_type == CPERF_AUTH_THEN_CIPHER ||\n-\t\t\topts->op_type == CPERF_AEAD) {\n+\t\t\topts->op_type == CPERF_AUTH_THEN_CIPHER) {\n \t\tprintf(\"# auth algorithm: %s\\n\",\n \t\t\trte_crypto_auth_algorithm_strings[opts->auth_algo]);\n \t\tprintf(\"# auth operation: %s\\n\",\n \t\t\trte_crypto_auth_operation_strings[opts->auth_op]);\n \t\tprintf(\"# auth key size: %u\\n\", opts->auth_key_sz);\n \t\tprintf(\"# auth iv size: %u\\n\", opts->auth_iv_sz);\n-\t\tprintf(\"# auth digest size: %u\\n\", opts->auth_digest_sz);\n-\t\tprintf(\"# auth aad size: %u\\n\", opts->auth_aad_sz);\n+\t\tprintf(\"# auth digest size: %u\\n\", opts->digest_sz);\n \t\tprintf(\"#\\n\");\n \t}\n \n \tif (opts->op_type == CPERF_CIPHER_ONLY ||\n \t\t\topts->op_type == CPERF_CIPHER_THEN_AUTH ||\n-\t\t\topts->op_type == CPERF_AUTH_THEN_CIPHER ||\n-\t\t\topts->op_type == CPERF_AEAD) {\n+\t\t\topts->op_type == CPERF_AUTH_THEN_CIPHER) {\n \t\tprintf(\"# cipher algorithm: %s\\n\",\n \t\t\trte_crypto_cipher_algorithm_strings[opts->cipher_algo]);\n \t\tprintf(\"# cipher operation: %s\\n\",\n@@ -939,4 +986,16 @@ cperf_options_dump(struct cperf_options *opts)\n \t\tprintf(\"# cipher iv size: %u\\n\", opts->cipher_iv_sz);\n \t\tprintf(\"#\\n\");\n \t}\n+\n+\tif (opts->op_type == CPERF_AEAD) {\n+\t\tprintf(\"# aead algorithm: %s\\n\",\n+\t\t\trte_crypto_aead_algorithm_strings[opts->aead_algo]);\n+\t\tprintf(\"# aead operation: %s\\n\",\n+\t\t\trte_crypto_aead_operation_strings[opts->aead_op]);\n+\t\tprintf(\"# aead key size: %u\\n\", opts->aead_key_sz);\n+\t\tprintf(\"# aead iv size: %u\\n\", opts->aead_iv_sz);\n+\t\tprintf(\"# aead digest size: %u\\n\", opts->digest_sz);\n+\t\tprintf(\"# aead aad size: %u\\n\", opts->aead_aad_sz);\n+\t\tprintf(\"#\\n\");\n+\t}\n }\ndiff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c\nindex dc0ba84..7a89b97 100644\n--- a/app/test-crypto-perf/cperf_test_latency.c\n+++ b/app/test-crypto-perf/cperf_test_latency.c\n@@ -168,14 +168,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,\n \n \tif (options->op_type != CPERF_CIPHER_ONLY) {\n \t\tmbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,\n-\t\t\toptions->auth_digest_sz);\n+\t\t\toptions->digest_sz);\n \t\tif (mbuf_data == NULL)\n \t\t\tgoto error;\n \t}\n \n \tif (options->op_type == CPERF_AEAD) {\n \t\tuint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,\n-\t\t\tRTE_ALIGN_CEIL(options->auth_aad_sz, 16));\n+\t\t\tRTE_ALIGN_CEIL(options->aead_aad_sz, 16));\n \n \t\tif (aead == NULL)\n \t\t\tgoto error;\n@@ -230,7 +230,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,\n \t\t\tRTE_CACHE_LINE_ROUNDUP(\n \t\t\t\t(options->max_buffer_size / options->segments_nb) +\n \t\t\t\t(options->max_buffer_size % options->segments_nb) +\n-\t\t\t\t\toptions->auth_digest_sz),\n+\t\t\t\t\toptions->digest_sz),\n \t\t\trte_socket_id());\n \n \tif (ctx->pkt_mbuf_pool_in == NULL)\n@@ -260,7 +260,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,\n \t\t\t\tRTE_PKTMBUF_HEADROOM +\n \t\t\t\tRTE_CACHE_LINE_ROUNDUP(\n \t\t\t\t\toptions->max_buffer_size +\n-\t\t\t\t\toptions->auth_digest_sz),\n+\t\t\t\t\toptions->digest_sz),\n \t\t\t\trte_socket_id());\n \n \t\tif (ctx->pkt_mbuf_pool_out == NULL)\ndiff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c\nindex 1e3f3b3..1ff1560 100644\n--- a/app/test-crypto-perf/cperf_test_throughput.c\n+++ b/app/test-crypto-perf/cperf_test_throughput.c\n@@ -151,14 +151,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,\n \n \tif (options->op_type != CPERF_CIPHER_ONLY) {\n \t\tmbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,\n-\t\t\t\toptions->auth_digest_sz);\n+\t\t\t\toptions->digest_sz);\n \t\tif (mbuf_data == NULL)\n \t\t\tgoto error;\n \t}\n \n \tif (options->op_type == CPERF_AEAD) {\n \t\tuint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,\n-\t\t\tRTE_ALIGN_CEIL(options->auth_aad_sz, 16));\n+\t\t\tRTE_ALIGN_CEIL(options->aead_aad_sz, 16));\n \n \t\tif (aead == NULL)\n \t\t\tgoto error;\n@@ -212,7 +212,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,\n \t\t\tRTE_CACHE_LINE_ROUNDUP(\n \t\t\t\t(options->max_buffer_size / options->segments_nb) +\n \t\t\t\t(options->max_buffer_size % options->segments_nb) +\n-\t\t\t\t\toptions->auth_digest_sz),\n+\t\t\t\t\toptions->digest_sz),\n \t\t\trte_socket_id());\n \n \tif (ctx->pkt_mbuf_pool_in == NULL)\n@@ -240,7 +240,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,\n \t\t\t\tRTE_PKTMBUF_HEADROOM +\n \t\t\t\tRTE_CACHE_LINE_ROUNDUP(\n \t\t\t\t\toptions->max_buffer_size +\n-\t\t\t\t\toptions->auth_digest_sz),\n+\t\t\t\t\toptions->digest_sz),\n \t\t\t\trte_socket_id());\n \n \t\tif (ctx->pkt_mbuf_pool_out == NULL)\ndiff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c\nindex 277ff1e..e462d2c 100644\n--- a/app/test-crypto-perf/cperf_test_vector_parsing.c\n+++ b/app/test-crypto-perf/cperf_test_vector_parsing.c\n@@ -363,12 +363,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector,\n \t\tif (tc_found)\n \t\t\tvector->aad.length = data_length;\n \t\telse {\n-\t\t\tif (opts->auth_aad_sz > data_length) {\n+\t\t\tif (opts->aead_aad_sz > data_length) {\n \t\t\t\tprintf(\"Global aad shorter than \"\n-\t\t\t\t\t\"auth_aad_sz\\n\");\n+\t\t\t\t\t\"aead_aad_sz\\n\");\n \t\t\t\treturn -1;\n \t\t\t}\n-\t\t\tvector->aad.length = opts->auth_aad_sz;\n+\t\t\tvector->aad.length = opts->aead_aad_sz;\n \t\t}\n \n \t} else if (strstr(key_token, \"digest\")) {\n@@ -379,12 +379,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector,\n \t\tif (tc_found)\n \t\t\tvector->digest.length = data_length;\n \t\telse {\n-\t\t\tif (opts->auth_digest_sz > data_length) {\n+\t\t\tif (opts->digest_sz > data_length) {\n \t\t\t\tprintf(\"Global digest shorter than \"\n-\t\t\t\t\t\"auth_digest_sz\\n\");\n+\t\t\t\t\t\"digest_sz\\n\");\n \t\t\t\treturn -1;\n \t\t\t}\n-\t\t\tvector->digest.length = opts->auth_digest_sz;\n+\t\t\tvector->digest.length = opts->digest_sz;\n \t\t}\n \t} else {\n \t\tprintf(\"Not valid key: '%s'\\n\", trim_space(key_token));\ndiff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c\nindex 2e5339c..03bc995 100644\n--- a/app/test-crypto-perf/cperf_test_vectors.c\n+++ b/app/test-crypto-perf/cperf_test_vectors.c\n@@ -385,6 +385,13 @@ uint8_t auth_key[] = {\n \t0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F\n };\n \n+/* AEAD key */\n+uint8_t aead_key[] = {\n+\t0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,\n+\t0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,\n+\t0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F\n+};\n+\n /* Digests */\n uint8_t digest[2048] = { 0x00 };\n \n@@ -403,8 +410,7 @@ cperf_test_vector_get_dummy(struct cperf_options *options)\n \n \tif (options->op_type ==\tCPERF_CIPHER_ONLY ||\n \t\t\toptions->op_type == CPERF_CIPHER_THEN_AUTH ||\n-\t\t\toptions->op_type == CPERF_AUTH_THEN_CIPHER ||\n-\t\t\toptions->op_type == CPERF_AEAD) {\n+\t\t\toptions->op_type == CPERF_AUTH_THEN_CIPHER) {\n \t\tif (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) {\n \t\t\tt_vec->cipher_key.length = 0;\n \t\t\tt_vec->ciphertext.data = plaintext;\n@@ -441,40 +447,32 @@ cperf_test_vector_get_dummy(struct cperf_options *options)\n \n \tif (options->op_type ==\tCPERF_AUTH_ONLY ||\n \t\t\toptions->op_type == CPERF_CIPHER_THEN_AUTH ||\n-\t\t\toptions->op_type == CPERF_AUTH_THEN_CIPHER ||\n-\t\t\toptions->op_type == CPERF_AEAD) {\n-\t\tuint8_t aad_alloc = 0;\n-\n-\t\tt_vec->auth_key.length = options->auth_key_sz;\n-\n-\t\tswitch (options->auth_algo) {\n-\t\tcase RTE_CRYPTO_AUTH_NULL:\n-\t\t\tt_vec->auth_key.data = NULL;\n-\t\t\taad_alloc = 0;\n-\t\t\tbreak;\n-\t\tcase RTE_CRYPTO_AUTH_AES_GCM:\n+\t\t\toptions->op_type == CPERF_AUTH_THEN_CIPHER) {\n+\t\tif (options->auth_algo == RTE_CRYPTO_AUTH_NULL) {\n+\t\t\tt_vec->auth_key.length = 0;\n \t\t\tt_vec->auth_key.data = NULL;\n-\t\t\taad_alloc = 1;\n-\t\t\tbreak;\n-\t\tdefault:\n+\t\t\tt_vec->digest.data = NULL;\n+\t\t\tt_vec->digest.length = 0;\n+\t\t} else {\n+\t\t\tt_vec->auth_key.length = options->auth_key_sz;\n \t\t\tt_vec->auth_key.data = auth_key;\n-\t\t\taad_alloc = 0;\n-\t\t\tbreak;\n-\t\t}\n \n-\t\tif (aad_alloc && options->auth_aad_sz) {\n-\t\t\tt_vec->aad.data = rte_malloc(NULL,\n-\t\t\t\t\toptions->auth_aad_sz, 16);\n-\t\t\tif (t_vec->aad.data == NULL) {\n-\t\t\t\tif (options->op_type !=\tCPERF_AUTH_ONLY)\n-\t\t\t\t\trte_free(t_vec->cipher_iv.data);\n+\t\t\tt_vec->digest.data = rte_malloc(NULL,\n+\t\t\t\t\toptions->digest_sz,\n+\t\t\t\t\t16);\n+\t\t\tif (t_vec->digest.data == NULL) {\n+\t\t\t\trte_free(t_vec->cipher_iv.data);\n \t\t\t\trte_free(t_vec);\n \t\t\t\treturn NULL;\n \t\t\t}\n-\t\t\tmemcpy(t_vec->aad.data, aad, options->auth_aad_sz);\n-\t\t} else {\n-\t\t\tt_vec->aad.data = NULL;\n+\t\t\tt_vec->digest.phys_addr =\n+\t\t\t\trte_malloc_virt2phy(t_vec->digest.data);\n+\t\t\tt_vec->digest.length = options->digest_sz;\n+\t\t\tmemcpy(t_vec->digest.data, digest,\n+\t\t\t\t\toptions->digest_sz);\n \t\t}\n+\t\tt_vec->data.auth_offset = 0;\n+\t\tt_vec->data.auth_length = options->max_buffer_size;\n \n \t\t/* Set IV parameters */\n \t\tt_vec->auth_iv.data = rte_malloc(NULL, options->auth_iv_sz,\n@@ -487,26 +485,52 @@ cperf_test_vector_get_dummy(struct cperf_options *options)\n \t\t}\n \t\tmemcpy(t_vec->auth_iv.data, iv, options->auth_iv_sz);\n \t\tt_vec->auth_iv.length = options->auth_iv_sz;\n+\t}\n \n-\t\tt_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);\n-\t\tt_vec->aad.length = options->auth_aad_sz;\n-\t\tt_vec->digest.data = rte_malloc(NULL, options->auth_digest_sz,\n-\t\t\t\t16);\n+\tif (options->op_type == CPERF_AEAD) {\n+\t\tt_vec->aead_key.length = options->aead_key_sz;\n+\t\tt_vec->aead_key.data = aead_key;\n+\n+\t\tif (options->aead_aad_sz) {\n+\t\t\tt_vec->aad.data = rte_malloc(NULL,\n+\t\t\t\t\toptions->aead_aad_sz, 16);\n+\t\t\tif (t_vec->aad.data == NULL) {\n+\t\t\t\trte_free(t_vec);\n+\t\t\t\treturn NULL;\n+\t\t\t}\n+\t\t\tmemcpy(t_vec->aad.data, aad, options->aead_aad_sz);\n+\t\t\tt_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);\n+\t\t\tt_vec->aad.length = options->aead_aad_sz;\n+\t\t} else {\n+\t\t\tt_vec->aad.data = NULL;\n+\t\t\tt_vec->aad.length = 0;\n+\t\t}\n+\n+\t\tt_vec->digest.data = rte_malloc(NULL, options->digest_sz,\n+\t\t\t\t\t\t16);\n \t\tif (t_vec->digest.data == NULL) {\n-\t\t\tif (options->op_type !=\tCPERF_AUTH_ONLY)\n-\t\t\t\trte_free(t_vec->cipher_iv.data);\n-\t\t\trte_free(t_vec->auth_iv.data);\n \t\t\trte_free(t_vec->aad.data);\n \t\t\trte_free(t_vec);\n \t\t\treturn NULL;\n \t\t}\n \t\tt_vec->digest.phys_addr =\n \t\t\t\trte_malloc_virt2phy(t_vec->digest.data);\n-\t\tt_vec->digest.length = options->auth_digest_sz;\n-\t\tmemcpy(t_vec->digest.data, digest, options->auth_digest_sz);\n-\t\tt_vec->data.auth_offset = 0;\n-\t\tt_vec->data.auth_length = options->max_buffer_size;\n-\t}\n+\t\tt_vec->digest.length = options->digest_sz;\n+\t\tmemcpy(t_vec->digest.data, digest, options->digest_sz);\n+\t\tt_vec->data.aead_offset = 0;\n+\t\tt_vec->data.aead_length = options->max_buffer_size;\n \n+\t\t/* Set IV parameters */\n+\t\tt_vec->aead_iv.data = rte_malloc(NULL, options->aead_iv_sz,\n+\t\t\t\t16);\n+\t\tif (options->aead_iv_sz && t_vec->aead_iv.data == NULL) {\n+\t\t\trte_free(t_vec->aad.data);\n+\t\t\trte_free(t_vec->digest.data);\n+\t\t\trte_free(t_vec);\n+\t\t\treturn NULL;\n+\t\t}\n+\t\tmemcpy(t_vec->aead_iv.data, iv, options->aead_iv_sz);\n+\t\tt_vec->aead_iv.length = options->aead_iv_sz;\n+\t}\n \treturn t_vec;\n }\ndiff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h\nindex 7f9c4fa..8595570 100644\n--- a/app/test-crypto-perf/cperf_test_vectors.h\n+++ b/app/test-crypto-perf/cperf_test_vectors.h\n@@ -54,6 +54,11 @@ struct cperf_test_vector {\n \tstruct {\n \t\tuint8_t *data;\n \t\tuint16_t length;\n+\t} aead_key;\n+\n+\tstruct {\n+\t\tuint8_t *data;\n+\t\tuint16_t length;\n \t} cipher_iv;\n \n \tstruct {\n@@ -63,6 +68,11 @@ struct cperf_test_vector {\n \n \tstruct {\n \t\tuint8_t *data;\n+\t\tuint16_t length;\n+\t} aead_iv;\n+\n+\tstruct {\n+\t\tuint8_t *data;\n \t\tuint32_t length;\n \t} ciphertext;\n \n@@ -83,6 +93,8 @@ struct cperf_test_vector {\n \t\tuint32_t auth_length;\n \t\tuint32_t cipher_offset;\n \t\tuint32_t cipher_length;\n+\t\tuint32_t aead_offset;\n+\t\tuint32_t aead_length;\n \t} data;\n };\n \ndiff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c\nindex 81057ff..bba8019 100644\n--- a/app/test-crypto-perf/cperf_test_verify.c\n+++ b/app/test-crypto-perf/cperf_test_verify.c\n@@ -155,14 +155,14 @@ cperf_mbuf_create(struct rte_mempool *mempool,\n \n \tif (options->op_type != CPERF_CIPHER_ONLY) {\n \t\tmbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf,\n-\t\t\t\toptions->auth_digest_sz);\n+\t\t\t\toptions->digest_sz);\n \t\tif (mbuf_data == NULL)\n \t\t\tgoto error;\n \t}\n \n \tif (options->op_type == CPERF_AEAD) {\n \t\tuint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,\n-\t\t\tRTE_ALIGN_CEIL(options->auth_aad_sz, 16));\n+\t\t\tRTE_ALIGN_CEIL(options->aead_aad_sz, 16));\n \n \t\tif (aead == NULL)\n \t\t\tgoto error;\n@@ -216,7 +216,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,\n \t\t\tRTE_CACHE_LINE_ROUNDUP(\n \t\t\t\t(options->max_buffer_size / options->segments_nb) +\n \t\t\t\t(options->max_buffer_size % options->segments_nb) +\n-\t\t\t\t\toptions->auth_digest_sz),\n+\t\t\t\t\toptions->digest_sz),\n \t\t\trte_socket_id());\n \n \tif (ctx->pkt_mbuf_pool_in == NULL)\n@@ -244,7 +244,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,\n \t\t\t\tRTE_PKTMBUF_HEADROOM +\n \t\t\t\tRTE_CACHE_LINE_ROUNDUP(\n \t\t\t\t\toptions->max_buffer_size +\n-\t\t\t\t\toptions->auth_digest_sz),\n+\t\t\t\t\toptions->digest_sz),\n \t\t\t\trte_socket_id());\n \n \t\tif (ctx->pkt_mbuf_pool_out == NULL)\n@@ -379,7 +379,7 @@ cperf_verify_op(struct rte_crypto_op *op,\n \t\tif (options->auth_op == RTE_CRYPTO_AUTH_OP_GENERATE)\n \t\t\tres += memcmp(data + auth_offset,\n \t\t\t\t\tvector->digest.data,\n-\t\t\t\t\toptions->auth_digest_sz);\n+\t\t\t\t\toptions->digest_sz);\n \t}\n \n \treturn !!res;\ndiff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c\nindex cf4fa4f..b39b1cb 100644\n--- a/app/test-crypto-perf/main.c\n+++ b/app/test-crypto-perf/main.c\n@@ -123,8 +123,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,\n \n \t\tif (opts->op_type == CPERF_AUTH_ONLY ||\n \t\t\t\topts->op_type == CPERF_CIPHER_THEN_AUTH ||\n-\t\t\t\topts->op_type == CPERF_AUTH_THEN_CIPHER ||\n-\t\t\t\topts->op_type == CPERF_AEAD) {\n+\t\t\t\topts->op_type == CPERF_AUTH_THEN_CIPHER) {\n \n \t\t\tcap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n \t\t\tcap_idx.algo.auth = opts->auth_algo;\n@@ -138,7 +137,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,\n \t\t\t\t\tcapability,\n \t\t\t\t\topts->auth_key_sz,\n \t\t\t\t\topts->auth_digest_sz,\n-\t\t\t\t\topts->auth_aad_sz,\n+\t\t\t\t\t0,\n \t\t\t\t\topts->auth_iv_sz);\n \t\t\tif (ret != 0)\n \t\t\t\treturn ret;\n@@ -146,8 +145,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,\n \n \t\tif (opts->op_type == CPERF_CIPHER_ONLY ||\n \t\t\t\topts->op_type == CPERF_CIPHER_THEN_AUTH ||\n-\t\t\t\topts->op_type == CPERF_AUTH_THEN_CIPHER ||\n-\t\t\t\topts->op_type == CPERF_AEAD) {\n+\t\t\t\topts->op_type == CPERF_AUTH_THEN_CIPHER) {\n \n \t\t\tcap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n \t\t\tcap_idx.algo.cipher = opts->cipher_algo;\n@@ -164,6 +162,26 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,\n \t\t\tif (ret != 0)\n \t\t\t\treturn ret;\n \t\t}\n+\n+\t\tif (opts->op_type == CPERF_AEAD) {\n+\n+\t\t\tcap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\t\t\tcap_idx.algo.aead = opts->aead_algo;\n+\n+\t\t\tcapability = rte_cryptodev_sym_capability_get(cdev_id,\n+\t\t\t\t\t&cap_idx);\n+\t\t\tif (capability == NULL)\n+\t\t\t\treturn -1;\n+\n+\t\t\tret = rte_cryptodev_sym_capability_check_aead(\n+\t\t\t\t\tcapability,\n+\t\t\t\t\topts->aead_key_sz,\n+\t\t\t\t\topts->digest_sz,\n+\t\t\t\t\topts->aead_aad_sz,\n+\t\t\t\t\topts->aead_iv_sz);\n+\t\t\tif (ret != 0)\n+\t\t\t\treturn ret;\n+\t\t}\n \t}\n \n \treturn 0;\n@@ -212,7 +230,7 @@ cperf_check_test_vector(struct cperf_options *opts,\n \t\t\t\treturn -1;\n \t\t\tif (test_vec->digest.data == NULL)\n \t\t\t\treturn -1;\n-\t\t\tif (test_vec->digest.length < opts->auth_digest_sz)\n+\t\t\tif (test_vec->digest.length < opts->digest_sz)\n \t\t\t\treturn -1;\n \t\t}\n \n@@ -253,7 +271,7 @@ cperf_check_test_vector(struct cperf_options *opts,\n \t\t\t\treturn -1;\n \t\t\tif (test_vec->digest.data == NULL)\n \t\t\t\treturn -1;\n-\t\t\tif (test_vec->digest.length < opts->auth_digest_sz)\n+\t\t\tif (test_vec->digest.length < opts->digest_sz)\n \t\t\t\treturn -1;\n \t\t}\n \t} else if (opts->op_type == CPERF_AEAD) {\n@@ -265,17 +283,17 @@ cperf_check_test_vector(struct cperf_options *opts,\n \t\t\treturn -1;\n \t\tif (test_vec->ciphertext.length < opts->max_buffer_size)\n \t\t\treturn -1;\n-\t\tif (test_vec->cipher_iv.data == NULL)\n+\t\tif (test_vec->aead_iv.data == NULL)\n \t\t\treturn -1;\n-\t\tif (test_vec->cipher_iv.length != opts->cipher_iv_sz)\n+\t\tif (test_vec->aead_iv.length != opts->aead_iv_sz)\n \t\t\treturn -1;\n \t\tif (test_vec->aad.data == NULL)\n \t\t\treturn -1;\n-\t\tif (test_vec->aad.length != opts->auth_aad_sz)\n+\t\tif (test_vec->aad.length != opts->aead_aad_sz)\n \t\t\treturn -1;\n \t\tif (test_vec->digest.data == NULL)\n \t\t\treturn -1;\n-\t\tif (test_vec->digest.length < opts->auth_digest_sz)\n+\t\tif (test_vec->digest.length < opts->digest_sz)\n \t\t\treturn -1;\n \t}\n \treturn 0;\ndiff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst\nindex 885c77e..75b960f 100644\n--- a/doc/guides/sample_app_ug/ipsec_secgw.rst\n+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst\n@@ -412,14 +412,13 @@ where each options means:\n \n * Cipher algorithm\n \n- * Optional: No\n+ * Optional: Yes, unless <aead_algo> is not used\n \n * Available options:\n \n * *null*: NULL algorithm\n * *aes-128-cbc*: AES-CBC 128-bit algorithm\n * *aes-128-ctr*: AES-CTR 128-bit algorithm\n- * *aes-128-gcm*: AES-GCM 128-bit algorithm\n \n * Syntax: *cipher_algo <your algorithm>*\n \n@@ -427,7 +426,8 @@ where each options means:\n \n * Cipher key, NOT available when 'null' algorithm is used\n \n- * Optional: No, must followed by <cipher_algo> option\n+ * Optional: Yes, unless <aead_algo> is not used.\n+ Must be followed by <cipher_algo> option\n \n * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.\n The number of bytes should be as same as the specified cipher algorithm\n@@ -440,20 +440,20 @@ where each options means:\n \n * Authentication algorithm\n \n- * Optional: No\n+ * Optional: Yes, unless <aead_algo> is not used\n \n * Available options:\n \n * *null*: NULL algorithm\n * *sha1-hmac*: HMAC SHA1 algorithm\n- * *aes-128-gcm*: AES-GCM 128-bit algorithm\n \n ``<auth_key>``\n \n * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm\n is used.\n \n- * Optional: No, must followed by <auth_algo> option\n+ * Optional: Yes, unless <aead_algo> is not used.\n+ Must be followed by <auth_algo> option\n \n * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.\n The number of bytes should be as same as the specified authentication\n@@ -462,6 +462,32 @@ where each options means:\n For example: *auth_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:\n A1:B2:C3:D4*\n \n+``<aead_algo>``\n+\n+ * AEAD algorithm\n+\n+ * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used\n+\n+ * Available options:\n+\n+ * *aes-128-gcm*: AES-GCM 128-bit algorithm\n+\n+ * Syntax: *cipher_algo <your algorithm>*\n+\n+``<aead_key>``\n+\n+ * Cipher key, NOT available when 'null' algorithm is used\n+\n+ * Optional: Yes, unless <cipher_algo> and <auth_algo> are not used.\n+ Must be followed by <aead_algo> option\n+\n+ * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.\n+ The number of bytes should be as same as the specified AEAD algorithm\n+ key size.\n+\n+ For example: *aead_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:\n+ A1:B2:C3:D4*\n+\n ``<mode>``\n \n * The operation mode\n@@ -515,9 +541,8 @@ Example SA rules:\n src 1111:1111:1111:1111:1111:1111:1111:5555 \\\n dst 2222:2222:2222:2222:2222:2222:2222:5555\n \n- sa in 105 cipher_algo aes-128-gcm \\\n- cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n- auth_algo aes-128-gcm \\\n+ sa in 105 aead_algo aes-128-gcm \\\n+ aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5\n \n Routing rule syntax\ndiff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst\nindex b9aa573..2a61af7 100644\n--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst\n+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst\n@@ -110,7 +110,9 @@ where,\n \n * chain: select the operation chaining to perform: Cipher->Hash (CIPHER_HASH),\n \n- Hash->Cipher (HASH_CIPHER), Cipher (CIPHER_ONLY), Hash(HASH_ONLY)\n+ Hash->Cipher (HASH_CIPHER), Cipher (CIPHER_ONLY), Hash (HASH_ONLY)\n+\n+ or AEAD (AEAD)\n \n (default is Cipher->Hash)\n \n@@ -154,6 +156,26 @@ where,\n \n Note that if --auth_iv is used, this will be ignored.\n \n+* aead_algo: select the AEAD algorithm (default is aes-gcm)\n+\n+* aead_op: select the AEAD operation to perform: ENCRYPT or DECRYPT\n+\n+ (default is ENCRYPT)\n+\n+* aead_key: set the AEAD key to be used. Bytes has to be separated with \":\"\n+\n+* aead_key_random_size: set the size of the AEAD key,\n+\n+ which will be generated randomly.\n+\n+ Note that if --aead_key is used, this will be ignored.\n+\n+* aead_iv: set the AEAD IV to be used. Bytes has to be separated with \":\"\n+\n+* aead_iv_random_size: set the size of the AEAD IV, which will be generated randomly.\n+\n+ Note that if --aead_iv is used, this will be ignored.\n+\n * aad: set the AAD to be used. Bytes has to be separated with \":\"\n \n * aad_random_size: set the size of the AAD, which will be generated randomly.\ndiff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst\nindex 8834df7..f1e99a1 100644\n--- a/doc/guides/tools/cryptoperf.rst\n+++ b/doc/guides/tools/cryptoperf.rst\n@@ -223,10 +223,8 @@ The following are the appication command-line options:\n 3des-ecb\n 3des-ctr\n aes-cbc\n- aes-ccm\n aes-ctr\n aes-ecb\n- aes-gcm\n aes-f8\n aes-xts\n arc4\n@@ -257,9 +255,7 @@ The following are the appication command-line options:\n \n 3des-cbc\n aes-cbc-mac\n- aes-ccm\n aes-cmac\n- aes-gcm\n aes-gmac\n aes-xcbc-mac\n md5\n@@ -294,13 +290,37 @@ The following are the appication command-line options:\n \n Set the size of auth iv.\n \n-* ``--auth-digest-sz <n>``\n+* ``--aead-algo <name>``\n+\n+ Set AEAD algorithm name, where ``name`` is one\n+ of the following::\n+\n+ aes-ccm\n+ aes-gcm\n+\n+* ``--aead-op <mode>``\n+\n+ Set AEAD operation mode, where ``mode`` is one of\n+ the following::\n+\n+ encrypt\n+ decrypt\n+\n+* ``--aead-key-sz <n>``\n+\n+ Set the size of AEAD key.\n+\n+* ``--aead-iv-sz <n>``\n+\n+ Set the size of AEAD iv.\n+\n+* ``--aead-aad-sz <n>``\n \n- Set the size of authentication digest.\n+ Set the size of AEAD aad.\n \n-* ``--auth-aad-sz <n>``\n+* ``--digest-sz <n>``\n \n- Set the size of authentication aad.\n+ Set the size of digest.\n \n * ``--csv-friendly``\n \ndiff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c\nindex 4c55355..f5ca150 100644\n--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c\n+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c\n@@ -76,13 +76,13 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,\n \t\tconst struct rte_crypto_sym_xform *xform)\n {\n \tconst struct rte_crypto_sym_xform *auth_xform;\n-\tconst struct rte_crypto_sym_xform *cipher_xform;\n+\tconst struct rte_crypto_sym_xform *aead_xform;\n \tuint16_t digest_length;\n \tuint8_t key_length;\n \tuint8_t *key;\n \n \t/* AES-GMAC */\n-\tif (xform->next == NULL) {\n+\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {\n \t\tauth_xform = xform;\n \t\tif (auth_xform->auth.algo != RTE_CRYPTO_AUTH_AES_GMAC) {\n \t\t\tGCM_LOG_ERR(\"Only AES GMAC is supported as an \"\n@@ -101,52 +101,39 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,\n \n \t\tkey_length = auth_xform->auth.key.length;\n \t\tkey = auth_xform->auth.key.data;\n+\t\tdigest_length = auth_xform->auth.digest_length;\n+\n \t/* AES-GCM */\n-\t} else {\n-\t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&\n-\t\t\t\txform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {\n-\t\t\tauth_xform = xform->next;\n-\t\t\tcipher_xform = xform;\n-\t\t} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&\n-\t\t\t\txform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {\n-\t\t\tauth_xform = xform;\n-\t\t\tcipher_xform = xform->next;\n-\t\t} else {\n-\t\t\tGCM_LOG_ERR(\"Cipher and auth xform required \"\n-\t\t\t\t\t\"when using AES GCM\");\n-\t\t\treturn -EINVAL;\n-\t\t}\n+\t} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\taead_xform = xform;\n \n-\t\tif (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&\n-\t\t\t\t(auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM))) {\n+\t\tif (aead_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) {\n \t\t\tGCM_LOG_ERR(\"The only combined operation \"\n \t\t\t\t\t\t\"supported is AES GCM\");\n \t\t\treturn -EINVAL;\n \t\t}\n \n \t\t/* Set IV parameters */\n-\t\tsess->iv.offset = cipher_xform->cipher.iv.offset;\n-\t\tsess->iv.length = cipher_xform->cipher.iv.length;\n+\t\tsess->iv.offset = aead_xform->aead.iv.offset;\n+\t\tsess->iv.length = aead_xform->aead.iv.length;\n \n \t\t/* Select Crypto operation */\n-\t\tif (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&\n-\t\t\t\tauth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)\n+\t\tif (aead_xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)\n \t\t\tsess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;\n-\t\telse if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&\n-\t\t\t\tauth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)\n+\t\telse\n \t\t\tsess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;\n-\t\telse {\n-\t\t\tGCM_LOG_ERR(\"Cipher/Auth operations: Encrypt/Generate or\"\n-\t\t\t\t\t\" Decrypt/Verify are valid only\");\n-\t\t\treturn -EINVAL;\n-\t\t}\n \n-\t\tkey_length = cipher_xform->auth.key.length;\n-\t\tkey = cipher_xform->auth.key.data;\n+\t\tkey_length = aead_xform->aead.key.length;\n+\t\tkey = aead_xform->aead.key.data;\n \n-\t\tsess->aad_length = auth_xform->auth.add_auth_data_length;\n+\t\tsess->aad_length = aead_xform->aead.add_auth_data_length;\n+\t\tdigest_length = aead_xform->aead.digest_length;\n+\t} else {\n+\t\tGCM_LOG_ERR(\"Wrong xform type, has to be AEAD or authentication\");\n+\t\treturn -EINVAL;\n \t}\n \n+\n \t/* IV check */\n \tif (sess->iv.length != 16 && sess->iv.length != 12 &&\n \t\t\tsess->iv.length != 0) {\n@@ -154,8 +141,6 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,\n \t\treturn -EINVAL;\n \t}\n \n-\tdigest_length = auth_xform->auth.digest_length;\n-\n \t/* Check key length and calculate GCM pre-compute. */\n \tswitch (key_length) {\n \tcase 16:\n@@ -169,7 +154,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,\n \n \t\tbreak;\n \tdefault:\n-\t\tGCM_LOG_ERR(\"Unsupported cipher/auth key length\");\n+\t\tGCM_LOG_ERR(\"Unsupported key length\");\n \t\treturn -EINVAL;\n \t}\n \n@@ -240,9 +225,9 @@ process_gcm_crypto_op(struct rte_crypto_op *op,\n \n \tif (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION ||\n \t\t\tsession->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {\n-\t\toffset = sym_op->cipher.data.offset;\n+\t\toffset = sym_op->aead.data.offset;\n \t\tdata_offset = offset;\n-\t\tdata_length = sym_op->cipher.data.length;\n+\t\tdata_length = sym_op->aead.data.length;\n \t} else {\n \t\toffset = sym_op->auth.data.offset;\n \t\tdata_offset = offset;\n@@ -295,7 +280,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,\n \n \t\taesni_gcm_enc[session->key].init(&session->gdata,\n \t\t\t\tIV_ptr,\n-\t\t\t\tsym_op->auth.aad.data,\n+\t\t\t\tsym_op->aead.aad.data,\n \t\t\t\t(uint64_t)session->aad_length);\n \n \t\taesni_gcm_enc[session->key].update(&session->gdata, dst, src,\n@@ -319,7 +304,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,\n \t\t}\n \n \t\taesni_gcm_enc[session->key].finalize(&session->gdata,\n-\t\t\t\tsym_op->auth.digest.data,\n+\t\t\t\tsym_op->aead.digest.data,\n \t\t\t\t(uint64_t)session->digest_length);\n \t} else if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {\n \t\tuint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?\n@@ -333,7 +318,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,\n \n \t\taesni_gcm_dec[session->key].init(&session->gdata,\n \t\t\t\tIV_ptr,\n-\t\t\t\tsym_op->auth.aad.data,\n+\t\t\t\tsym_op->aead.aad.data,\n \t\t\t\t(uint64_t)session->aad_length);\n \n \t\taesni_gcm_dec[session->key].update(&session->gdata, dst, src,\n@@ -413,19 +398,24 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)\n \t/* Verify digest if required */\n \tif (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION ||\n \t\t\tsession->op == AESNI_GMAC_OP_VERIFY) {\n+\t\tuint8_t *digest;\n \n \t\tuint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,\n \t\t\t\tm->data_len - session->digest_length);\n \n+\t\tif (session->op == AESNI_GMAC_OP_VERIFY)\n+\t\t\tdigest = op->sym->auth.digest.data;\n+\t\telse\n+\t\t\tdigest = op->sym->aead.digest.data;\n+\n #ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG\n \t\trte_hexdump(stdout, \"auth tag (orig):\",\n-\t\t\t\top->sym->auth.digest.data, session->digest_length);\n+\t\t\t\tdigest, session->digest_length);\n \t\trte_hexdump(stdout, \"auth tag (calc):\",\n \t\t\t\ttag, session->digest_length);\n #endif\n \n-\t\tif (memcmp(tag, op->sym->auth.digest.data,\n-\t\t\t\tsession->digest_length) != 0)\n+\t\tif (memcmp(tag, digest,\tsession->digest_length) != 0)\n \t\t\top->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n \n \t\t/* trim area used for digest from mbuf */\ndiff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c\nindex 39285d0..5317657 100644\n--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c\n+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c\n@@ -65,12 +65,12 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n-\t{\t/* AES GCM (AUTH) */\n+\t{\t/* AES GCM */\n \t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n \t\t{.sym = {\n-\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n-\t\t\t{.auth = {\n-\t\t\t\t.algo = RTE_CRYPTO_AUTH_AES_GCM,\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t{.aead = {\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n \t\t\t\t.block_size = 16,\n \t\t\t\t.key_size = {\n \t\t\t\t\t.min = 16,\n@@ -87,22 +87,6 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {\n \t\t\t\t\t.max = 65535,\n \t\t\t\t\t.increment = 1\n \t\t\t\t},\n-\t\t\t\t.iv_size = { 0 }\n-\t\t\t}, }\n-\t\t}, }\n-\t},\n-\t{\t/* AES GCM (CIPHER) */\n-\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n-\t\t{.sym = {\n-\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,\n-\t\t\t{.cipher = {\n-\t\t\t\t.algo = RTE_CRYPTO_CIPHER_AES_GCM,\n-\t\t\t\t.block_size = 16,\n-\t\t\t\t.key_size = {\n-\t\t\t\t\t.min = 16,\n-\t\t\t\t\t.max = 32,\n-\t\t\t\t\t.increment = 16\n-\t\t\t\t},\n \t\t\t\t.iv_size = {\n \t\t\t\t\t.min = 12,\n \t\t\t\t\t.max = 12,\ndiff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c\nindex e3666f6..8ec6d4a 100644\n--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c\n+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c\n@@ -817,8 +817,6 @@ dpaa2_sec_cipher_init(struct rte_cryptodev *dev,\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_AES_CTR:\n \tcase RTE_CRYPTO_CIPHER_3DES_CTR:\n-\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n-\tcase RTE_CRYPTO_CIPHER_AES_CCM:\n \tcase RTE_CRYPTO_CIPHER_AES_ECB:\n \tcase RTE_CRYPTO_CIPHER_3DES_ECB:\n \tcase RTE_CRYPTO_CIPHER_AES_XTS:\n@@ -946,7 +944,6 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,\n \t\tsession->auth_alg = RTE_CRYPTO_AUTH_SHA224_HMAC;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n-\tcase RTE_CRYPTO_AUTH_AES_GCM:\n \tcase RTE_CRYPTO_AUTH_SNOW3G_UIA2:\n \tcase RTE_CRYPTO_AUTH_NULL:\n \tcase RTE_CRYPTO_AUTH_SHA1:\n@@ -955,7 +952,6 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,\n \tcase RTE_CRYPTO_AUTH_SHA224:\n \tcase RTE_CRYPTO_AUTH_SHA384:\n \tcase RTE_CRYPTO_AUTH_MD5:\n-\tcase RTE_CRYPTO_AUTH_AES_CCM:\n \tcase RTE_CRYPTO_AUTH_AES_GMAC:\n \tcase RTE_CRYPTO_AUTH_KASUMI_F9:\n \tcase RTE_CRYPTO_AUTH_AES_CMAC:\n@@ -1100,7 +1096,6 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,\n \t\tsession->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n-\tcase RTE_CRYPTO_AUTH_AES_GCM:\n \tcase RTE_CRYPTO_AUTH_SNOW3G_UIA2:\n \tcase RTE_CRYPTO_AUTH_NULL:\n \tcase RTE_CRYPTO_AUTH_SHA1:\n@@ -1109,7 +1104,6 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,\n \tcase RTE_CRYPTO_AUTH_SHA224:\n \tcase RTE_CRYPTO_AUTH_SHA384:\n \tcase RTE_CRYPTO_AUTH_MD5:\n-\tcase RTE_CRYPTO_AUTH_AES_CCM:\n \tcase RTE_CRYPTO_AUTH_AES_GMAC:\n \tcase RTE_CRYPTO_AUTH_KASUMI_F9:\n \tcase RTE_CRYPTO_AUTH_AES_CMAC:\n@@ -1141,13 +1135,11 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,\n \t\tsession->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC;\n \t\tctxt->iv.length = TDES_CBC_IV_LEN;\n \t\tbreak;\n-\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n \tcase RTE_CRYPTO_CIPHER_SNOW3G_UEA2:\n \tcase RTE_CRYPTO_CIPHER_NULL:\n \tcase RTE_CRYPTO_CIPHER_3DES_ECB:\n \tcase RTE_CRYPTO_CIPHER_AES_ECB:\n \tcase RTE_CRYPTO_CIPHER_AES_CTR:\n-\tcase RTE_CRYPTO_CIPHER_AES_CCM:\n \tcase RTE_CRYPTO_CIPHER_KASUMI_F8:\n \t\tRTE_LOG(ERR, PMD, \"Crypto: Unsupported Cipher alg %u\",\n \t\t\tcipher_xform->algo);\ndiff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c\nindex 89fd11b..a33c36e 100644\n--- a/drivers/crypto/openssl/rte_openssl_pmd.c\n+++ b/drivers/crypto/openssl/rte_openssl_pmd.c\n@@ -88,6 +88,8 @@ openssl_get_chain_order(const struct rte_crypto_sym_xform *xform)\n \t\t\telse if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)\n \t\t\t\tres = OPENSSL_CHAIN_CIPHER_AUTH;\n \t\t}\n+\t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)\n+\t\t\tres = OPENSSL_CHAIN_COMBINED;\n \t}\n \n \treturn res;\n@@ -183,21 +185,6 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm sess_algo, size_t keylen,\n \t\t\t\tres = -EINVAL;\n \t\t\t}\n \t\t\tbreak;\n-\t\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n-\t\t\tswitch (keylen) {\n-\t\t\tcase 16:\n-\t\t\t\t*algo = EVP_aes_128_gcm();\n-\t\t\t\tbreak;\n-\t\t\tcase 24:\n-\t\t\t\t*algo = EVP_aes_192_gcm();\n-\t\t\t\tbreak;\n-\t\t\tcase 32:\n-\t\t\t\t*algo = EVP_aes_256_gcm();\n-\t\t\t\tbreak;\n-\t\t\tdefault:\n-\t\t\t\tres = -EINVAL;\n-\t\t\t}\n-\t\t\tbreak;\n \t\tdefault:\n \t\t\tres = -EINVAL;\n \t\t\tbreak;\n@@ -253,6 +240,41 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo,\n \treturn res;\n }\n \n+/** Get adequate openssl function for input cipher algorithm */\n+static uint8_t\n+get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,\n+\t\tconst EVP_CIPHER **algo)\n+{\n+\tint res = 0;\n+\n+\tif (algo != NULL) {\n+\t\tswitch (sess_algo) {\n+\t\tcase RTE_CRYPTO_AEAD_AES_GCM:\n+\t\t\tswitch (keylen) {\n+\t\t\tcase 16:\n+\t\t\t\t*algo = EVP_aes_128_gcm();\n+\t\t\t\tbreak;\n+\t\t\tcase 24:\n+\t\t\t\t*algo = EVP_aes_192_gcm();\n+\t\t\t\tbreak;\n+\t\t\tcase 32:\n+\t\t\t\t*algo = EVP_aes_256_gcm();\n+\t\t\t\tbreak;\n+\t\t\tdefault:\n+\t\t\t\tres = -EINVAL;\n+\t\t\t}\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tres = -EINVAL;\n+\t\t\tbreak;\n+\t\t}\n+\t} else {\n+\t\tres = -EINVAL;\n+\t}\n+\n+\treturn res;\n+}\n+\n /** Set session cipher parameters */\n static int\n openssl_set_session_cipher_parameters(struct openssl_session *sess,\n@@ -272,7 +294,6 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,\n \tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n \tcase RTE_CRYPTO_CIPHER_AES_CBC:\n \tcase RTE_CRYPTO_CIPHER_AES_CTR:\n-\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n \t\tsess->cipher.mode = OPENSSL_CIPHER_LIB;\n \t\tsess->cipher.algo = xform->cipher.algo;\n \t\tsess->cipher.ctx = EVP_CIPHER_CTX_new();\n@@ -329,12 +350,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,\n \n \t/* Select auth algo */\n \tswitch (xform->auth.algo) {\n-\tcase RTE_CRYPTO_AUTH_AES_GCM:\n-\t\t/* Check additional condition for AES_GCM */\n-\t\tif (sess->cipher.algo != RTE_CRYPTO_CIPHER_AES_GCM)\n-\t\t\treturn -EINVAL;\n-\t\tsess->chain_order = OPENSSL_CHAIN_COMBINED;\n-\t\tbreak;\n \tcase RTE_CRYPTO_AUTH_AES_GMAC:\n \t\tsess->chain_order = OPENSSL_CHAIN_COMBINED;\n \n@@ -355,7 +370,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,\n \t\tsess->cipher.key.length = xform->auth.key.length;\n \t\tsess->cipher.ctx = EVP_CIPHER_CTX_new();\n \n-\t\tif (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_GCM,\n+\t\tif (get_aead_algo(RTE_CRYPTO_AEAD_AES_GCM,\n \t\t\t\tsess->cipher.key.length,\n \t\t\t\t&sess->cipher.evp_algo) != 0)\n \t\t\treturn -EINVAL;\n@@ -403,6 +418,50 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,\n \treturn 0;\n }\n \n+/* Set session AEAD parameters */\n+static int\n+openssl_set_session_aead_parameters(struct openssl_session *sess,\n+\t\tconst struct rte_crypto_sym_xform *xform)\n+{\n+\t/* Select cipher direction */\n+\tsess->cipher.direction = xform->cipher.op;\n+\t/* Select cipher key */\n+\tsess->cipher.key.length = xform->aead.key.length;\n+\n+\t/* Set IV parameters */\n+\tsess->iv.offset = xform->aead.iv.offset;\n+\tsess->iv.length = xform->aead.iv.length;\n+\n+\t/* Select auth generate/verify */\n+\tsess->auth.operation = xform->auth.op;\n+\tsess->auth.algo = xform->auth.algo;\n+\n+\t/* Select auth algo */\n+\tswitch (xform->aead.algo) {\n+\tcase RTE_CRYPTO_AEAD_AES_GCM:\n+\t\tsess->cipher.mode = OPENSSL_CIPHER_LIB;\n+\t\tsess->aead_algo = xform->aead.algo;\n+\t\tsess->cipher.ctx = EVP_CIPHER_CTX_new();\n+\n+\t\tif (get_aead_algo(sess->aead_algo, sess->cipher.key.length,\n+\t\t\t\t&sess->cipher.evp_algo) != 0)\n+\t\t\treturn -EINVAL;\n+\n+\t\tget_cipher_key(xform->cipher.key.data, sess->cipher.key.length,\n+\t\t\tsess->cipher.key.data);\n+\n+\t\tsess->chain_order = OPENSSL_CHAIN_COMBINED;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tsess->auth.aad_length = xform->aead.add_auth_data_length;\n+\tsess->auth.digest_length = xform->aead.digest_length;\n+\n+\treturn 0;\n+}\n+\n /** Parse crypto xform chain and set private session parameters */\n int\n openssl_set_session_parameters(struct openssl_session *sess,\n@@ -410,6 +469,7 @@ openssl_set_session_parameters(struct openssl_session *sess,\n {\n \tconst struct rte_crypto_sym_xform *cipher_xform = NULL;\n \tconst struct rte_crypto_sym_xform *auth_xform = NULL;\n+\tconst struct rte_crypto_sym_xform *aead_xform = NULL;\n \n \tsess->chain_order = openssl_get_chain_order(xform);\n \tswitch (sess->chain_order) {\n@@ -427,6 +487,9 @@ openssl_set_session_parameters(struct openssl_session *sess,\n \t\tauth_xform = xform;\n \t\tcipher_xform = xform->next;\n \t\tbreak;\n+\tcase OPENSSL_CHAIN_COMBINED:\n+\t\taead_xform = xform;\n+\t\tbreak;\n \tdefault:\n \t\treturn -EINVAL;\n \t}\n@@ -452,6 +515,14 @@ openssl_set_session_parameters(struct openssl_session *sess,\n \t\t}\n \t}\n \n+\tif (aead_xform) {\n+\t\tif (openssl_set_session_aead_parameters(sess, aead_xform)) {\n+\t\t\tOPENSSL_LOG_ERR(\n+\t\t\t\t\"Invalid/unsupported auth parameters\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t}\n+\n \treturn 0;\n }\n \n@@ -964,26 +1035,27 @@ process_openssl_combined_op\n \tiv = rte_crypto_op_ctod_offset(op, uint8_t *,\n \t\t\tsess->iv.offset);\n \tivlen = sess->iv.length;\n-\ttag = op->sym->auth.digest.data;\n-\tif (tag == NULL)\n-\t\ttag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,\n-\t\t\t\top->sym->cipher.data.offset +\n-\t\t\t\top->sym->cipher.data.length);\n-\n \tif (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {\n \t\tsrclen = 0;\n \t\toffset = op->sym->auth.data.offset;\n \t\taadlen = op->sym->auth.data.length;\n \t\taad = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,\n \t\t\t\top->sym->auth.data.offset);\n-\n+\t\ttag = op->sym->auth.digest.data;\n+\t\tif (tag == NULL)\n+\t\t\ttag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,\n+\t\t\t\toffset + aadlen);\n \t} else {\n-\t\tsrclen = op->sym->cipher.data.length;\n+\t\tsrclen = op->sym->aead.data.length;\n \t\tdst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,\n-\t\t\t\top->sym->cipher.data.offset);\n-\t\toffset = op->sym->cipher.data.offset;\n-\t\taad = op->sym->auth.aad.data;\n+\t\t\t\top->sym->aead.data.offset);\n+\t\toffset = op->sym->aead.data.offset;\n+\t\taad = op->sym->aead.aad.data;\n \t\taadlen = sess->auth.aad_length;\n+\t\ttag = op->sym->aead.digest.data;\n+\t\tif (tag == NULL)\n+\t\t\ttag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,\n+\t\t\t\toffset + srclen);\n \t}\n \n \tif (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\ndiff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c\nindex fc525d9..26265b8 100644\n--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c\n+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c\n@@ -344,12 +344,12 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n-\t{\t/* AES GCM (AUTH) */\n+\t{\t/* AES GCM */\n \t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n \t\t{.sym = {\n-\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n-\t\t\t{.auth = {\n-\t\t\t\t.algo = RTE_CRYPTO_AUTH_AES_GCM,\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t{.aead = {\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n \t\t\t\t.block_size = 16,\n \t\t\t\t.key_size = {\n \t\t\t\t\t.min = 16,\n@@ -366,27 +366,11 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {\n \t\t\t\t\t.max = 65535,\n \t\t\t\t\t.increment = 1\n \t\t\t\t},\n-\t\t\t\t.iv_size = { 0 }\n-\t\t\t}, }\n-\t\t}, }\n-\t},\n-\t{\t/* AES GCM (CIPHER) */\n-\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n-\t\t{.sym = {\n-\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,\n-\t\t\t{.cipher = {\n-\t\t\t\t.algo = RTE_CRYPTO_CIPHER_AES_GCM,\n-\t\t\t\t.block_size = 16,\n-\t\t\t\t.key_size = {\n-\t\t\t\t\t.min = 16,\n-\t\t\t\t\t.max = 32,\n-\t\t\t\t\t.increment = 8\n-\t\t\t\t},\n \t\t\t\t.iv_size = {\n \t\t\t\t\t.min = 12,\n \t\t\t\t\t.max = 16,\n \t\t\t\t\t.increment = 4\n-\t\t\t\t}\n+\t\t\t\t},\n \t\t\t}, }\n \t\t}, }\n \t},\ndiff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h\nindex 4c9be05..7799407 100644\n--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h\n+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h\n@@ -113,6 +113,10 @@ struct openssl_session {\n \t\tuint16_t offset;\n \t} iv;\n \t/**< IV parameters */\n+\n+\tenum rte_crypto_aead_algorithm aead_algo;\n+\t/**< AEAD algorithm */\n+\n \t/** Cipher Parameters */\n \tstruct {\n \t\tenum rte_crypto_cipher_operation direction;\ndiff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c\nindex 963c311..f29c016 100644\n--- a/drivers/crypto/qat/qat_crypto.c\n+++ b/drivers/crypto/qat/qat_crypto.c\n@@ -245,6 +245,14 @@ qat_get_cmd_id(const struct rte_crypto_sym_xform *xform)\n \tif (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)\n \t\treturn ICP_QAT_FW_LA_CMD_AUTH;\n \n+\t/* AEAD */\n+\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tif (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)\n+\t\t\treturn ICP_QAT_FW_LA_CMD_CIPHER_HASH;\n+\t\telse\n+\t\t\treturn ICP_QAT_FW_LA_CMD_HASH_CIPHER;\n+\t}\n+\n \tif (xform->next == NULL)\n \t\treturn -1;\n \n@@ -309,14 +317,6 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,\n \t\t}\n \t\tsession->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;\n \t\tbreak;\n-\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n-\t\tif (qat_alg_validate_aes_key(cipher_xform->key.length,\n-\t\t\t\t&session->qat_cipher_alg) != 0) {\n-\t\t\tPMD_DRV_LOG(ERR, \"Invalid AES cipher key size\");\n-\t\t\tgoto error_out;\n-\t\t}\n-\t\tsession->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;\n-\t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_AES_CTR:\n \t\tif (qat_alg_validate_aes_key(cipher_xform->key.length,\n \t\t\t\t&session->qat_cipher_alg) != 0) {\n@@ -417,7 +417,6 @@ qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_3DES_ECB:\n \tcase RTE_CRYPTO_CIPHER_AES_ECB:\n-\tcase RTE_CRYPTO_CIPHER_AES_CCM:\n \tcase RTE_CRYPTO_CIPHER_AES_F8:\n \tcase RTE_CRYPTO_CIPHER_AES_XTS:\n \tcase RTE_CRYPTO_CIPHER_ARC4:\n@@ -479,12 +478,26 @@ qat_crypto_sym_configure_session(struct rte_cryptodev *dev,\n \tsession = qat_crypto_sym_configure_session_auth(dev, xform, session);\n \t\tbreak;\n \tcase ICP_QAT_FW_LA_CMD_CIPHER_HASH:\n-\tsession = qat_crypto_sym_configure_session_cipher(dev, xform, session);\n-\tsession = qat_crypto_sym_configure_session_auth(dev, xform, session);\n+\t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)\n+\t\t\tsession = qat_crypto_sym_configure_session_aead(xform,\n+\t\t\t\t\tsession);\n+\t\telse {\n+\t\t\tsession = qat_crypto_sym_configure_session_cipher(dev,\n+\t\t\t\t\txform, session);\n+\t\t\tsession = qat_crypto_sym_configure_session_auth(dev,\n+\t\t\t\t\txform, session);\n+\t\t}\n \t\tbreak;\n \tcase ICP_QAT_FW_LA_CMD_HASH_CIPHER:\n-\tsession = qat_crypto_sym_configure_session_auth(dev, xform, session);\n-\tsession = qat_crypto_sym_configure_session_cipher(dev, xform, session);\n+\t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)\n+\t\t\tsession = qat_crypto_sym_configure_session_aead(xform,\n+\t\t\t\t\tsession);\n+\t\telse {\n+\t\t\tsession = qat_crypto_sym_configure_session_auth(dev,\n+\t\t\t\t\txform, session);\n+\t\t\tsession = qat_crypto_sym_configure_session_cipher(dev,\n+\t\t\t\t\txform, session);\n+\t\t}\n \t\tbreak;\n \tcase ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:\n \tcase ICP_QAT_FW_LA_CMD_TRNG_TEST:\n@@ -518,7 +531,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,\n \n \tstruct qat_session *session = session_private;\n \tstruct rte_crypto_auth_xform *auth_xform = NULL;\n-\tstruct rte_crypto_cipher_xform *cipher_xform = NULL;\n \tstruct qat_pmd_private *internals = dev->data->dev_private;\n \tauth_xform = qat_get_auth_xform(xform);\n \tuint8_t *key_data = auth_xform->key.data;\n@@ -543,14 +555,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,\n \tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n \t\tsession->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;\n \t\tbreak;\n-\tcase RTE_CRYPTO_AUTH_AES_GCM:\n-\t\tcipher_xform = qat_get_cipher_xform(xform);\n-\n-\t\tsession->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;\n-\n-\t\tkey_data = cipher_xform->key.data;\n-\t\tkey_length = cipher_xform->key.length;\n-\t\tbreak;\n \tcase RTE_CRYPTO_AUTH_AES_GMAC:\n \t\tif (qat_alg_validate_aes_key(auth_xform->key.length,\n \t\t\t\t&session->qat_cipher_alg) != 0) {\n@@ -588,8 +592,6 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,\n \tcase RTE_CRYPTO_AUTH_SHA224:\n \tcase RTE_CRYPTO_AUTH_SHA384:\n \tcase RTE_CRYPTO_AUTH_MD5:\n-\tcase RTE_CRYPTO_AUTH_AES_CCM:\n-\tcase RTE_CRYPTO_AUTH_AES_CMAC:\n \tcase RTE_CRYPTO_AUTH_AES_CBC_MAC:\n \t\tPMD_DRV_LOG(ERR, \"Crypto: Unsupported hash alg %u\",\n \t\t\t\tauth_xform->algo);\n@@ -649,7 +651,7 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,\n \t\tif (qat_alg_aead_session_create_content_desc_auth(session,\n \t\t\t\tkey_data,\n \t\t\t\tkey_length,\n-\t\t\t\tauth_xform->add_auth_data_length,\n+\t\t\t\t0,\n \t\t\t\tauth_xform->digest_length,\n \t\t\t\tauth_xform->op))\n \t\t\tgoto error_out;\n@@ -662,6 +664,85 @@ qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,\n \treturn NULL;\n }\n \n+struct qat_session *\n+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,\n+\t\t\t\tstruct qat_session *session_private)\n+{\n+\tstruct qat_session *session = session_private;\n+\tstruct rte_crypto_aead_xform *aead_xform = &xform->aead;\n+\n+\t/*\n+\t * Store AEAD IV parameters as cipher IV,\n+\t * to avoid unnecessary memory usage\n+\t */\n+\tsession->cipher_iv.offset = xform->aead.iv.offset;\n+\tsession->cipher_iv.length = xform->aead.iv.length;\n+\n+\tswitch (aead_xform->algo) {\n+\tcase RTE_CRYPTO_AEAD_AES_GCM:\n+\t\tif (qat_alg_validate_aes_key(aead_xform->key.length,\n+\t\t\t\t&session->qat_cipher_alg) != 0) {\n+\t\t\tPMD_DRV_LOG(ERR, \"Invalid AES key size\");\n+\t\t\tgoto error_out;\n+\t\t}\n+\t\tsession->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;\n+\t\tsession->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AEAD_AES_CCM:\n+\t\tPMD_DRV_LOG(ERR, \"Crypto QAT PMD: Unsupported AEAD alg %u\",\n+\t\t\t\taead_xform->algo);\n+\t\tgoto error_out;\n+\tdefault:\n+\t\tPMD_DRV_LOG(ERR, \"Crypto: Undefined AEAD specified %u\\n\",\n+\t\t\t\taead_xform->algo);\n+\t\tgoto error_out;\n+\t}\n+\n+\tif (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {\n+\t\tsession->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;\n+\t\t/*\n+\t\t * It needs to create cipher desc content first,\n+\t\t * then authentication\n+\t\t */\n+\t\tif (qat_alg_aead_session_create_content_desc_cipher(session,\n+\t\t\t\t\taead_xform->key.data,\n+\t\t\t\t\taead_xform->key.length))\n+\t\t\tgoto error_out;\n+\n+\t\tif (qat_alg_aead_session_create_content_desc_auth(session,\n+\t\t\t\t\taead_xform->key.data,\n+\t\t\t\t\taead_xform->key.length,\n+\t\t\t\t\taead_xform->add_auth_data_length,\n+\t\t\t\t\taead_xform->digest_length,\n+\t\t\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE))\n+\t\t\tgoto error_out;\n+\t} else {\n+\t\tsession->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;\n+\t\t/*\n+\t\t * It needs to create authentication desc content first,\n+\t\t * then cipher\n+\t\t */\n+\t\tif (qat_alg_aead_session_create_content_desc_auth(session,\n+\t\t\t\t\taead_xform->key.data,\n+\t\t\t\t\taead_xform->key.length,\n+\t\t\t\t\taead_xform->add_auth_data_length,\n+\t\t\t\t\taead_xform->digest_length,\n+\t\t\t\t\tRTE_CRYPTO_AUTH_OP_VERIFY))\n+\t\t\tgoto error_out;\n+\n+\t\tif (qat_alg_aead_session_create_content_desc_cipher(session,\n+\t\t\t\t\taead_xform->key.data,\n+\t\t\t\t\taead_xform->key.length))\n+\t\t\tgoto error_out;\n+\t}\n+\n+\tsession->digest_length = aead_xform->digest_length;\n+\treturn session;\n+\n+error_out:\n+\treturn NULL;\n+}\n+\n unsigned qat_crypto_sym_get_session_private_size(\n \t\tstruct rte_cryptodev *dev __rte_unused)\n {\n@@ -984,7 +1065,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,\n \tstruct icp_qat_fw_la_cipher_req_params *cipher_param;\n \tstruct icp_qat_fw_la_auth_req_params *auth_param;\n \tregister struct icp_qat_fw_la_bulk_req *qat_req;\n-\tuint8_t do_auth = 0, do_cipher = 0;\n+\tuint8_t do_auth = 0, do_cipher = 0, do_aead = 0;\n \tuint32_t cipher_len = 0, cipher_ofs = 0;\n \tuint32_t auth_len = 0, auth_ofs = 0;\n \tuint32_t min_ofs = 0;\n@@ -1018,9 +1099,15 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,\n \tauth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));\n \n \tif (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||\n-\t\tctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {\n-\t\tdo_auth = 1;\n-\t\tdo_cipher = 1;\n+\t\t\tctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {\n+\t\t/* AES-GCM */\n+\t\tif (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||\n+\t\t\t\tctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {\n+\t\t\tdo_aead = 1;\n+\t\t} else {\n+\t\t\tdo_auth = 1;\n+\t\t\tdo_cipher = 1;\n+\t\t}\n \t} else if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_AUTH) {\n \t\tdo_auth = 1;\n \t\tdo_cipher = 0;\n@@ -1112,18 +1199,10 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,\n \t\t\t\t\tICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||\n \t\t\t\tctx->qat_hash_alg ==\n \t\t\t\t\tICP_QAT_HW_AUTH_ALGO_GALOIS_64) {\n-\t\t\t/* AES-GCM */\n-\t\t\tif (do_cipher) {\n-\t\t\t\tauth_ofs = op->sym->cipher.data.offset;\n-\t\t\t\tauth_len = op->sym->cipher.data.length;\n-\n-\t\t\t\tauth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;\n \t\t\t/* AES-GMAC */\n-\t\t\t} else {\n-\t\t\t\tset_cipher_IV(ctx->auth_iv.length,\n-\t\t\t\t\tctx->auth_iv.offset,\n-\t\t\t\t\tcipher_param, op, qat_req);\n-\t\t\t}\n+\t\t\tset_cipher_IV(ctx->auth_iv.length,\n+\t\t\t\tctx->auth_iv.offset,\n+\t\t\t\tcipher_param, op, qat_req);\n \t\t} else {\n \t\t\tauth_ofs = op->sym->auth.data.offset;\n \t\t\tauth_len = op->sym->auth.data.length;\n@@ -1134,6 +1213,19 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,\n \n \t}\n \n+\tif (do_aead) {\n+\t\tcipher_len = op->sym->aead.data.length;\n+\t\tcipher_ofs = op->sym->aead.data.offset;\n+\t\tauth_len = op->sym->aead.data.length;\n+\t\tauth_ofs = op->sym->aead.data.offset;\n+\n+\t\tauth_param->u1.aad_adr = op->sym->aead.aad.phys_addr;\n+\t\tauth_param->auth_res_addr = op->sym->aead.digest.phys_addr;\n+\t\tset_cipher_IV(ctx->cipher_iv.length, ctx->cipher_iv.offset,\n+\t\t\t\tcipher_param, op, qat_req);\n+\t\tmin_ofs = op->sym->aead.data.offset;\n+\t}\n+\n \tif (op->sym->m_src->next || (op->sym->m_dst && op->sym->m_dst->next))\n \t\tdo_sgl = 1;\n \n@@ -1175,7 +1267,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,\n \t\tdst_buf_start = src_buf_start;\n \t}\n \n-\tif (do_cipher) {\n+\tif (do_cipher || do_aead) {\n \t\tcipher_param->cipher_offset =\n \t\t\t\t(uint32_t)rte_pktmbuf_mtophys_offset(\n \t\t\t\top->sym->m_src, cipher_ofs) - src_buf_start;\n@@ -1184,7 +1276,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,\n \t\tcipher_param->cipher_offset = 0;\n \t\tcipher_param->cipher_length = 0;\n \t}\n-\tif (do_auth) {\n+\n+\tif (do_auth || do_aead) {\n \t\tauth_param->auth_off = (uint32_t)rte_pktmbuf_mtophys_offset(\n \t\t\t\top->sym->m_src, auth_ofs) - src_buf_start;\n \t\tauth_param->auth_len = auth_len;\n@@ -1192,6 +1285,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,\n \t\tauth_param->auth_off = 0;\n \t\tauth_param->auth_len = 0;\n \t}\n+\n \tqat_req->comn_mid.dst_length =\n \t\tqat_req->comn_mid.src_length =\n \t\t(cipher_param->cipher_offset + cipher_param->cipher_length)\n@@ -1250,7 +1344,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,\n \t\t\t\tICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);\n \t\t}\n \t\t/* GMAC */\n-\t\tif (!do_cipher) {\n+\t\tif (!do_aead) {\n \t\t\tqat_req->comn_mid.dst_length =\n \t\t\t\tqat_req->comn_mid.src_length =\n \t\t\t\t\trte_pktmbuf_data_len(op->sym->m_src);\n@@ -1285,7 +1379,12 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,\n \t\t}\n \t\trte_hexdump(stdout, \"digest:\", op->sym->auth.digest.data,\n \t\t\t\tctx->digest_lengthh);\n-\t\trte_hexdump(stdout, \"aad:\", op->sym->auth.aad.data,\n+\t}\n+\n+\tif (do_aead) {\n+\t\trte_hexdump(stdout, \"digest:\", op->sym->aead.digest.data,\n+\t\t\t\tctx->digest_length);\n+\t\trte_hexdump(stdout, \"aad:\", op->sym->aead.aad.data,\n \t\t\t\tctx->aad_len);\n \t}\n #endif\ndiff --git a/drivers/crypto/qat/qat_crypto.h b/drivers/crypto/qat/qat_crypto.h\nindex b740d6b..f76f3ca 100644\n--- a/drivers/crypto/qat/qat_crypto.h\n+++ b/drivers/crypto/qat/qat_crypto.h\n@@ -117,6 +117,10 @@ qat_crypto_sym_configure_session(struct rte_cryptodev *dev,\n \t\tstruct rte_crypto_sym_xform *xform, void *session_private);\n \n struct qat_session *\n+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,\n+\t\t\t\tstruct qat_session *session_private);\n+\n+struct qat_session *\n qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,\n \t\t\t\tstruct rte_crypto_sym_xform *xform,\n \t\t\t\tstruct qat_session *session_private);\ndiff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h\nindex d863ccd..fee8ee1 100644\n--- a/drivers/crypto/qat/qat_crypto_capabilities.h\n+++ b/drivers/crypto/qat/qat_crypto_capabilities.h\n@@ -189,12 +189,12 @@\n \t\t\t}, }\t\t\t\t\t\t\\\n \t\t}, }\t\t\t\t\t\t\t\\\n \t},\t\t\t\t\t\t\t\t\\\n-\t{\t/* AES GCM (AUTH) */\t\t\t\t\t\\\n+\t{\t/* AES GCM */\t\t\t\t\t\t\\\n \t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\t\t\t\\\n \t\t{.sym = {\t\t\t\t\t\t\\\n-\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\t\\\n-\t\t\t{.auth = {\t\t\t\t\t\\\n-\t\t\t\t.algo = RTE_CRYPTO_AUTH_AES_GCM,\t\\\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,\t\\\n+\t\t\t{.aead = {\t\t\t\t\t\\\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\t\\\n \t\t\t\t.block_size = 16,\t\t\t\\\n \t\t\t\t.key_size = {\t\t\t\t\\\n \t\t\t\t\t.min = 16,\t\t\t\\\n@@ -211,7 +211,11 @@\n \t\t\t\t\t.max = 240,\t\t\t\\\n \t\t\t\t\t.increment = 1\t\t\t\\\n \t\t\t\t},\t\t\t\t\t\\\n-\t\t\t\t.iv_size = { 0 }\t\t\t\\\n+\t\t\t\t.iv_size = {\t\t\t\t\\\n+\t\t\t\t\t.min = 12,\t\t\t\\\n+\t\t\t\t\t.max = 12,\t\t\t\\\n+\t\t\t\t\t.increment = 0\t\t\t\\\n+\t\t\t\t},\t\t\t\t\t\\\n \t\t\t}, }\t\t\t\t\t\t\\\n \t\t}, }\t\t\t\t\t\t\t\\\n \t},\t\t\t\t\t\t\t\t\\\n@@ -266,26 +270,6 @@\n \t\t\t}, }\t\t\t\t\t\t\\\n \t\t}, }\t\t\t\t\t\t\t\\\n \t},\t\t\t\t\t\t\t\t\\\n-\t{\t/* AES GCM (CIPHER) */\t\t\t\t\t\\\n-\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\t\t\t\\\n-\t\t{.sym = {\t\t\t\t\t\t\\\n-\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,\t\\\n-\t\t\t{.cipher = {\t\t\t\t\t\\\n-\t\t\t\t.algo = RTE_CRYPTO_CIPHER_AES_GCM,\t\\\n-\t\t\t\t.block_size = 16,\t\t\t\\\n-\t\t\t\t.key_size = {\t\t\t\t\\\n-\t\t\t\t\t.min = 16,\t\t\t\\\n-\t\t\t\t\t.max = 32,\t\t\t\\\n-\t\t\t\t\t.increment = 8\t\t\t\\\n-\t\t\t\t},\t\t\t\t\t\\\n-\t\t\t\t.iv_size = {\t\t\t\t\\\n-\t\t\t\t\t.min = 12,\t\t\t\\\n-\t\t\t\t\t.max = 12,\t\t\t\\\n-\t\t\t\t\t.increment = 0\t\t\t\\\n-\t\t\t\t}\t\t\t\t\t\\\n-\t\t\t}, }\t\t\t\t\t\t\\\n-\t\t}, }\t\t\t\t\t\t\t\\\n-\t},\t\t\t\t\t\t\t\t\\\n \t{\t/* AES CBC */\t\t\t\t\t\t\\\n \t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\t\t\t\\\n \t\t{.sym = {\t\t\t\t\t\t\\\ndiff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c\nindex 1f3efae..e1cfca0 100644\n--- a/examples/ipsec-secgw/esp.c\n+++ b/examples/ipsec-secgw/esp.c\n@@ -84,62 +84,79 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,\n \t}\n \n \tsym_cop = get_sym_cop(cop);\n-\n \tsym_cop->m_src = m;\n-\tsym_cop->cipher.data.offset = ip_hdr_len + sizeof(struct esp_hdr) +\n-\t\tsa->iv_len;\n-\tsym_cop->cipher.data.length = payload_len;\n-\n-\tstruct cnt_blk *icb;\n-\tuint8_t *aad;\n-\tuint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));\n-\tuint8_t *IV_ptr = rte_crypto_op_ctod_offset(cop,\n-\t\t\t\tuint8_t *, IV_OFFSET);\n-\n-\tswitch (sa->cipher_algo) {\n-\tcase RTE_CRYPTO_CIPHER_NULL:\n-\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n-\t\t/* Copy IV at the end of crypto operation */\n-\t\trte_memcpy(IV_ptr, iv, sa->iv_len);\n-\t\tbreak;\n-\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n-\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n+\n+\tif (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\tsym_cop->aead.data.offset = ip_hdr_len + sizeof(struct esp_hdr) +\n+\t\t\tsa->iv_len;\n+\t\tsym_cop->aead.data.length = payload_len;\n+\n+\t\tstruct cnt_blk *icb;\n+\t\tuint8_t *aad;\n+\t\tuint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));\n+\n \t\ticb = get_cnt_blk(m);\n \t\ticb->salt = sa->salt;\n \t\tmemcpy(&icb->iv, iv, 8);\n \t\ticb->cnt = rte_cpu_to_be_32(1);\n-\t\tbreak;\n-\tdefault:\n-\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported cipher algorithm %u\\n\",\n-\t\t\t\tsa->cipher_algo);\n-\t\treturn -EINVAL;\n-\t}\n \n-\tswitch (sa->auth_algo) {\n-\tcase RTE_CRYPTO_AUTH_NULL:\n-\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n-\tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n-\t\tsym_cop->auth.data.offset = ip_hdr_len;\n-\t\tsym_cop->auth.data.length = sizeof(struct esp_hdr) +\n-\t\t\tsa->iv_len + payload_len;\n-\t\tbreak;\n-\tcase RTE_CRYPTO_AUTH_AES_GCM:\n \t\taad = get_aad(m);\n \t\tmemcpy(aad, iv - sizeof(struct esp_hdr), 8);\n \t\tsym_cop->auth.aad.data = aad;\n \t\tsym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,\n \t\t\t\taad - rte_pktmbuf_mtod(m, uint8_t *));\n-\t\tbreak;\n-\tdefault:\n-\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported auth algorithm %u\\n\",\n-\t\t\t\tsa->auth_algo);\n-\t\treturn -EINVAL;\n-\t}\n \n-\tsym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,\n-\t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n-\tsym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,\n-\t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n+\t\tsym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, void*,\n+\t\t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n+\t\tsym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,\n+\t\t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n+\t} else {\n+\t\tsym_cop->cipher.data.offset = ip_hdr_len + sizeof(struct esp_hdr) +\n+\t\t\tsa->iv_len;\n+\t\tsym_cop->cipher.data.length = payload_len;\n+\n+\t\tstruct cnt_blk *icb;\n+\t\tuint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));\n+\t\tuint8_t *IV_ptr = rte_crypto_op_ctod_offset(cop,\n+\t\t\t\t\tuint8_t *, IV_OFFSET);\n+\n+\t\tswitch (sa->cipher_algo) {\n+\t\tcase RTE_CRYPTO_CIPHER_NULL:\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\t\t/* Copy IV at the end of crypto operation */\n+\t\t\trte_memcpy(IV_ptr, iv, sa->iv_len);\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\t\ticb = get_cnt_blk(m);\n+\t\t\ticb->salt = sa->salt;\n+\t\t\tmemcpy(&icb->iv, iv, 8);\n+\t\t\ticb->cnt = rte_cpu_to_be_32(1);\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported cipher algorithm %u\\n\",\n+\t\t\t\t\tsa->cipher_algo);\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tswitch (sa->auth_algo) {\n+\t\tcase RTE_CRYPTO_AUTH_NULL:\n+\t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n+\t\t\tsym_cop->auth.data.offset = ip_hdr_len;\n+\t\t\tsym_cop->auth.data.length = sizeof(struct esp_hdr) +\n+\t\t\t\tsa->iv_len + payload_len;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported auth algorithm %u\\n\",\n+\t\t\t\t\tsa->auth_algo);\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tsym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,\n+\t\t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n+\t\tsym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,\n+\t\t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n+\t}\n \n \treturn 0;\n }\n@@ -308,65 +325,87 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,\n \n \tsym_cop = get_sym_cop(cop);\n \tsym_cop->m_src = m;\n-\tswitch (sa->cipher_algo) {\n-\tcase RTE_CRYPTO_CIPHER_NULL:\n-\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n-\t\tmemset(iv, 0, sa->iv_len);\n-\t\tsym_cop->cipher.data.offset = ip_hdr_len +\n-\t\t\tsizeof(struct esp_hdr);\n-\t\tsym_cop->cipher.data.length = pad_payload_len + sa->iv_len;\n-\t\tbreak;\n-\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n-\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n+\n+\tif (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\tuint8_t *aad;\n+\n \t\t*iv = sa->seq;\n-\t\tsym_cop->cipher.data.offset = ip_hdr_len +\n+\t\tsym_cop->aead.data.offset = ip_hdr_len +\n \t\t\tsizeof(struct esp_hdr) + sa->iv_len;\n-\t\tsym_cop->cipher.data.length = pad_payload_len;\n-\t\tbreak;\n-\tdefault:\n-\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported cipher algorithm %u\\n\",\n-\t\t\t\tsa->cipher_algo);\n-\t\treturn -EINVAL;\n-\t}\n+\t\tsym_cop->aead.data.length = pad_payload_len;\n+\n+\t\t/* Fill pad_len using default sequential scheme */\n+\t\tfor (i = 0; i < pad_len - 2; i++)\n+\t\t\tpadding[i] = i + 1;\n+\t\tpadding[pad_len - 2] = pad_len - 2;\n+\t\tpadding[pad_len - 1] = nlp;\n+\n+\t\tstruct cnt_blk *icb = get_cnt_blk(m);\n+\t\ticb->salt = sa->salt;\n+\t\ticb->iv = sa->seq;\n+\t\ticb->cnt = rte_cpu_to_be_32(1);\n \n-\t/* Fill pad_len using default sequential scheme */\n-\tfor (i = 0; i < pad_len - 2; i++)\n-\t\tpadding[i] = i + 1;\n-\tpadding[pad_len - 2] = pad_len - 2;\n-\tpadding[pad_len - 1] = nlp;\n-\n-\tstruct cnt_blk *icb = get_cnt_blk(m);\n-\ticb->salt = sa->salt;\n-\ticb->iv = sa->seq;\n-\ticb->cnt = rte_cpu_to_be_32(1);\n-\n-\tuint8_t *aad;\n-\n-\tswitch (sa->auth_algo) {\n-\tcase RTE_CRYPTO_AUTH_NULL:\n-\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n-\tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n-\t\tsym_cop->auth.data.offset = ip_hdr_len;\n-\t\tsym_cop->auth.data.length = sizeof(struct esp_hdr) +\n-\t\t\tsa->iv_len + pad_payload_len;\n-\t\tbreak;\n-\tcase RTE_CRYPTO_AUTH_AES_GCM:\n \t\taad = get_aad(m);\n \t\tmemcpy(aad, esp, 8);\n \t\tsym_cop->auth.aad.data = aad;\n \t\tsym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,\n \t\t\t\taad - rte_pktmbuf_mtod(m, uint8_t *));\n-\t\tbreak;\n-\tdefault:\n-\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported auth algorithm %u\\n\",\n-\t\t\t\tsa->auth_algo);\n-\t\treturn -EINVAL;\n-\t}\n \n-\tsym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,\n+\t\tsym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,\n \t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n-\tsym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,\n+\t\tsym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,\n \t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n+\t} else {\n+\t\tswitch (sa->cipher_algo) {\n+\t\tcase RTE_CRYPTO_CIPHER_NULL:\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\t\tmemset(iv, 0, sa->iv_len);\n+\t\t\tsym_cop->cipher.data.offset = ip_hdr_len +\n+\t\t\t\tsizeof(struct esp_hdr);\n+\t\t\tsym_cop->cipher.data.length = pad_payload_len + sa->iv_len;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\t\t*iv = sa->seq;\n+\t\t\tsym_cop->cipher.data.offset = ip_hdr_len +\n+\t\t\t\tsizeof(struct esp_hdr) + sa->iv_len;\n+\t\t\tsym_cop->cipher.data.length = pad_payload_len;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported cipher algorithm %u\\n\",\n+\t\t\t\t\tsa->cipher_algo);\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\t/* Fill pad_len using default sequential scheme */\n+\t\tfor (i = 0; i < pad_len - 2; i++)\n+\t\t\tpadding[i] = i + 1;\n+\t\tpadding[pad_len - 2] = pad_len - 2;\n+\t\tpadding[pad_len - 1] = nlp;\n+\n+\t\tstruct cnt_blk *icb = get_cnt_blk(m);\n+\t\ticb->salt = sa->salt;\n+\t\ticb->iv = sa->seq;\n+\t\ticb->cnt = rte_cpu_to_be_32(1);\n+\n+\t\tswitch (sa->auth_algo) {\n+\t\tcase RTE_CRYPTO_AUTH_NULL:\n+\t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n+\t\t\tsym_cop->auth.data.offset = ip_hdr_len;\n+\t\t\tsym_cop->auth.data.length = sizeof(struct esp_hdr) +\n+\t\t\t\tsa->iv_len + pad_payload_len;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported auth algorithm %u\\n\",\n+\t\t\t\t\tsa->auth_algo);\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\tsym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,\n+\t\t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n+\t\tsym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,\n+\t\t\t\trte_pktmbuf_pkt_len(m) - sa->digest_len);\n+\t}\n \n \treturn 0;\n }\ndiff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h\nindex 405cf3d..f8569ca 100644\n--- a/examples/ipsec-secgw/ipsec.h\n+++ b/examples/ipsec-secgw/ipsec.h\n@@ -103,6 +103,7 @@ struct ipsec_sa {\n \tstruct rte_cryptodev_sym_session *crypto_session;\n \tenum rte_crypto_cipher_algorithm cipher_algo;\n \tenum rte_crypto_auth_algorithm auth_algo;\n+\tenum rte_crypto_aead_algorithm aead_algo;\n \tuint16_t digest_len;\n \tuint16_t iv_len;\n \tuint16_t block_size;\ndiff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c\nindex 85e4d4e..f0a3af6 100644\n--- a/examples/ipsec-secgw/sa.c\n+++ b/examples/ipsec-secgw/sa.c\n@@ -64,10 +64,20 @@ struct supported_auth_algo {\n \tenum rte_crypto_auth_algorithm algo;\n \tuint16_t digest_len;\n \tuint16_t key_len;\n-\tuint8_t aad_len;\n \tuint8_t key_not_req;\n };\n \n+struct supported_aead_algo {\n+\tconst char *keyword;\n+\tenum rte_crypto_aead_algorithm algo;\n+\tuint16_t iv_len;\n+\tuint16_t block_size;\n+\tuint16_t digest_len;\n+\tuint16_t key_len;\n+\tuint8_t aad_len;\n+};\n+\n+\n const struct supported_cipher_algo cipher_algos[] = {\n \t{\n \t\t.keyword = \"null\",\n@@ -84,13 +94,6 @@ const struct supported_cipher_algo cipher_algos[] = {\n \t\t.key_len = 16\n \t},\n \t{\n-\t\t.keyword = \"aes-128-gcm\",\n-\t\t.algo = RTE_CRYPTO_CIPHER_AES_GCM,\n-\t\t.iv_len = 8,\n-\t\t.block_size = 4,\n-\t\t.key_len = 20\n-\t},\n-\t{\n \t\t.keyword = \"aes-128-ctr\",\n \t\t.algo = RTE_CRYPTO_CIPHER_AES_CTR,\n \t\t.iv_len = 8,\n@@ -118,13 +121,18 @@ const struct supported_auth_algo auth_algos[] = {\n \t\t.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,\n \t\t.digest_len = 12,\n \t\t.key_len = 32\n-\t},\n+\t}\n+};\n+\n+const struct supported_aead_algo aead_algos[] = {\n \t{\n \t\t.keyword = \"aes-128-gcm\",\n-\t\t.algo = RTE_CRYPTO_AUTH_AES_GCM,\n+\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t.iv_len = 8,\n+\t\t.block_size = 4,\n+\t\t.key_len = 20,\n \t\t.digest_len = 16,\n \t\t.aad_len = 8,\n-\t\t.key_not_req = 1\n \t}\n };\n \n@@ -166,6 +174,22 @@ find_match_auth_algo(const char *auth_keyword)\n \treturn NULL;\n }\n \n+static const struct supported_aead_algo *\n+find_match_aead_algo(const char *aead_keyword)\n+{\n+\tsize_t i;\n+\n+\tfor (i = 0; i < RTE_DIM(aead_algos); i++) {\n+\t\tconst struct supported_aead_algo *algo =\n+\t\t\t&aead_algos[i];\n+\n+\t\tif (strcmp(aead_keyword, algo->keyword) == 0)\n+\t\t\treturn algo;\n+\t}\n+\n+\treturn NULL;\n+}\n+\n /** parse_key_string\n * parse x:x:x:x.... hex number key string into uint8_t *key\n * return:\n@@ -210,6 +234,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \tuint32_t *ri /*rule index*/;\n \tuint32_t cipher_algo_p = 0;\n \tuint32_t auth_algo_p = 0;\n+\tuint32_t aead_algo_p = 0;\n \tuint32_t src_p = 0;\n \tuint32_t dst_p = 0;\n \tuint32_t mode_p = 0;\n@@ -319,8 +344,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \t\t\tif (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)\n \t\t\t\trule->salt = (uint32_t)rte_rand();\n \n-\t\t\tif ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||\n-\t\t\t\t(algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {\n+\t\t\tif (algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) {\n \t\t\t\tkey_len -= 4;\n \t\t\t\trule->cipher_key_len = key_len;\n \t\t\t\tmemcpy(&rule->salt,\n@@ -386,6 +410,61 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \t\t\tcontinue;\n \t\t}\n \n+\t\tif (strcmp(tokens[ti], \"aead_algo\") == 0) {\n+\t\t\tconst struct supported_aead_algo *algo;\n+\t\t\tuint32_t key_len;\n+\n+\t\t\tAPP_CHECK_PRESENCE(aead_algo_p, tokens[ti],\n+\t\t\t\tstatus);\n+\t\t\tif (status->status < 0)\n+\t\t\t\treturn;\n+\n+\t\t\tINCREMENT_TOKEN_INDEX(ti, n_tokens, status);\n+\t\t\tif (status->status < 0)\n+\t\t\t\treturn;\n+\n+\t\t\talgo = find_match_aead_algo(tokens[ti]);\n+\n+\t\t\tAPP_CHECK(algo != NULL, status, \"unrecognized \"\n+\t\t\t\t\"input \\\"%s\\\"\", tokens[ti]);\n+\n+\t\t\trule->aead_algo = algo->algo;\n+\t\t\trule->cipher_key_len = algo->key_len;\n+\t\t\trule->digest_len = algo->digest_len;\n+\t\t\trule->aad_len = algo->key_len;\n+\t\t\trule->block_size = algo->block_size;\n+\t\t\trule->iv_len = algo->iv_len;\n+\n+\t\t\tINCREMENT_TOKEN_INDEX(ti, n_tokens, status);\n+\t\t\tif (status->status < 0)\n+\t\t\t\treturn;\n+\n+\t\t\tAPP_CHECK(strcmp(tokens[ti], \"aead_key\") == 0,\n+\t\t\t\tstatus, \"unrecognized input \\\"%s\\\", \"\n+\t\t\t\t\"expect \\\"aead_key\\\"\", tokens[ti]);\n+\t\t\tif (status->status < 0)\n+\t\t\t\treturn;\n+\n+\t\t\tINCREMENT_TOKEN_INDEX(ti, n_tokens, status);\n+\t\t\tif (status->status < 0)\n+\t\t\t\treturn;\n+\n+\t\t\tkey_len = parse_key_string(tokens[ti],\n+\t\t\t\trule->cipher_key);\n+\t\t\tAPP_CHECK(key_len == rule->cipher_key_len, status,\n+\t\t\t\t\"unrecognized input \\\"%s\\\"\", tokens[ti]);\n+\t\t\tif (status->status < 0)\n+\t\t\t\treturn;\n+\n+\t\t\tkey_len -= 4;\n+\t\t\trule->cipher_key_len = key_len;\n+\t\t\tmemcpy(&rule->salt,\n+\t\t\t\t&rule->cipher_key[key_len], 4);\n+\n+\t\t\taead_algo_p = 1;\n+\t\t\tcontinue;\n+\t\t}\n+\n \t\tif (strcmp(tokens[ti], \"src\") == 0) {\n \t\t\tAPP_CHECK_PRESENCE(src_p, tokens[ti], status);\n \t\t\tif (status->status < 0)\n@@ -477,13 +556,25 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \t\treturn;\n \t}\n \n-\tAPP_CHECK(cipher_algo_p == 1, status, \"missing cipher options\");\n-\tif (status->status < 0)\n-\t\treturn;\n+\tif (aead_algo_p) {\n+\t\tAPP_CHECK(cipher_algo_p == 0, status,\n+\t\t\t\t\"AEAD used, no need for cipher options\");\n+\t\tif (status->status < 0)\n+\t\t\treturn;\n \n-\tAPP_CHECK(auth_algo_p == 1, status, \"missing auth options\");\n-\tif (status->status < 0)\n-\t\treturn;\n+\t\tAPP_CHECK(auth_algo_p == 0, status,\n+\t\t\t\t\"AEAD used, no need for auth options\");\n+\t\tif (status->status < 0)\n+\t\t\treturn;\n+\t} else {\n+\t\tAPP_CHECK(cipher_algo_p == 1, status, \"missing cipher or AEAD options\");\n+\t\tif (status->status < 0)\n+\t\t\treturn;\n+\n+\t\tAPP_CHECK(auth_algo_p == 1, status, \"missing auth or AEAD options\");\n+\t\tif (status->status < 0)\n+\t\t\treturn;\n+\t}\n \n \tAPP_CHECK(mode_p == 1, status, \"missing mode option\");\n \tif (status->status < 0)\n@@ -514,6 +605,13 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound)\n \t\t}\n \t}\n \n+\tfor (i = 0; i < RTE_DIM(aead_algos); i++) {\n+\t\tif (aead_algos[i].algo == sa->aead_algo) {\n+\t\t\tprintf(\"%s \", aead_algos[i].keyword);\n+\t\t\tbreak;\n+\t\t}\n+\t}\n+\n \tprintf(\"mode:\");\n \n \tswitch (sa->flags) {\n@@ -608,75 +706,109 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n \t\t\tsa->dst.ip.ip4 = rte_cpu_to_be_32(sa->dst.ip.ip4);\n \t\t}\n \n-\t\tswitch (sa->cipher_algo) {\n-\t\tcase RTE_CRYPTO_CIPHER_NULL:\n-\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n-\t\t\tiv_length = sa->iv_len;\n-\t\t\tbreak;\n-\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n-\t\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n+\t\tif (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {\n \t\t\tiv_length = 16;\n-\t\t\tbreak;\n-\t\tdefault:\n-\t\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported cipher algorithm %u\\n\",\n-\t\t\t\t\tsa->cipher_algo);\n-\t\t\treturn -EINVAL;\n-\t\t}\n \n-\t\tif (inbound) {\n-\t\t\tsa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n-\t\t\tsa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;\n-\t\t\tsa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;\n-\t\t\tsa_ctx->xf[idx].b.cipher.key.length =\n-\t\t\t\tsa->cipher_key_len;\n-\t\t\tsa_ctx->xf[idx].b.cipher.op =\n-\t\t\t\tRTE_CRYPTO_CIPHER_OP_DECRYPT;\n-\t\t\tsa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;\n-\t\t\tsa_ctx->xf[idx].b.cipher.iv.length = iv_length;\n-\t\t\tsa_ctx->xf[idx].b.next = NULL;\n+\t\t\tif (inbound) {\n+\t\t\t\tsa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.algo = sa->aead_algo;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.key.length =\n+\t\t\t\t\tsa->cipher_key_len;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.op =\n+\t\t\t\t\tRTE_CRYPTO_AEAD_OP_DECRYPT;\n+\t\t\t\tsa_ctx->xf[idx].a.next = NULL;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.iv.length = iv_length;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.add_auth_data_length =\n+\t\t\t\t\tsa->aad_len;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.digest_length =\n+\t\t\t\t\tsa->digest_len;\n+\t\t\t} else { /* outbound */\n+\t\t\t\tsa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.algo = sa->aead_algo;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.key.length =\n+\t\t\t\t\tsa->cipher_key_len;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.op =\n+\t\t\t\t\tRTE_CRYPTO_AEAD_OP_ENCRYPT;\n+\t\t\t\tsa_ctx->xf[idx].a.next = NULL;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.iv.length = iv_length;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.add_auth_data_length =\n+\t\t\t\t\tsa->aad_len;\n+\t\t\t\tsa_ctx->xf[idx].a.aead.digest_length =\n+\t\t\t\t\tsa->digest_len;\n+\t\t\t}\n \n-\t\t\tsa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n-\t\t\tsa_ctx->xf[idx].a.auth.algo = sa->auth_algo;\n-\t\t\tsa_ctx->xf[idx].a.auth.add_auth_data_length =\n-\t\t\t\tsa->aad_len;\n-\t\t\tsa_ctx->xf[idx].a.auth.key.data = sa->auth_key;\n-\t\t\tsa_ctx->xf[idx].a.auth.key.length =\n-\t\t\t\tsa->auth_key_len;\n-\t\t\tsa_ctx->xf[idx].a.auth.digest_length =\n-\t\t\t\tsa->digest_len;\n-\t\t\tsa_ctx->xf[idx].a.auth.op =\n-\t\t\t\tRTE_CRYPTO_AUTH_OP_VERIFY;\n-\n-\t\t} else { /* outbound */\n-\t\t\tsa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n-\t\t\tsa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;\n-\t\t\tsa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;\n-\t\t\tsa_ctx->xf[idx].a.cipher.key.length =\n-\t\t\t\tsa->cipher_key_len;\n-\t\t\tsa_ctx->xf[idx].a.cipher.op =\n-\t\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT;\n-\t\t\tsa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;\n-\t\t\tsa_ctx->xf[idx].a.cipher.iv.length = iv_length;\n-\t\t\tsa_ctx->xf[idx].a.next = NULL;\n-\n-\t\t\tsa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n-\t\t\tsa_ctx->xf[idx].b.auth.algo = sa->auth_algo;\n-\t\t\tsa_ctx->xf[idx].b.auth.add_auth_data_length =\n-\t\t\t\tsa->aad_len;\n-\t\t\tsa_ctx->xf[idx].b.auth.key.data = sa->auth_key;\n-\t\t\tsa_ctx->xf[idx].b.auth.key.length =\n-\t\t\t\tsa->auth_key_len;\n-\t\t\tsa_ctx->xf[idx].b.auth.digest_length =\n-\t\t\t\tsa->digest_len;\n-\t\t\tsa_ctx->xf[idx].b.auth.op =\n-\t\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE;\n-\t\t}\n+\t\t\tsa->xforms = &sa_ctx->xf[idx].a;\n \n-\t\tsa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;\n-\t\tsa_ctx->xf[idx].b.next = NULL;\n-\t\tsa->xforms = &sa_ctx->xf[idx].a;\n+\t\t\tprint_one_sa_rule(sa, inbound);\n+\t\t} else {\n+\t\t\tswitch (sa->cipher_algo) {\n+\t\t\tcase RTE_CRYPTO_CIPHER_NULL:\n+\t\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\t\t\tiv_length = sa->iv_len;\n+\t\t\t\tbreak;\n+\t\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\t\t\tiv_length = 16;\n+\t\t\t\tbreak;\n+\t\t\tdefault:\n+\t\t\t\tRTE_LOG(ERR, IPSEC_ESP, \"unsupported cipher algorithm %u\\n\",\n+\t\t\t\t\t\tsa->cipher_algo);\n+\t\t\t\treturn -EINVAL;\n+\t\t\t}\n+\n+\t\t\tif (inbound) {\n+\t\t\t\tsa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\t\t\t\tsa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;\n+\t\t\t\tsa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;\n+\t\t\t\tsa_ctx->xf[idx].b.cipher.key.length =\n+\t\t\t\t\tsa->cipher_key_len;\n+\t\t\t\tsa_ctx->xf[idx].b.cipher.op =\n+\t\t\t\t\tRTE_CRYPTO_CIPHER_OP_DECRYPT;\n+\t\t\t\tsa_ctx->xf[idx].b.next = NULL;\n+\t\t\t\tsa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;\n+\t\t\t\tsa_ctx->xf[idx].b.cipher.iv.length = iv_length;\n+\n+\t\t\t\tsa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n+\t\t\t\tsa_ctx->xf[idx].a.auth.algo = sa->auth_algo;\n+\t\t\t\tsa_ctx->xf[idx].a.auth.key.data = sa->auth_key;\n+\t\t\t\tsa_ctx->xf[idx].a.auth.key.length =\n+\t\t\t\t\tsa->auth_key_len;\n+\t\t\t\tsa_ctx->xf[idx].a.auth.digest_length =\n+\t\t\t\t\tsa->digest_len;\n+\t\t\t\tsa_ctx->xf[idx].a.auth.op =\n+\t\t\t\t\tRTE_CRYPTO_AUTH_OP_VERIFY;\n+\t\t\t} else { /* outbound */\n+\t\t\t\tsa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\t\t\t\tsa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;\n+\t\t\t\tsa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;\n+\t\t\t\tsa_ctx->xf[idx].a.cipher.key.length =\n+\t\t\t\t\tsa->cipher_key_len;\n+\t\t\t\tsa_ctx->xf[idx].a.cipher.op =\n+\t\t\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT;\n+\t\t\t\tsa_ctx->xf[idx].a.next = NULL;\n+\t\t\t\tsa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;\n+\t\t\t\tsa_ctx->xf[idx].a.cipher.iv.length = iv_length;\n+\n+\t\t\t\tsa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n+\t\t\t\tsa_ctx->xf[idx].b.auth.algo = sa->auth_algo;\n+\t\t\t\tsa_ctx->xf[idx].b.auth.key.data = sa->auth_key;\n+\t\t\t\tsa_ctx->xf[idx].b.auth.key.length =\n+\t\t\t\t\tsa->auth_key_len;\n+\t\t\t\tsa_ctx->xf[idx].b.auth.digest_length =\n+\t\t\t\t\tsa->digest_len;\n+\t\t\t\tsa_ctx->xf[idx].b.auth.op =\n+\t\t\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE;\n+\t\t\t}\n \n-\t\tprint_one_sa_rule(sa, inbound);\n+\t\t\tsa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;\n+\t\t\tsa_ctx->xf[idx].b.next = NULL;\n+\t\t\tsa->xforms = &sa_ctx->xf[idx].a;\n+\n+\t\t\tprint_one_sa_rule(sa, inbound);\n+\t\t}\n \t}\n \n \treturn 0;\ndiff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c\nindex edf4db7..9778537 100644\n--- a/examples/l2fwd-crypto/main.c\n+++ b/examples/l2fwd-crypto/main.c\n@@ -130,7 +130,8 @@ enum l2fwd_crypto_xform_chain {\n \tL2FWD_CRYPTO_CIPHER_HASH,\n \tL2FWD_CRYPTO_HASH_CIPHER,\n \tL2FWD_CRYPTO_CIPHER_ONLY,\n-\tL2FWD_CRYPTO_HASH_ONLY\n+\tL2FWD_CRYPTO_HASH_ONLY,\n+\tL2FWD_CRYPTO_AEAD\n };\n \n struct l2fwd_key {\n@@ -172,6 +173,14 @@ struct l2fwd_crypto_options {\n \tunsigned int auth_iv_param;\n \tint auth_iv_random_size;\n \n+\tstruct rte_crypto_sym_xform aead_xform;\n+\tunsigned aead_key_param;\n+\tint aead_key_random_size;\n+\n+\tstruct l2fwd_iv aead_iv;\n+\tunsigned int aead_iv_param;\n+\tint aead_iv_random_size;\n+\n \tstruct l2fwd_key aad;\n \tunsigned aad_param;\n \tint aad_random_size;\n@@ -199,10 +208,12 @@ struct l2fwd_crypto_params {\n \n \tuint8_t do_cipher;\n \tuint8_t do_hash;\n+\tuint8_t do_aead;\n \tuint8_t hash_verify;\n \n \tenum rte_crypto_cipher_algorithm cipher_algo;\n \tenum rte_crypto_auth_algorithm auth_algo;\n+\tenum rte_crypto_aead_algorithm aead_algo;\n };\n \n /** lcore configuration */\n@@ -490,14 +501,6 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,\n \t\t\top->sym->auth.data.offset = ipdata_offset;\n \t\t\top->sym->auth.data.length = data_len;\n \t\t}\n-\n-\t\tif (cparams->aad.length) {\n-\t\t\top->sym->auth.aad.data = cparams->aad.data;\n-\t\t\top->sym->auth.aad.phys_addr = cparams->aad.phys_addr;\n-\t\t} else {\n-\t\t\top->sym->auth.aad.data = NULL;\n-\t\t\top->sym->auth.aad.phys_addr = 0;\n-\t\t}\n \t}\n \n \tif (cparams->do_cipher) {\n@@ -519,6 +522,33 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,\n \t\t}\n \t}\n \n+\tif (cparams->do_aead) {\n+\t\tuint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,\n+\t\t\t\t\t\t\tIV_OFFSET);\n+\t\t/* Copy IV at the end of the crypto operation */\n+\t\trte_memcpy(IV_ptr, cparams->aead.iv.data, cparams->aead.iv.length);\n+\n+\t\top->sym->aead.data.offset = ipdata_offset;\n+\t\top->sym->aead.data.length = data_len;\n+\n+\t\tif (!cparams->hash_verify) {\n+\t\t\t/* Append space for digest to end of packet */\n+\t\t\top->sym->aead.digest.data = (uint8_t *)rte_pktmbuf_append(m,\n+\t\t\t\tcparams->digest_length);\n+\t\t} else {\n+\t\t\top->sym->aead.digest.data = rte_pktmbuf_mtod(m,\n+\t\t\t\tuint8_t *) + ipdata_offset + data_len;\n+\t\t}\n+\n+\t\top->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,\n+\t\t\t\trte_pktmbuf_pkt_len(m) - cparams->digest_length);\n+\n+\t\tif (cparams->aad.length) {\n+\t\t\top->sym->aead.aad.data = cparams->aad.data;\n+\t\t\top->sym->aead.aad.phys_addr = cparams->aad.phys_addr;\n+\t\t}\n+\t}\n+\n \top->sym->m_src = m;\n \n \treturn l2fwd_crypto_enqueue(op, cparams);\n@@ -615,7 +645,9 @@ initialize_crypto_session(struct l2fwd_crypto_options *options,\n {\n \tstruct rte_crypto_sym_xform *first_xform;\n \n-\tif (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {\n+\tif (options->xform_chain == L2FWD_CRYPTO_AEAD) {\n+\t\tfirst_xform = &options->aead_xform;\n+\t} else if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {\n \t\tfirst_xform = &options->cipher_xform;\n \t\tfirst_xform->next = &options->auth_xform;\n \t} else if (options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER) {\n@@ -667,8 +699,12 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)\n \tfor (i = 0; i < qconf->nb_crypto_devs; i++) {\n \t\tport_cparams[i].do_cipher = 0;\n \t\tport_cparams[i].do_hash = 0;\n+\t\tport_cparams[i].do_aead = 0;\n \n \t\tswitch (options->xform_chain) {\n+\t\tcase L2FWD_CRYPTO_AEAD:\n+\t\t\tport_cparams[i].do_aead = 1;\n+\t\t\tbreak;\n \t\tcase L2FWD_CRYPTO_CIPHER_HASH:\n \t\tcase L2FWD_CRYPTO_HASH_CIPHER:\n \t\t\tport_cparams[i].do_cipher = 1;\n@@ -693,6 +729,12 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)\n \t\t\tif (!options->auth_iv_param)\n \t\t\t\tgenerate_random_key(port_cparams[i].auth_iv.data,\n \t\t\t\t\t\tport_cparams[i].auth_iv.length);\n+\t\t\tif (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)\n+\t\t\t\tport_cparams[i].hash_verify = 1;\n+\t\t\telse\n+\t\t\t\tport_cparams[i].hash_verify = 0;\n+\n+\t\t\tport_cparams[i].auth_algo = options->auth_xform.auth.algo;\n \t\t\t/* Set IV parameters */\n \t\t\tif (options->auth_iv.length) {\n \t\t\t\toptions->auth_xform.auth.iv.offset =\n@@ -700,11 +742,16 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)\n \t\t\t\toptions->auth_xform.auth.iv.length =\n \t\t\t\t\toptions->auth_iv.length;\n \t\t\t}\n+\t\t}\n+\n+\t\tif (port_cparams[i].do_aead) {\n+\t\t\tport_cparams[i].aead_algo = options->aead_xform.aead.algo;\n \t\t\tport_cparams[i].digest_length =\n-\t\t\t\t\toptions->auth_xform.auth.digest_length;\n-\t\t\tif (options->auth_xform.auth.add_auth_data_length) {\n+\t\t\t\t\toptions->aead_xform.aead.digest_length;\n+\t\t\tif (options->aead_xform.aead.add_auth_data_length) {\n \t\t\t\tport_cparams[i].aad.data = options->aad.data;\n \t\t\t\tport_cparams[i].aad.phys_addr = options->aad.phys_addr;\n+\t\t\t\tport_cparams[i].aad.length = options->aad.length;\n \t\t\t\tif (!options->aad_param)\n \t\t\t\t\tgenerate_random_key(port_cparams[i].aad.data,\n \t\t\t\t\t\tport_cparams[i].aad.length);\n@@ -712,12 +759,14 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)\n \t\t\t} else\n \t\t\t\tport_cparams[i].aad.length = 0;\n \n-\t\t\tif (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)\n+\t\t\tif (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_DECRYPT)\n \t\t\t\tport_cparams[i].hash_verify = 1;\n \t\t\telse\n \t\t\t\tport_cparams[i].hash_verify = 0;\n \n-\t\t\tport_cparams[i].auth_algo = options->auth_xform.auth.algo;\n+\t\t\t/* Set IV parameters */\n+\t\t\toptions->aead_xform.aead.iv.offset = IV_OFFSET;\n+\t\t\toptions->aead_xform.aead.iv.length = options->aead_iv.length;\n \t\t}\n \n \t\tif (port_cparams[i].do_cipher) {\n@@ -878,7 +927,7 @@ l2fwd_crypto_usage(const char *prgname)\n \n \t\t\" --cdev_type HW / SW / ANY\\n\"\n \t\t\" --chain HASH_CIPHER / CIPHER_HASH / CIPHER_ONLY /\"\n-\t\t\" HASH_ONLY\\n\"\n+\t\t\" HASH_ONLY / AEAD\\n\"\n \n \t\t\" --cipher_algo ALGO\\n\"\n \t\t\" --cipher_op ENCRYPT / DECRYPT\\n\"\n@@ -893,8 +942,16 @@ l2fwd_crypto_usage(const char *prgname)\n \t\t\" --auth_key_random_size SIZE: size of auth key when generated randomly\\n\"\n \t\t\" --auth_iv IV (bytes separated with \\\":\\\")\\n\"\n \t\t\" --auth_iv_random_size SIZE: size of auth IV when generated randomly\\n\"\n+\n+\t\t\" --aead_algo ALGO\\n\"\n+\t\t\" --aead_op ENCRYPT / DECRYPT\\n\"\n+\t\t\" --aead_key KEY (bytes separated with \\\":\\\")\\n\"\n+\t\t\" --aead_key_random_size SIZE: size of AEAD key when generated randomly\\n\"\n+\t\t\" --aead_iv IV (bytes separated with \\\":\\\")\\n\"\n+\t\t\" --aead_iv_random_size SIZE: size of AEAD IV when generated randomly\\n\"\n \t\t\" --aad AAD (bytes separated with \\\":\\\")\\n\"\n \t\t\" --aad_random_size SIZE: size of AAD when generated randomly\\n\"\n+\n \t\t\" --digest_size SIZE: size of digest to be generated/verified\\n\"\n \n \t\t\" --sessionless\\n\"\n@@ -936,6 +993,9 @@ parse_crypto_opt_chain(struct l2fwd_crypto_options *options, char *optarg)\n \t} else if (strcmp(\"HASH_ONLY\", optarg) == 0) {\n \t\toptions->xform_chain = L2FWD_CRYPTO_HASH_ONLY;\n \t\treturn 0;\n+\t} else if (strcmp(\"AEAD\", optarg) == 0) {\n+\t\toptions->xform_chain = L2FWD_CRYPTO_AEAD;\n+\t\treturn 0;\n \t}\n \n \treturn -1;\n@@ -1043,6 +1103,32 @@ parse_auth_op(enum rte_crypto_auth_operation *op, char *optarg)\n }\n \n static int\n+parse_aead_algo(enum rte_crypto_aead_algorithm *algo, char *optarg)\n+{\n+\tif (rte_cryptodev_get_aead_algo_enum(algo, optarg) < 0) {\n+\t\tRTE_LOG(ERR, USER1, \"AEAD algorithm specified \"\n+\t\t\t\t\"not supported!\\n\");\n+\t\treturn -1;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+static int\n+parse_aead_op(enum rte_crypto_aead_operation *op, char *optarg)\n+{\n+\tif (strcmp(\"ENCRYPT\", optarg) == 0) {\n+\t\t*op = RTE_CRYPTO_AEAD_OP_ENCRYPT;\n+\t\treturn 0;\n+\t} else if (strcmp(\"DECRYPT\", optarg) == 0) {\n+\t\t*op = RTE_CRYPTO_AEAD_OP_DECRYPT;\n+\t\treturn 0;\n+\t}\n+\n+\tprintf(\"AEAD operation specified not supported!\\n\");\n+\treturn -1;\n+}\n+static int\n parse_cryptodev_mask(struct l2fwd_crypto_options *options,\n \t\tconst char *q_arg)\n {\n@@ -1140,7 +1226,6 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,\n \t\treturn parse_size(&options->akey_random_size, optarg);\n \t}\n \n-\n \telse if (strcmp(lgopts[option_index].name, \"auth_iv\") == 0) {\n \t\toptions->auth_iv_param = 1;\n \t\toptions->auth_iv.length =\n@@ -1154,6 +1239,43 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,\n \telse if (strcmp(lgopts[option_index].name, \"auth_iv_random_size\") == 0)\n \t\treturn parse_size(&options->auth_iv_random_size, optarg);\n \n+\t/* AEAD options */\n+\telse if (strcmp(lgopts[option_index].name, \"aead_algo\") == 0) {\n+\t\treturn parse_aead_algo(&options->aead_xform.aead.algo,\n+\t\t\t\toptarg);\n+\t}\n+\n+\telse if (strcmp(lgopts[option_index].name, \"aead_op\") == 0)\n+\t\treturn parse_aead_op(&options->aead_xform.aead.op,\n+\t\t\t\toptarg);\n+\n+\telse if (strcmp(lgopts[option_index].name, \"aead_key\") == 0) {\n+\t\toptions->aead_key_param = 1;\n+\t\toptions->aead_xform.aead.key.length =\n+\t\t\tparse_key(options->aead_xform.aead.key.data, optarg);\n+\t\tif (options->aead_xform.aead.key.length > 0)\n+\t\t\treturn 0;\n+\t\telse\n+\t\t\treturn -1;\n+\t}\n+\n+\telse if (strcmp(lgopts[option_index].name, \"aead_key_random_size\") == 0) {\n+\t\treturn parse_size(&options->aead_key_random_size, optarg);\n+\n+\n+\telse if (strcmp(lgopts[option_index].name, \"aead_iv\") == 0) {\n+\t\toptions->aead_iv_param = 1;\n+\t\toptions->aead_iv.length =\n+\t\t\tparse_key(options->aead_iv.data, optarg);\n+\t\tif (options->aead_iv.length > 0)\n+\t\t\treturn 0;\n+\t\telse\n+\t\t\treturn -1;\n+\t}\n+\n+\telse if (strcmp(lgopts[option_index].name, \"aead_iv_random_size\") == 0)\n+\t\treturn parse_size(&options->aead_iv_random_size, optarg);\n+\n \telse if (strcmp(lgopts[option_index].name, \"aad\") == 0) {\n \t\toptions->aad_param = 1;\n \t\toptions->aad.length =\n@@ -1285,13 +1407,31 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)\n \toptions->akey_param = 0;\n \toptions->akey_random_size = -1;\n \toptions->auth_xform.auth.key.length = 0;\n+\toptions->cipher_iv_param = 0;\n+\toptions->cipher_iv_random_size = -1;\n+\toptions->cipher_iv.length = 0;\n+\n+\toptions->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;\n+\toptions->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;\n+\n+\t/* AEAD Data */\n+\toptions->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\toptions->aead_xform.next = NULL;\n+\toptions->aead_key_param = 0;\n+\toptions->aead_key_random_size = -1;\n+\toptions->aead_xform.aead.key.length = 0;\n+\toptions->aead_iv_param = 0;\n+\toptions->aead_iv_random_size = -1;\n+\toptions->aead_iv.length = 0;\n+\n+\toptions->auth_xform.auth.algo = RTE_CRYPTO_AEAD_AES_GCM;\n+\toptions->auth_xform.auth.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;\n+\n \toptions->aad_param = 0;\n \toptions->aad_random_size = -1;\n \toptions->aad.length = 0;\n-\toptions->digest_size = -1;\n \n-\toptions->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;\n-\toptions->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;\n+\toptions->digest_size = -1;\n \n \toptions->type = CDEV_TYPE_ANY;\n \toptions->cryptodev_mask = UINT64_MAX;\n@@ -1318,6 +1458,17 @@ display_auth_info(struct l2fwd_crypto_options *options)\n \trte_hexdump(stdout, \"Auth key:\",\n \t\t\toptions->auth_xform.auth.key.data,\n \t\t\toptions->auth_xform.auth.key.length);\n+}\n+\n+static void\n+display_aead_info(struct l2fwd_crypto_options *options)\n+{\n+\tprintf(\"\\n---- AEAD information ---\\n\");\n+\tprintf(\"Algorithm: %s\\n\",\n+\t\trte_crypto_aead_algorithm_strings[options->aead_xform.aead.algo]);\n+\trte_hexdump(stdout, \"AEAD key:\",\n+\t\t\toptions->aead_xform.aead.key.data,\n+\t\t\toptions->aead_xform.aead.key.length);\n \trte_hexdump(stdout, \"AAD:\", options->aad.data, options->aad.length);\n }\n \n@@ -1326,6 +1477,7 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)\n {\n \tchar string_cipher_op[MAX_STR_LEN];\n \tchar string_auth_op[MAX_STR_LEN];\n+\tchar string_aead_op[MAX_STR_LEN];\n \n \tif (options->cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n \t\tstrcpy(string_cipher_op, \"Encrypt\");\n@@ -1337,6 +1489,12 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)\n \telse\n \t\tstrcpy(string_auth_op, \"Auth verify\");\n \n+\tif (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)\n+\t\tstrcpy(string_aead_op, \"Authenticated encryption\");\n+\telse\n+\t\tstrcpy(string_aead_op, \"Authenticated decryption\");\n+\n+\n \tprintf(\"Options:-\\nn\");\n \tprintf(\"portmask: %x\\n\", options->portmask);\n \tprintf(\"ports per lcore: %u\\n\", options->nb_ports_per_lcore);\n@@ -1363,6 +1521,10 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)\n \n \tprintf(\"\\nCrypto chain: \");\n \tswitch (options->xform_chain) {\n+\tcase L2FWD_CRYPTO_AEAD:\n+\t\tprintf(\"Input --> %s --> Output\\n\", string_aead_op);\n+\t\tdisplay_aead_info(options);\n+\t\tbreak;\n \tcase L2FWD_CRYPTO_CIPHER_HASH:\n \t\tprintf(\"Input --> %s --> %s --> Output\\n\",\n \t\t\tstring_cipher_op, string_auth_op);\n@@ -1400,6 +1562,9 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,\n \t\t\t{ \"cdev_type\", required_argument, 0, 0 },\n \t\t\t{ \"chain\", required_argument, 0, 0 },\n \n+\t\t\t{ \"iv\", required_argument, 0, 0 },\n+\t\t\t{ \"iv_random_size\", required_argument, 0, 0 },\n+\n \t\t\t{ \"cipher_algo\", required_argument, 0, 0 },\n \t\t\t{ \"cipher_op\", required_argument, 0, 0 },\n \t\t\t{ \"cipher_key\", required_argument, 0, 0 },\n@@ -1410,10 +1575,13 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,\n \t\t\t{ \"auth_key\", required_argument, 0, 0 },\n \t\t\t{ \"auth_key_random_size\", required_argument, 0, 0 },\n \n-\t\t\t{ \"iv\", required_argument, 0, 0 },\n-\t\t\t{ \"iv_random_size\", required_argument, 0, 0 },\n+\t\t\t{ \"aead_algo\", required_argument, 0, 0 },\n+\t\t\t{ \"aead_op\", required_argument, 0, 0 },\n+\t\t\t{ \"aead_key\", required_argument, 0, 0 },\n+\t\t\t{ \"aead_key_random_size\", required_argument, 0, 0 },\n \t\t\t{ \"aad\", required_argument, 0, 0 },\n \t\t\t{ \"aad_random_size\", required_argument, 0, 0 },\n+\n \t\t\t{ \"digest_size\", required_argument, 0, 0 },\n \n \t\t\t{ \"sessionless\", no_argument, 0, 0 },\n@@ -1641,6 +1809,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,\n \tenum rte_crypto_auth_algorithm opt_auth_algo;\n \tenum rte_crypto_cipher_algorithm cap_cipher_algo;\n \tenum rte_crypto_cipher_algorithm opt_cipher_algo;\n+\tenum rte_crypto_aead_algorithm cap_aead_algo;\n+\tenum rte_crypto_aead_algorithm opt_aead_algo;\n \tint retval;\n \n \tcdev_count = rte_cryptodev_count();\n@@ -1668,6 +1838,128 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,\n \n \t\trte_cryptodev_info_get(cdev_id, &dev_info);\n \n+\t\t/* Set AEAD parameters */\n+\t\tif (options->xform_chain == L2FWD_CRYPTO_AEAD) {\n+\t\t\t/* Check if device supports AEAD algo */\n+\t\t\ti = 0;\n+\t\t\topt_aead_algo = options->aead_xform.aead.algo;\n+\t\t\tcap = &dev_info.capabilities[i];\n+\t\t\twhile (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {\n+\t\t\t\tcap_aead_algo = cap->sym.aead.algo;\n+\t\t\t\tif (cap->sym.xform_type ==\n+\t\t\t\t\t\tRTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\t\t\t\tif (cap_aead_algo == opt_aead_algo) {\n+\t\t\t\t\t\tif (check_type(options, &dev_info) == 0)\n+\t\t\t\t\t\t\tbreak;\n+\t\t\t\t\t}\n+\t\t\t\t}\n+\t\t\t\tcap = &dev_info.capabilities[++i];\n+\t\t\t}\n+\n+\t\t\tif (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {\n+\t\t\t\tprintf(\"Algorithm %s not supported by cryptodev %u\"\n+\t\t\t\t\t\" or device not of preferred type (%s)\\n\",\n+\t\t\t\t\trte_crypto_aead_algorithm_strings[opt_aead_algo],\n+\t\t\t\t\tcdev_id,\n+\t\t\t\t\toptions->string_type);\n+\t\t\t\tcontinue;\n+\t\t\t}\n+\n+\t\t\toptions->block_size = cap->sym.aead.block_size;\n+\n+\t\t\tcheck_iv_param(cap, options);\n+\n+\t\t\t/*\n+\t\t\t * Check if length of provided AEAD key is supported\n+\t\t\t * by the algorithm chosen.\n+\t\t\t */\n+\t\t\tif (options->aead_key_param) {\n+\t\t\t\tif (check_supported_size(\n+\t\t\t\t\t\toptions->aead_xform.aead.key.length,\n+\t\t\t\t\t\tcap->sym.aead.key_size.min,\n+\t\t\t\t\t\tcap->sym.aead.key_size.max,\n+\t\t\t\t\t\tcap->sym.aead.key_size.increment)\n+\t\t\t\t\t\t\t!= 0) {\n+\t\t\t\t\tprintf(\"Unsupported aead key length\\n\");\n+\t\t\t\t\treturn -1;\n+\t\t\t\t}\n+\t\t\t/*\n+\t\t\t * Check if length of the aead key to be randomly generated\n+\t\t\t * is supported by the algorithm chosen.\n+\t\t\t */\n+\t\t\t} else if (options->aead_key_random_size != -1) {\n+\t\t\t\tif (check_supported_size(options->ckey_random_size,\n+\t\t\t\t\t\tcap->sym.aead.key_size.min,\n+\t\t\t\t\t\tcap->sym.aead.key_size.max,\n+\t\t\t\t\t\tcap->sym.aead.key_size.increment)\n+\t\t\t\t\t\t\t!= 0) {\n+\t\t\t\t\tprintf(\"Unsupported aead key length\\n\");\n+\t\t\t\t\treturn -1;\n+\t\t\t\t}\n+\t\t\t\toptions->aead_xform.aead.key.length =\n+\t\t\t\t\t\t\toptions->ckey_random_size;\n+\t\t\t/* No size provided, use minimum size. */\n+\t\t\t} else\n+\t\t\t\toptions->aead_xform.aead.key.length =\n+\t\t\t\t\t\tcap->sym.aead.key_size.min;\n+\n+\t\t\tif (!options->aead_key_param)\n+\t\t\t\tgenerate_random_key(\n+\t\t\t\t\toptions->aead_xform.aead.key.data,\n+\t\t\t\t\toptions->aead_xform.aead.key.length);\n+\n+\t\t\t/*\n+\t\t\t * Check if length of provided AAD is supported\n+\t\t\t * by the algorithm chosen.\n+\t\t\t */\n+\t\t\tif (options->aad_param) {\n+\t\t\t\tif (check_supported_size(options->aad.length,\n+\t\t\t\t\t\tcap->sym.aead.aad_size.min,\n+\t\t\t\t\t\tcap->sym.aead.aad_size.max,\n+\t\t\t\t\t\tcap->sym.aead.aad_size.increment)\n+\t\t\t\t\t\t\t!= 0) {\n+\t\t\t\t\tprintf(\"Unsupported AAD length\\n\");\n+\t\t\t\t\treturn -1;\n+\t\t\t\t}\n+\t\t\t/*\n+\t\t\t * Check if length of AAD to be randomly generated\n+\t\t\t * is supported by the algorithm chosen.\n+\t\t\t */\n+\t\t\t} else if (options->aad_random_size != -1) {\n+\t\t\t\tif (check_supported_size(options->aad_random_size,\n+\t\t\t\t\t\tcap->sym.aead.aad_size.min,\n+\t\t\t\t\t\tcap->sym.aead.aad_size.max,\n+\t\t\t\t\t\tcap->sym.aead.aad_size.increment)\n+\t\t\t\t\t\t\t!= 0) {\n+\t\t\t\t\tprintf(\"Unsupported AAD length\\n\");\n+\t\t\t\t\treturn -1;\n+\t\t\t\t}\n+\t\t\t\toptions->aad.length = options->aad_random_size;\n+\t\t\t/* No size provided, use minimum size. */\n+\t\t\t} else\n+\t\t\t\toptions->aad.length = cap->sym.auth.aad_size.min;\n+\n+\t\t\toptions->aead_xform.aead.add_auth_data_length =\n+\t\t\t\t\t\toptions->aad.length;\n+\n+\t\t\t/* Check if digest size is supported by the algorithm. */\n+\t\t\tif (options->digest_size != -1) {\n+\t\t\t\tif (check_supported_size(options->digest_size,\n+\t\t\t\t\t\tcap->sym.aead.digest_size.min,\n+\t\t\t\t\t\tcap->sym.aead.digest_size.max,\n+\t\t\t\t\t\tcap->sym.aead.digest_size.increment)\n+\t\t\t\t\t\t\t!= 0) {\n+\t\t\t\t\tprintf(\"Unsupported digest length\\n\");\n+\t\t\t\t\treturn -1;\n+\t\t\t\t}\n+\t\t\t\toptions->aead_xform.aead.digest_length =\n+\t\t\t\t\t\t\toptions->digest_size;\n+\t\t\t/* No size provided, use minimum size. */\n+\t\t\t} else\n+\t\t\t\toptions->aead_xform.aead.digest_length =\n+\t\t\t\t\t\tcap->sym.aead.digest_size.min;\n+\t\t}\n+\n \t\t/* Set cipher parameters */\n \t\tif (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||\n \t\t\t\toptions->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||\n@@ -1777,40 +2069,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,\n \t\t\t\t\toptions->auth_iv_random_size,\n \t\t\t\t\t&options->auth_iv.length);\n \t\t\t/*\n-\t\t\t * Check if length of provided AAD is supported\n-\t\t\t * by the algorithm chosen.\n-\t\t\t */\n-\t\t\tif (options->aad_param) {\n-\t\t\t\tif (check_supported_size(options->aad.length,\n-\t\t\t\t\t\tcap->sym.auth.aad_size.min,\n-\t\t\t\t\t\tcap->sym.auth.aad_size.max,\n-\t\t\t\t\t\tcap->sym.auth.aad_size.increment)\n-\t\t\t\t\t\t\t!= 0) {\n-\t\t\t\t\tprintf(\"Unsupported AAD length\\n\");\n-\t\t\t\t\treturn -1;\n-\t\t\t\t}\n-\t\t\t/*\n-\t\t\t * Check if length of AAD to be randomly generated\n-\t\t\t * is supported by the algorithm chosen.\n-\t\t\t */\n-\t\t\t} else if (options->aad_random_size != -1) {\n-\t\t\t\tif (check_supported_size(options->aad_random_size,\n-\t\t\t\t\t\tcap->sym.auth.aad_size.min,\n-\t\t\t\t\t\tcap->sym.auth.aad_size.max,\n-\t\t\t\t\t\tcap->sym.auth.aad_size.increment)\n-\t\t\t\t\t\t\t!= 0) {\n-\t\t\t\t\tprintf(\"Unsupported AAD length\\n\");\n-\t\t\t\t\treturn -1;\n-\t\t\t\t}\n-\t\t\t\toptions->aad.length = options->aad_random_size;\n-\t\t\t/* No size provided, use minimum size. */\n-\t\t\t} else\n-\t\t\t\toptions->aad.length = cap->sym.auth.aad_size.min;\n-\n-\t\t\toptions->auth_xform.auth.add_auth_data_length =\n-\t\t\t\t\t\toptions->aad.length;\n-\n-\t\t\t/*\n \t\t\t * Check if length of provided auth key is supported\n \t\t\t * by the algorithm chosen.\n \t\t\t */\n@@ -2011,15 +2269,27 @@ reserve_key_memory(struct l2fwd_crypto_options *options)\n \tif (options->cipher_xform.cipher.key.data == NULL)\n \t\trte_exit(EXIT_FAILURE, \"Failed to allocate memory for cipher key\");\n \n-\n \toptions->auth_xform.auth.key.data = rte_malloc(\"auth key\",\n \t\t\t\t\t\tMAX_KEY_SIZE, 0);\n \tif (options->auth_xform.auth.key.data == NULL)\n \t\trte_exit(EXIT_FAILURE, \"Failed to allocate memory for auth key\");\n \n-\toptions->cipher_iv.data = rte_malloc(\"iv\", MAX_KEY_SIZE, 0);\n+\toptions->aead_xform.aead.key.data = rte_malloc(\"aead key\",\n+\t\t\t\t\t\tMAX_KEY_SIZE, 0);\n+\tif (options->aead_xform.aead.key.data == NULL)\n+\t\trte_exit(EXIT_FAILURE, \"Failed to allocate memory for AEAD key\");\n+\n+\toptions->cipher_iv.data = rte_malloc(\"cipher iv\", MAX_KEY_SIZE, 0);\n \tif (options->cipher_iv.data == NULL)\n-\t\trte_exit(EXIT_FAILURE, \"Failed to allocate memory for IV\");\n+\t\trte_exit(EXIT_FAILURE, \"Failed to allocate memory for cipher IV\");\n+\n+\toptions->auth_iv.data = rte_malloc(\"auth_iv\", MAX_KEY_SIZE, 0);\n+\tif (options->auth_iv.data == NULL)\n+\t\trte_exit(EXIT_FAILURE, \"Failed to allocate memory for auth iv\");\n+\n+\toptions->aead_iv.data = rte_malloc(\"aead_iv\", MAX_KEY_SIZE, 0);\n+\tif (options->aead_iv.data == NULL)\n+\t\trte_exit(EXIT_FAILURE, \"Failed to allocate memory for AEAD iv\");\n \n \toptions->aad.data = rte_malloc(\"aad\", MAX_KEY_SIZE, 0);\n \tif (options->aad.data == NULL)\ndiff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h\nindex fc0d06b..9d9592e 100644\n--- a/lib/librte_cryptodev/rte_crypto_sym.h\n+++ b/lib/librte_cryptodev/rte_crypto_sym.h\n@@ -68,27 +68,12 @@ enum rte_crypto_cipher_algorithm {\n \n \tRTE_CRYPTO_CIPHER_AES_CBC,\n \t/**< AES algorithm in CBC mode */\n-\tRTE_CRYPTO_CIPHER_AES_CCM,\n-\t/**< AES algorithm in CCM mode. When this cipher algorithm is used the\n-\t * *RTE_CRYPTO_AUTH_AES_CCM* element of the\n-\t * *rte_crypto_hash_algorithm* enum MUST be used to set up the related\n-\t * *rte_crypto_auth_xform* structure in the session context or in\n-\t * the op_params of the crypto operation structure in the case of a\n-\t * session-less crypto operation\n-\t */\n \tRTE_CRYPTO_CIPHER_AES_CTR,\n \t/**< AES algorithm in Counter mode */\n \tRTE_CRYPTO_CIPHER_AES_ECB,\n \t/**< AES algorithm in ECB mode */\n \tRTE_CRYPTO_CIPHER_AES_F8,\n \t/**< AES algorithm in F8 mode */\n-\tRTE_CRYPTO_CIPHER_AES_GCM,\n-\t/**< AES algorithm in GCM mode. When this cipher algorithm is used the\n-\t * *RTE_CRYPTO_AUTH_AES_GCM* element of the *rte_crypto_auth_algorithm*\n-\t * enum MUST be used to set up the related *rte_crypto_auth_setup_data*\n-\t * structure in the session context or in the op_params of the crypto\n-\t * operation structure in the case of a session-less crypto operation.\n-\t */\n \tRTE_CRYPTO_CIPHER_AES_XTS,\n \t/**< AES algorithm in XTS mode */\n \n@@ -247,25 +232,8 @@ enum rte_crypto_auth_algorithm {\n \n \tRTE_CRYPTO_AUTH_AES_CBC_MAC,\n \t/**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */\n-\tRTE_CRYPTO_AUTH_AES_CCM,\n-\t/**< AES algorithm in CCM mode. This is an authenticated cipher. When\n-\t * this hash algorithm is used, the *RTE_CRYPTO_CIPHER_AES_CCM*\n-\t * element of the *rte_crypto_cipher_algorithm* enum MUST be used to\n-\t * set up the related rte_crypto_cipher_setup_data structure in the\n-\t * session context or the corresponding parameter in the crypto\n-\t * operation data structures op_params parameter MUST be set for a\n-\t * session-less crypto operation.\n-\t */\n \tRTE_CRYPTO_AUTH_AES_CMAC,\n \t/**< AES CMAC algorithm. */\n-\tRTE_CRYPTO_AUTH_AES_GCM,\n-\t/**< AES algorithm in GCM mode. When this hash algorithm\n-\t * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the\n-\t * rte_crypto_cipher_algorithm enum MUST be used to set up the related\n-\t * rte_crypto_cipher_setup_data structure in the session context, or\n-\t * the corresponding parameter in the crypto operation data structures\n-\t * op_params parameter MUST be set for a session-less crypto operation.\n-\t */\n \tRTE_CRYPTO_AUTH_AES_GMAC,\n \t/**< AES GMAC algorithm. */\n \tRTE_CRYPTO_AUTH_AES_XCBC_MAC,\n@@ -363,20 +331,6 @@ struct rte_crypto_auth_xform {\n \t * The maximum permitted value is 65535 (2^16 - 1) bytes, unless\n \t * otherwise specified below.\n \t *\n-\t * This field must be specified when the hash algorithm is one of the\n-\t * following:\n-\t *\n-\t * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM). In this case, this is\n-\t * the length of the Additional Authenticated Data (called A, in NIST\n-\t * SP800-38D).\n-\t *\n-\t * - For CCM (@ref RTE_CRYPTO_AUTH_AES_CCM). In this case, this is\n-\t * the length of the associated data (called A, in NIST SP800-38C).\n-\t * Note that this does NOT include the length of any padding, or the\n-\t * 18 bytes reserved at the start of the above field to store the\n-\t * block B0 and the encoded length. The maximum permitted value in\n-\t * this case is 222 bytes.\n-\t *\n \t */\n \n \tstruct {\n@@ -443,6 +397,18 @@ struct rte_crypto_aead_xform {\n \n \tuint32_t digest_length;\n \n+\tstruct {\n+\t\tuint16_t offset;\n+\t\t/**< Starting point for Initialisation Vector or Counter,\n+\t\t * specified as number of bytes from start of crypto\n+\t\t * operation.\n+\t\t *\n+\t\t * For optimum performance, the data pointed to SHOULD\n+\t\t * be 8-byte aligned.\n+\t\t */\n+\t\tuint16_t length;\n+\t\t/**< Length of valid IV data.*/\n+\t} iv;\t/**< Initialisation vector parameters */\n \tuint16_t add_auth_data_length;\n \t/**< The length of the additional authenticated data (AAD) in bytes. */\n };\n@@ -624,14 +590,6 @@ struct rte_crypto_sym_op {\n \t\t\t\t\t * same as the result length.\n \t\t\t\t\t *\n \t\t\t\t\t * @note\n-\t\t\t\t\t * In the case of CCM @ref RTE_CRYPTO_AUTH_AES_CCM,\n-\t\t\t\t\t * this value should not include the length of the\n-\t\t\t\t\t * padding or the length of the MAC; the driver will\n-\t\t\t\t\t * compute the actual number of bytes over which the\n-\t\t\t\t\t * encryption will occur, which will include these\n-\t\t\t\t\t * values.\n-\t\t\t\t\t *\n-\t\t\t\t\t * @note\n \t\t\t\t\t * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,\n \t\t\t\t\t * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8\n \t\t\t\t\t * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,\n@@ -648,11 +606,6 @@ struct rte_crypto_sym_op {\n \t\t\t\t\t * buffer.\n \t\t\t\t\t *\n \t\t\t\t\t * @note\n-\t\t\t\t\t * For CCM and GCM modes of operation, this field is\n-\t\t\t\t\t * ignored. The field @ref aad field\n-\t\t\t\t\t * should be set instead.\n-\t\t\t\t\t *\n-\t\t\t\t\t * @note\n \t\t\t\t\t * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,\n \t\t\t\t\t * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9\n \t\t\t\t\t * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,\n@@ -663,11 +616,6 @@ struct rte_crypto_sym_op {\n \t\t\t\t\t * buffer that the hash will be computed on.\n \t\t\t\t\t *\n \t\t\t\t\t * @note\n-\t\t\t\t\t * For CCM and GCM modes of operation, this field is\n-\t\t\t\t\t * ignored. The field @ref aad field should be set\n-\t\t\t\t\t * instead.\n-\t\t\t\t\t *\n-\t\t\t\t\t * @note\n \t\t\t\t\t * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,\n \t\t\t\t\t * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9\n \t\t\t\t\t * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,\n@@ -692,9 +640,6 @@ struct rte_crypto_sym_op {\n \t\t\t\t\t * For digest generation, the digest result will\n \t\t\t\t\t * overwrite any data at this location.\n \t\t\t\t\t *\n-\t\t\t\t\t * @note\n-\t\t\t\t\t * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for\n-\t\t\t\t\t * \"digest result\" read \"authentication tag T\".\n \t\t\t\t\t */\n \t\t\t\t\tphys_addr_t phys_addr;\n \t\t\t\t\t/**< Physical address of digest */\n@@ -712,32 +657,6 @@ struct rte_crypto_sym_op {\n \t\t\t\t\t * rte_cryptodev_sym_session_create function call.\n \t\t\t\t\t * This length must not exceed 65535 (2^16-1) bytes.\n \t\t\t\t\t *\n-\t\t\t\t\t * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM),\n-\t\t\t\t\t * the caller should setup this field as follows:\n-\t\t\t\t\t *\n-\t\t\t\t\t * - the nonce should be written starting at an offset\n-\t\t\t\t\t * of one byte into the array, leaving room for the\n-\t\t\t\t\t * implementation to write in the flags to the first\n-\t\t\t\t\t * byte.\n-\t\t\t\t\t *\n-\t\t\t\t\t * - the additional authentication data itself should\n-\t\t\t\t\t * be written starting at an offset of 18 bytes into\n-\t\t\t\t\t * the array, leaving room for the length encoding in\n-\t\t\t\t\t * the first two bytes of the second block.\n-\t\t\t\t\t *\n-\t\t\t\t\t * - the array should be big enough to hold the above\n-\t\t\t\t\t * fields, plus any padding to round this up to the\n-\t\t\t\t\t * nearest multiple of the block size (16 bytes).\n-\t\t\t\t\t * Padding will be added by the implementation.\n-\t\t\t\t\t *\n-\t\t\t\t\t * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the\n-\t\t\t\t\t * caller should setup this field as follows:\n-\t\t\t\t\t *\n-\t\t\t\t\t * - the AAD is written in starting at byte 0\n-\t\t\t\t\t * - the array must be big enough to hold the AAD, plus\n-\t\t\t\t\t * any space to round this up to the nearest multiple\n-\t\t\t\t\t * of the block size (16 bytes).\n-\t\t\t\t\t *\n \t\t\t\t\t */\n \t\t\t\t\tphys_addr_t phys_addr;\t/**< physical address */\n \t\t\t\t} aad;\ndiff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c\nindex acd74a1..3198fb5 100644\n--- a/lib/librte_cryptodev/rte_cryptodev.c\n+++ b/lib/librte_cryptodev/rte_cryptodev.c\n@@ -124,11 +124,9 @@ rte_crypto_cipher_algorithm_strings[] = {\n \t[RTE_CRYPTO_CIPHER_3DES_CTR]\t= \"3des-ctr\",\n \n \t[RTE_CRYPTO_CIPHER_AES_CBC]\t= \"aes-cbc\",\n-\t[RTE_CRYPTO_CIPHER_AES_CCM]\t= \"aes-ccm\",\n \t[RTE_CRYPTO_CIPHER_AES_CTR]\t= \"aes-ctr\",\n \t[RTE_CRYPTO_CIPHER_AES_DOCSISBPI]\t= \"aes-docsisbpi\",\n \t[RTE_CRYPTO_CIPHER_AES_ECB]\t= \"aes-ecb\",\n-\t[RTE_CRYPTO_CIPHER_AES_GCM]\t= \"aes-gcm\",\n \t[RTE_CRYPTO_CIPHER_AES_F8]\t= \"aes-f8\",\n \t[RTE_CRYPTO_CIPHER_AES_XTS]\t= \"aes-xts\",\n \n@@ -161,9 +159,7 @@ rte_crypto_cipher_operation_strings[] = {\n const char *\n rte_crypto_auth_algorithm_strings[] = {\n \t[RTE_CRYPTO_AUTH_AES_CBC_MAC]\t= \"aes-cbc-mac\",\n-\t[RTE_CRYPTO_AUTH_AES_CCM]\t= \"aes-ccm\",\n \t[RTE_CRYPTO_AUTH_AES_CMAC]\t= \"aes-cmac\",\n-\t[RTE_CRYPTO_AUTH_AES_GCM]\t= \"aes-gcm\",\n \t[RTE_CRYPTO_AUTH_AES_GMAC]\t= \"aes-gmac\",\n \t[RTE_CRYPTO_AUTH_AES_XCBC_MAC]\t= \"aes-xcbc-mac\",\n \n@@ -464,7 +460,7 @@ rte_cryptodev_sym_capability_check_aead(\n \tif (param_range_check(aad_size, capability->aead.aad_size))\n \t\treturn -1;\n \n-\tif (param_range_check(iv_size, capability->iv_size))\n+\tif (param_range_check(iv_size, capability->aead.iv_size))\n \t\treturn -1;\n \n \treturn 0;\ndiff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h\nindex 4bd58fe..afbbb14 100644\n--- a/lib/librte_cryptodev/rte_cryptodev.h\n+++ b/lib/librte_cryptodev/rte_cryptodev.h\n@@ -204,6 +204,8 @@ struct rte_cryptodev_symmetric_capability {\n \t\t\t/**< AEAD key size range */\n \t\t\tstruct rte_crypto_param_range digest_size;\n \t\t\t/**< digest size range */\n+\t\t\tstruct rte_crypto_param_range iv_size;\n+\t\t\t/**< Initialisation vector data size range */\n \t\t\tstruct rte_crypto_param_range aad_size;\n \t\t\t/**< Additional authentication data size range */\n \t\t} aead;\ndiff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c\nindex b4b1289..77407f7 100644\n--- a/test/test/test_cryptodev.c\n+++ b/test/test/test_cryptodev.c\n@@ -76,6 +76,7 @@ struct crypto_testsuite_params {\n struct crypto_unittest_params {\n \tstruct rte_crypto_sym_xform cipher_xform;\n \tstruct rte_crypto_sym_xform auth_xform;\n+\tstruct rte_crypto_sym_xform aead_xform;\n \n \tstruct rte_cryptodev_sym_session *sess;\n \n@@ -4630,54 +4631,34 @@ test_3DES_cipheronly_openssl_all(void)\n /* ***** AES-GCM Tests ***** */\n \n static int\n-create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,\n+create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,\n \t\tconst uint8_t *key, const uint8_t key_len,\n \t\tconst uint16_t aad_len, const uint8_t auth_len,\n-\t\tuint8_t iv_len,\n-\t\tenum rte_crypto_auth_operation auth_op)\n+\t\tuint8_t iv_len)\n {\n-\tuint8_t cipher_key[key_len];\n+\tuint8_t aead_key[key_len];\n \n \tstruct crypto_unittest_params *ut_params = &unittest_params;\n \n-\tmemcpy(cipher_key, key, key_len);\n+\tmemcpy(aead_key, key, key_len);\n \n-\t/* Setup Cipher Parameters */\n-\tut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n-\tut_params->cipher_xform.next = NULL;\n-\n-\tut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;\n-\tut_params->auth_xform.auth.op = auth_op;\n-\tut_params->cipher_xform.cipher.op = op;\n-\tut_params->cipher_xform.cipher.key.data = cipher_key;\n-\tut_params->cipher_xform.cipher.key.length = key_len;\n-\tut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;\n-\tut_params->cipher_xform.cipher.iv.length = iv_len;\n+\t/* Setup AEAD Parameters */\n+\tut_params->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\tut_params->aead_xform.next = NULL;\n+\tut_params->aead_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;\n+\tut_params->aead_xform.aead.op = op;\n+\tut_params->aead_xform.aead.key.data = aead_key;\n+\tut_params->aead_xform.aead.key.length = key_len;\n+\tut_params->aead_xform.aead.iv.offset = IV_OFFSET;\n+\tut_params->aead_xform.aead.iv.length = iv_len;\n+\tut_params->aead_xform.aead.digest_length = auth_len;\n+\tut_params->aead_xform.aead.add_auth_data_length = aad_len;\n \n \tTEST_HEXDUMP(stdout, \"key:\", key, key_len);\n \n-\t/* Setup Authentication Parameters */\n-\tut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n-\tut_params->auth_xform.next = NULL;\n-\n-\tut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GCM;\n-\n-\tut_params->auth_xform.auth.digest_length = auth_len;\n-\tut_params->auth_xform.auth.add_auth_data_length = aad_len;\n-\tut_params->auth_xform.auth.key.length = 0;\n-\tut_params->auth_xform.auth.key.data = NULL;\n-\n-\tif (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {\n-\t\tut_params->cipher_xform.next = &ut_params->auth_xform;\n-\n-\t\t/* Create Crypto session*/\n-\t\tut_params->sess = rte_cryptodev_sym_session_create(dev_id,\n-\t\t\t\t&ut_params->cipher_xform);\n-\t} else {/* Create Crypto session*/\n-\t\tut_params->auth_xform.next = &ut_params->cipher_xform;\n-\t\tut_params->sess = rte_cryptodev_sym_session_create(dev_id,\n-\t\t\t\t&ut_params->auth_xform);\n-\t}\n+\t/* Create Crypto session*/\n+\tut_params->sess = rte_cryptodev_sym_session_create(dev_id,\n+\t\t\t&ut_params->aead_xform);\n \n \tTEST_ASSERT_NOT_NULL(ut_params->sess, \"Session creation failed\");\n \n@@ -4686,43 +4667,35 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,\n \n static int\n create_gcm_xforms(struct rte_crypto_op *op,\n-\t\tenum rte_crypto_cipher_operation cipher_op,\n+\t\tenum rte_crypto_aead_operation aead_op,\n \t\tuint8_t *key, const uint8_t key_len,\n \t\tconst uint8_t aad_len, const uint8_t auth_len,\n-\t\tuint8_t iv_len,\n-\t\tenum rte_crypto_auth_operation auth_op)\n+\t\tuint8_t iv_len)\n {\n-\tTEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 2),\n-\t\t\t\"failed to allocate space for crypto transforms\");\n+\tTEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 1),\n+\t\t\t\"failed to allocate space for crypto transform\");\n \n \tstruct rte_crypto_sym_op *sym_op = op->sym;\n \n-\t/* Setup Cipher Parameters */\n-\tsym_op->xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n-\tsym_op->xform->cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;\n-\tsym_op->xform->cipher.op = cipher_op;\n-\tsym_op->xform->cipher.key.data = key;\n-\tsym_op->xform->cipher.key.length = key_len;\n-\tsym_op->xform->cipher.iv.offset = IV_OFFSET;\n-\tsym_op->xform->cipher.iv.length = iv_len;\n+\t/* Setup AEAD Parameters */\n+\tsym_op->xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\tsym_op->xform->next = NULL;\n+\tsym_op->xform->aead.algo = RTE_CRYPTO_AEAD_AES_GCM;\n+\tsym_op->xform->aead.op = aead_op;\n+\tsym_op->xform->aead.key.data = key;\n+\tsym_op->xform->aead.key.length = key_len;\n+\tsym_op->xform->aead.iv.offset = IV_OFFSET;\n+\tsym_op->xform->aead.iv.length = iv_len;\n+\tsym_op->xform->aead.digest_length = auth_len;\n+\tsym_op->xform->aead.add_auth_data_length = aad_len;\n \n \tTEST_HEXDUMP(stdout, \"key:\", key, key_len);\n \n-\t/* Setup Authentication Parameters */\n-\tsym_op->xform->next->type = RTE_CRYPTO_SYM_XFORM_AUTH;\n-\tsym_op->xform->next->auth.algo = RTE_CRYPTO_AUTH_AES_GCM;\n-\tsym_op->xform->next->auth.op = auth_op;\n-\tsym_op->xform->next->auth.digest_length = auth_len;\n-\tsym_op->xform->next->auth.add_auth_data_length = aad_len;\n-\tsym_op->xform->next->auth.key.length = 0;\n-\tsym_op->xform->next->auth.key.data = NULL;\n-\tsym_op->xform->next->next = NULL;\n-\n \treturn 0;\n }\n \n static int\n-create_gcm_operation(enum rte_crypto_cipher_operation op,\n+create_gcm_operation(enum rte_crypto_aead_operation op,\n \t\tconst struct gcm_test_data *tdata)\n {\n \tstruct crypto_testsuite_params *ts_params = &testsuite_params;\n@@ -4741,15 +4714,15 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,\n \n \t/* Append aad data */\n \taad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);\n-\tsym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,\n+\tsym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,\n \t\t\taad_pad_len);\n-\tTEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,\n+\tTEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,\n \t\t\t\"no room to append aad\");\n \n-\tsym_op->auth.aad.phys_addr =\n+\tsym_op->aead.aad.phys_addr =\n \t\t\trte_pktmbuf_mtophys(ut_params->ibuf);\n-\tmemcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);\n-\tTEST_HEXDUMP(stdout, \"aad:\", sym_op->auth.aad.data,\n+\tmemcpy(sym_op->aead.aad.data, tdata->aad.data, tdata->aad.len);\n+\tTEST_HEXDUMP(stdout, \"aad:\", sym_op->aead.aad.data,\n \t\ttdata->aad.len);\n \n \t/* Append IV at the end of the crypto operation*/\n@@ -4761,7 +4734,7 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,\n \t\ttdata->iv.len);\n \n \t/* Append plaintext/ciphertext */\n-\tif (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {\n+\tif (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {\n \t\tplaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);\n \t\tplaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,\n \t\t\t\tplaintext_pad_len);\n@@ -4806,40 +4779,37 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,\n \t}\n \n \t/* Append digest data */\n-\tif (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {\n-\t\tsym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(\n+\tif (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {\n+\t\tsym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(\n \t\t\t\tut_params->obuf ? ut_params->obuf :\n \t\t\t\t\t\tut_params->ibuf,\n \t\t\t\t\t\ttdata->auth_tag.len);\n-\t\tTEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,\n+\t\tTEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,\n \t\t\t\t\"no room to append digest\");\n-\t\tmemset(sym_op->auth.digest.data, 0, tdata->auth_tag.len);\n-\t\tsym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(\n+\t\tmemset(sym_op->aead.digest.data, 0, tdata->auth_tag.len);\n+\t\tsym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(\n \t\t\t\tut_params->obuf ? ut_params->obuf :\n \t\t\t\t\t\tut_params->ibuf,\n \t\t\t\t\t\tplaintext_pad_len +\n \t\t\t\t\t\taad_pad_len);\n \t} else {\n-\t\tsym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(\n+\t\tsym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(\n \t\t\t\tut_params->ibuf, tdata->auth_tag.len);\n-\t\tTEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,\n+\t\tTEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,\n \t\t\t\t\"no room to append digest\");\n-\t\tsym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(\n+\t\tsym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(\n \t\t\t\tut_params->ibuf,\n \t\t\t\tplaintext_pad_len + aad_pad_len);\n \n-\t\trte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,\n+\t\trte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,\n \t\t\ttdata->auth_tag.len);\n \t\tTEST_HEXDUMP(stdout, \"digest:\",\n-\t\t\tsym_op->auth.digest.data,\n+\t\t\tsym_op->aead.digest.data,\n \t\t\ttdata->auth_tag.len);\n \t}\n \n-\tsym_op->cipher.data.length = tdata->plaintext.len;\n-\tsym_op->cipher.data.offset = aad_pad_len;\n-\n-\tsym_op->auth.data.length = tdata->plaintext.len;\n-\tsym_op->auth.data.offset = aad_pad_len;\n+\tsym_op->aead.data.length = tdata->plaintext.len;\n+\tsym_op->aead.data.offset = aad_pad_len;\n \n \treturn 0;\n }\n@@ -4857,11 +4827,10 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)\n \n \t/* Create GCM session */\n \tretval = create_gcm_session(ts_params->valid_devs[0],\n-\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT,\n+\t\t\tRTE_CRYPTO_AEAD_OP_ENCRYPT,\n \t\t\ttdata->key.data, tdata->key.len,\n \t\t\ttdata->aad.len, tdata->auth_tag.len,\n-\t\t\ttdata->iv.len,\n-\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE);\n+\t\t\ttdata->iv.len);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -4878,7 +4847,7 @@ test_mb_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)\n \t\t\trte_pktmbuf_tailroom(ut_params->ibuf));\n \n \t/* Create GCM operation */\n-\tretval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);\n+\tretval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -5035,11 +5004,10 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)\n \n \t/* Create GCM session */\n \tretval = create_gcm_session(ts_params->valid_devs[0],\n-\t\t\tRTE_CRYPTO_CIPHER_OP_DECRYPT,\n+\t\t\tRTE_CRYPTO_AEAD_OP_DECRYPT,\n \t\t\ttdata->key.data, tdata->key.len,\n \t\t\ttdata->aad.len, tdata->auth_tag.len,\n-\t\t\ttdata->iv.len,\n-\t\t\tRTE_CRYPTO_AUTH_OP_VERIFY);\n+\t\t\ttdata->iv.len);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -5056,7 +5024,7 @@ test_mb_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)\n \t\t\trte_pktmbuf_tailroom(ut_params->ibuf));\n \n \t/* Create GCM operation */\n-\tretval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);\n+\tretval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -5202,11 +5170,10 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)\n \n \t/* Create GCM session */\n \tretval = create_gcm_session(ts_params->valid_devs[0],\n-\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT,\n+\t\t\tRTE_CRYPTO_AEAD_OP_ENCRYPT,\n \t\t\ttdata->key.data, tdata->key.len,\n \t\t\ttdata->aad.len, tdata->auth_tag.len,\n-\t\t\ttdata->iv.len,\n-\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE);\n+\t\t\ttdata->iv.len);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -5220,7 +5187,7 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)\n \t\t\trte_pktmbuf_tailroom(ut_params->obuf));\n \n \t/* Create GCM operation */\n-\tretval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);\n+\tretval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -5279,11 +5246,10 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)\n \n \t/* Create GCM session */\n \tretval = create_gcm_session(ts_params->valid_devs[0],\n-\t\t\tRTE_CRYPTO_CIPHER_OP_DECRYPT,\n+\t\t\tRTE_CRYPTO_AEAD_OP_DECRYPT,\n \t\t\ttdata->key.data, tdata->key.len,\n \t\t\ttdata->aad.len, tdata->auth_tag.len,\n-\t\t\ttdata->iv.len,\n-\t\t\tRTE_CRYPTO_AUTH_OP_VERIFY);\n+\t\t\ttdata->iv.len);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -5297,7 +5263,7 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)\n \t\t\trte_pktmbuf_tailroom(ut_params->obuf));\n \n \t/* Create GCM operation */\n-\tretval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);\n+\tretval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -5356,18 +5322,17 @@ test_AES_GCM_authenticated_encryption_sessionless(\n \t\t\trte_pktmbuf_tailroom(ut_params->ibuf));\n \n \t/* Create GCM operation */\n-\tretval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);\n+\tretval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);\n \tif (retval < 0)\n \t\treturn retval;\n \n \t/* Create GCM xforms */\n \tmemcpy(key, tdata->key.data, tdata->key.len);\n \tretval = create_gcm_xforms(ut_params->op,\n-\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT,\n+\t\t\tRTE_CRYPTO_AEAD_OP_ENCRYPT,\n \t\t\tkey, tdata->key.len,\n \t\t\ttdata->aad.len, tdata->auth_tag.len,\n-\t\t\ttdata->iv.len,\n-\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE);\n+\t\t\ttdata->iv.len);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -5437,18 +5402,17 @@ test_AES_GCM_authenticated_decryption_sessionless(\n \t\t\trte_pktmbuf_tailroom(ut_params->ibuf));\n \n \t/* Create GCM operation */\n-\tretval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);\n+\tretval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);\n \tif (retval < 0)\n \t\treturn retval;\n \n \t/* Create GCM xforms */\n \tmemcpy(key, tdata->key.data, tdata->key.len);\n \tretval = create_gcm_xforms(ut_params->op,\n-\t\t\tRTE_CRYPTO_CIPHER_OP_DECRYPT,\n+\t\t\tRTE_CRYPTO_AEAD_OP_DECRYPT,\n \t\t\tkey, tdata->key.len,\n \t\t\ttdata->aad.len, tdata->auth_tag.len,\n-\t\t\ttdata->iv.len,\n-\t\t\tRTE_CRYPTO_AUTH_OP_VERIFY);\n+\t\t\ttdata->iv.len);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -7138,7 +7102,7 @@ test_authenticated_decryption_fail_when_corruption(\n }\n \n static int\n-create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,\n+create_gcm_operation_SGL(enum rte_crypto_aead_operation op,\n \t\tconst struct gcm_test_data *tdata,\n \t\tvoid *digest_mem, uint64_t digest_phys)\n {\n@@ -7157,18 +7121,18 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,\n \n \tstruct rte_crypto_sym_op *sym_op = ut_params->op->sym;\n \n-\tsym_op->auth.digest.data = digest_mem;\n+\tsym_op->aead.digest.data = digest_mem;\n \n-\tTEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,\n+\tTEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,\n \t\t\t\"no room to append digest\");\n \n-\tsym_op->auth.digest.phys_addr = digest_phys;\n+\tsym_op->aead.digest.phys_addr = digest_phys;\n \n-\tif (op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {\n-\t\trte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,\n+\tif (op == RTE_CRYPTO_AEAD_OP_DECRYPT) {\n+\t\trte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,\n \t\t\t\tauth_tag_len);\n \t\tTEST_HEXDUMP(stdout, \"digest:\",\n-\t\t\t\tsym_op->auth.digest.data,\n+\t\t\t\tsym_op->aead.digest.data,\n \t\t\t\tauth_tag_len);\n \t}\n \n@@ -7177,25 +7141,22 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,\n \n \trte_memcpy(IV_ptr, tdata->iv.data, iv_len);\n \n-\tsym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(\n+\tsym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(\n \t\t\tut_params->ibuf, aad_len);\n-\tTEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,\n+\tTEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,\n \t\t\t\"no room to prepend aad\");\n-\tsym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(\n+\tsym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(\n \t\t\tut_params->ibuf);\n \n-\tmemset(sym_op->auth.aad.data, 0, aad_len);\n-\trte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);\n+\tmemset(sym_op->aead.aad.data, 0, aad_len);\n+\trte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);\n \n \tTEST_HEXDUMP(stdout, \"iv:\", IV_ptr, iv_len);\n \tTEST_HEXDUMP(stdout, \"aad:\",\n-\t\t\tsym_op->auth.aad.data, aad_len);\n+\t\t\tsym_op->aead.aad.data, aad_len);\n \n-\tsym_op->cipher.data.length = tdata->plaintext.len;\n-\tsym_op->cipher.data.offset = aad_len;\n-\n-\tsym_op->auth.data.offset = aad_len;\n-\tsym_op->auth.data.length = tdata->plaintext.len;\n+\tsym_op->aead.data.length = tdata->plaintext.len;\n+\tsym_op->aead.data.offset = aad_len;\n \n \treturn 0;\n }\n@@ -7250,11 +7211,10 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,\n \n \t/* Create GCM session */\n \tretval = create_gcm_session(ts_params->valid_devs[0],\n-\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT,\n+\t\t\tRTE_CRYPTO_AEAD_OP_ENCRYPT,\n \t\t\ttdata->key.data, tdata->key.len,\n \t\t\ttdata->aad.len, tdata->auth_tag.len,\n-\t\t\ttdata->iv.len,\n-\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE);\n+\t\t\ttdata->iv.len);\n \tif (retval < 0)\n \t\treturn retval;\n \n@@ -7380,7 +7340,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,\n \t}\n \n \t/* Create GCM opertaion */\n-\tretval = create_gcm_operation_SGL(RTE_CRYPTO_CIPHER_OP_ENCRYPT,\n+\tretval = create_gcm_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,\n \t\t\ttdata, digest_mem, digest_phys);\n \n \tif (retval < 0)\ndiff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c\nindex 71b03cd..8e9c33a 100644\n--- a/test/test/test_cryptodev_perf.c\n+++ b/test/test/test_cryptodev_perf.c\n@@ -65,7 +65,8 @@ enum chain_mode {\n \tCIPHER_HASH,\n \tHASH_CIPHER,\n \tCIPHER_ONLY,\n-\tHASH_ONLY\n+\tHASH_ONLY,\n+\tAEAD\n };\n \n \n@@ -86,6 +87,7 @@ struct symmetric_op {\n struct symmetric_session_attrs {\n \tenum rte_crypto_cipher_operation cipher;\n \tenum rte_crypto_auth_operation auth;\n+\tenum rte_crypto_aead_operation aead;\n \n \tenum rte_crypto_cipher_algorithm cipher_algorithm;\n \tconst uint8_t *key_cipher_data;\n@@ -95,6 +97,10 @@ struct symmetric_session_attrs {\n \tconst uint8_t *key_auth_data;\n \tuint32_t key_auth_len;\n \n+\tenum rte_crypto_aead_algorithm aead_algorithm;\n+\tconst uint8_t *key_aead_data;\n+\tuint32_t key_aead_len;\n+\n \tconst uint8_t *iv_data;\n \tuint16_t iv_len;\n \tuint16_t aad_len;\n@@ -124,8 +130,9 @@ struct perf_test_params {\n \tenum chain_mode chain;\n \n \tenum rte_crypto_cipher_algorithm cipher_algo;\n-\tunsigned cipher_key_length;\n+\tunsigned key_length;\n \tenum rte_crypto_auth_algorithm auth_algo;\n+\tenum rte_crypto_aead_algorithm aead_algo;\n \n \tstruct symmetric_session_attrs *session_attrs;\n \n@@ -157,7 +164,8 @@ static struct rte_cryptodev_sym_session *\n test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,\n \t\tenum rte_crypto_cipher_algorithm cipher_algo,\n \t\tunsigned int cipher_key_len,\n-\t\tenum rte_crypto_auth_algorithm auth_algo);\n+\t\tenum rte_crypto_auth_algorithm auth_algo,\n+\t\tenum rte_crypto_aead_algorithm aead_algo);\n static struct rte_cryptodev_sym_session *\n test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,\n \t\tenum rte_crypto_cipher_algorithm cipher_algo,\n@@ -191,6 +199,7 @@ static const char *chain_mode_name(enum chain_mode mode)\n \tcase HASH_CIPHER: return \"hash_cipher\"; break;\n \tcase CIPHER_ONLY: return \"cipher_only\"; break;\n \tcase HASH_ONLY: return \"hash_only\"; break;\n+\tcase AEAD: return \"aead\"; break;\n \tdefault: return \"\"; break;\n \t}\n }\n@@ -2085,7 +2094,7 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)\n \t/* Create Crypto session*/\n \tsess = test_perf_create_snow3g_session(ts_params->dev_id,\n \t\t\tpparams->chain, pparams->cipher_algo,\n-\t\t\tpparams->cipher_key_length, pparams->auth_algo);\n+\t\t\tpparams->key_length, pparams->auth_algo);\n \tTEST_ASSERT_NOT_NULL(sess, \"Session creation failed\");\n \n \t/* Generate Crypto op data structure(s)*/\n@@ -2106,7 +2115,16 @@ test_perf_snow3G_optimise_cyclecount(struct perf_test_params *pparams)\n \t\tc_ops[i] = op;\n \t}\n \n-\tprintf(\"\\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, \"\n+\tif (pparams->chain == AEAD)\n+\t\tprintf(\"\\nOn %s dev%u qp%u, %s, aead algo:%s, \"\n+\t\t\t\"Packet Size %u bytes\",\n+\t\t\tpmd_name(gbl_cryptodev_perftest_devtype),\n+\t\t\tts_params->dev_id, 0,\n+\t\t\tchain_mode_name(pparams->chain),\n+\t\t\trte_crypto_aead_algorithm_strings[pparams->aead_algo],\n+\t\t\tpparams->buf_size);\n+\telse\n+\t\tprintf(\"\\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, \"\n \t\t\t\"Packet Size %u bytes\",\n \t\t\tpmd_name(gbl_cryptodev_perftest_devtype),\n \t\t\tts_params->dev_id, 0,\n@@ -2196,14 +2214,14 @@ test_perf_snow3G_vary_burst_size(void)\n \t\t\t{\n \t\t\t\t\t.chain = CIPHER_ONLY,\n \t\t\t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,\n-\t\t\t\t\t.cipher_key_length = 16,\n+\t\t\t\t\t.key_length = 16,\n \t\t\t\t\t.auth_algo = RTE_CRYPTO_AUTH_NULL,\n \t\t\t},\n \t\t\t{\n \t\t\t\t\t.chain = HASH_ONLY,\n \t\t\t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_NULL,\n \t\t\t\t\t.auth_algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,\n-\t\t\t\t\t.cipher_key_length = 16\n+\t\t\t\t\t.key_length = 16\n \t\t\t},\n \t};\n \n@@ -2260,7 +2278,8 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)\n \t/* Create Crypto session*/\n \tsess = test_perf_create_openssl_session(ts_params->dev_id,\n \t\t\tpparams->chain, pparams->cipher_algo,\n-\t\t\tpparams->cipher_key_length, pparams->auth_algo);\n+\t\t\tpparams->key_length, pparams->auth_algo,\n+\t\t\tpparams->aead_algo);\n \tTEST_ASSERT_NOT_NULL(sess, \"Session creation failed\");\n \n \t/* Generate Crypto op data structure(s)*/\n@@ -2275,21 +2294,22 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)\n \t\t\t\t\t\tRTE_CRYPTO_OP_TYPE_SYMMETRIC);\n \t\tTEST_ASSERT_NOT_NULL(op, \"Failed to allocate op\");\n \n-\t\tswitch (pparams->cipher_algo) {\n-\t\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n-\t\tcase RTE_CRYPTO_CIPHER_3DES_CTR:\n-\t\t\ttest_perf_set_crypto_op = test_perf_set_crypto_op_3des;\n-\t\t\tbreak;\n-\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n-\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n-\t\t\ttest_perf_set_crypto_op = test_perf_set_crypto_op_aes;\n-\t\t\tbreak;\n-\t\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n+\t\tif (pparams->chain == AEAD)\n \t\t\ttest_perf_set_crypto_op =\n \t\t\t\t\t\ttest_perf_set_crypto_op_aes_gcm;\n-\t\t\tbreak;\n-\t\tdefault:\n-\t\t\treturn TEST_FAILED;\n+\t\telse {\n+\t\t\tswitch (pparams->cipher_algo) {\n+\t\t\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n+\t\t\tcase RTE_CRYPTO_CIPHER_3DES_CTR:\n+\t\t\t\ttest_perf_set_crypto_op = test_perf_set_crypto_op_3des;\n+\t\t\t\tbreak;\n+\t\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\t\t\ttest_perf_set_crypto_op = test_perf_set_crypto_op_aes;\n+\t\t\t\tbreak;\n+\t\t\tdefault:\n+\t\t\t\treturn TEST_FAILED;\n+\t\t\t}\n \t\t}\n \n \t\top = test_perf_set_crypto_op(op, m, sess, pparams->buf_size,\n@@ -2299,14 +2319,24 @@ test_perf_openssl_optimise_cyclecount(struct perf_test_params *pparams)\n \t\tc_ops[i] = op;\n \t}\n \n-\tprintf(\"\\nOn %s dev%u qp%u, %s, cipher algo:%s, cipher key length:%u, \"\n-\t\t\t\"auth_algo:%s, Packet Size %u bytes\",\n+\tif (pparams->chain == AEAD)\n+\t\tprintf(\"\\nOn %s dev%u qp%u, %s, aead_algo:%s, \"\n+\t\t\t\"key length:%u, Packet Size %u bytes\",\n+\t\t\tpmd_name(gbl_cryptodev_perftest_devtype),\n+\t\t\tts_params->dev_id, 0,\n+\t\t\tchain_mode_name(pparams->chain),\n+\t\t\trte_crypto_aead_algorithm_strings[pparams->aead_algo],\n+\t\t\tpparams->key_length,\n+\t\t\tpparams->buf_size);\n+\telse\n+\t\tprintf(\"\\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, \"\n+\t\t\t\"key length:%u, Packet Size %u bytes\",\n \t\t\tpmd_name(gbl_cryptodev_perftest_devtype),\n \t\t\tts_params->dev_id, 0,\n \t\t\tchain_mode_name(pparams->chain),\n \t\t\trte_crypto_cipher_algorithm_strings[pparams->cipher_algo],\n-\t\t\tpparams->cipher_key_length,\n \t\t\trte_crypto_auth_algorithm_strings[pparams->auth_algo],\n+\t\t\tpparams->key_length,\n \t\t\tpparams->buf_size);\n \tprintf(\"\\nOps Tx\\tOps Rx\\tOps/burst \");\n \tprintf(\"Retries EmptyPolls\\tIACycles/CyOp\\tIACycles/Burst\\t\"\n@@ -2410,7 +2440,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)\n \t/* Create Crypto session*/\n \tsess = test_perf_create_armv8_session(ts_params->dev_id,\n \t\t\tpparams->chain, pparams->cipher_algo,\n-\t\t\tpparams->cipher_key_length, pparams->auth_algo);\n+\t\t\tpparams->key_length, pparams->auth_algo);\n \tTEST_ASSERT_NOT_NULL(sess, \"Session creation failed\");\n \n \t/* Generate Crypto op data structure(s)*/\n@@ -2438,7 +2468,7 @@ test_perf_armv8_optimise_cyclecount(struct perf_test_params *pparams)\n \t\t\tts_params->dev_id, 0,\n \t\t\tchain_mode_name(pparams->chain),\n \t\t\trte_crypto_cipher_algorithm_strings[pparams->cipher_algo],\n-\t\t\tpparams->cipher_key_length,\n+\t\t\tpparams->key_length,\n \t\t\trte_crypto_auth_algorithm_strings[pparams->auth_algo],\n \t\t\tpparams->buf_size);\n \tprintf(\"\\nOps Tx\\tOps Rx\\tOps/burst \");\n@@ -2532,8 +2562,6 @@ static uint32_t get_auth_key_max_length(enum rte_crypto_auth_algorithm algo)\n \t\treturn 128;\n \tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n \t\treturn 128;\n-\tcase RTE_CRYPTO_AUTH_AES_GCM:\n-\t\treturn 0;\n \tdefault:\n \t\treturn 0;\n \t}\n@@ -2554,7 +2582,15 @@ static uint32_t get_auth_digest_length(enum rte_crypto_auth_algorithm algo)\n \t\treturn TRUNCATED_DIGEST_BYTE_LENGTH_SHA384;\n \tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n \t\treturn TRUNCATED_DIGEST_BYTE_LENGTH_SHA512;\n-\tcase RTE_CRYPTO_AUTH_AES_GCM:\n+\tdefault:\n+\t\treturn 0;\n+\t}\n+}\n+\n+static uint32_t get_aead_digest_length(enum rte_crypto_aead_algorithm algo)\n+{\n+\tswitch (algo) {\n+\tcase RTE_CRYPTO_AEAD_AES_GCM:\n \t\treturn DIGEST_BYTE_LENGTH_AES_GCM;\n \tdefault:\n \t\treturn 0;\n@@ -2732,55 +2768,73 @@ test_perf_create_snow3g_session(uint8_t dev_id, enum chain_mode chain,\n static struct rte_cryptodev_sym_session *\n test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,\n \t\tenum rte_crypto_cipher_algorithm cipher_algo,\n-\t\tunsigned int cipher_key_len,\n-\t\tenum rte_crypto_auth_algorithm auth_algo)\n+\t\tunsigned int key_len,\n+\t\tenum rte_crypto_auth_algorithm auth_algo,\n+\t\tenum rte_crypto_aead_algorithm aead_algo)\n {\n \tstruct rte_crypto_sym_xform cipher_xform = { 0 };\n \tstruct rte_crypto_sym_xform auth_xform = { 0 };\n+\tstruct rte_crypto_sym_xform aead_xform = { 0 };\n \n-\t/* Setup Cipher Parameters */\n-\tcipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n-\tcipher_xform.cipher.algo = cipher_algo;\n-\tcipher_xform.cipher.iv.offset = IV_OFFSET;\n-\tcipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;\n+\tif (chain == CIPHER_HASH || chain == HASH_CIPHER) {\n+\t\t/* Setup Cipher Parameters */\n+\t\tcipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\t\tcipher_xform.cipher.algo = cipher_algo;\n+\t\tcipher_xform.cipher.iv.offset = IV_OFFSET;\n+\t\tcipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;\n \n-\tswitch (cipher_algo) {\n-\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n-\tcase RTE_CRYPTO_CIPHER_3DES_CTR:\n-\t\tcipher_xform.cipher.key.data = triple_des_key;\n-\t\tcipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;\n-\t\tbreak;\n-\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n-\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n-\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n-\t\tcipher_xform.cipher.key.data = aes_key;\n-\t\tcipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;\n-\t\tbreak;\n-\tdefault:\n-\t\treturn NULL;\n-\t}\n+\t\tswitch (cipher_algo) {\n+\t\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n+\t\tcase RTE_CRYPTO_CIPHER_3DES_CTR:\n+\t\t\tcipher_xform.cipher.key.data = triple_des_key;\n+\t\t\tcipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\t\tcipher_xform.cipher.key.data = aes_key;\n+\t\t\tcipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn NULL;\n+\t\t}\n \n-\tcipher_xform.cipher.key.length = cipher_key_len;\n+\t\tcipher_xform.cipher.key.length = key_len;\n \n-\t/* Setup Auth Parameters */\n-\tauth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n-\tauth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;\n-\tauth_xform.auth.algo = auth_algo;\n+\t\t/* Setup Auth Parameters */\n+\t\tauth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n+\t\tauth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;\n+\t\tauth_xform.auth.algo = auth_algo;\n \n-\tswitch (auth_algo) {\n-\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n-\t\tauth_xform.auth.key.data = hmac_sha_key;\n-\t\tbreak;\n-\tcase RTE_CRYPTO_AUTH_AES_GCM:\n-\t\tauth_xform.auth.key.data = NULL;\n-\t\tauth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;\n-\t\tbreak;\n-\tdefault:\n-\t\treturn NULL;\n-\t}\n+\t\tswitch (auth_algo) {\n+\t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\t\tauth_xform.auth.key.data = hmac_sha_key;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn NULL;\n+\t\t}\n \n-\tauth_xform.auth.key.length = get_auth_key_max_length(auth_algo);\n-\tauth_xform.auth.digest_length = get_auth_digest_length(auth_algo);\n+\t\tauth_xform.auth.key.length = get_auth_key_max_length(auth_algo);\n+\t\tauth_xform.auth.digest_length = get_auth_digest_length(auth_algo);\n+\t} else if (chain == AEAD) {\n+\t\t/* Setup AEAD Parameters */\n+\t\taead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\t\taead_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;\n+\t\taead_xform.aead.algo = aead_algo;\n+\t\taead_xform.aead.iv.offset = IV_OFFSET;\n+\n+\t\tswitch (aead_algo) {\n+\t\tcase RTE_CRYPTO_AEAD_AES_GCM:\n+\t\t\taead_xform.aead.key.data = aes_key;\n+\t\t\taead_xform.aead.iv.length = AES_CIPHER_IV_LENGTH;\n+\t\t\taead_xform.aead.add_auth_data_length = AES_GCM_AAD_LENGTH;\n+\t\t\taead_xform.aead.digest_length = get_aead_digest_length(auth_algo);\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn NULL;\n+\t\t}\n+\n+\t\taead_xform.aead.key.length = key_len;\n+\t}\n \n \tswitch (chain) {\n \tcase CIPHER_HASH:\n@@ -2793,6 +2847,9 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,\n \t\tcipher_xform.next = NULL;\n \t\t/* Create Crypto session*/\n \t\treturn rte_cryptodev_sym_session_create(dev_id,\t&auth_xform);\n+\tcase AEAD:\n+\t\t/* Create Crypto session*/\n+\t\treturn rte_cryptodev_sym_session_create(dev_id,\t&aead_xform);\n \tdefault:\n \t\treturn NULL;\n \t}\n@@ -2916,22 +2973,19 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,\n \t}\n \n \t/* Authentication Parameters */\n-\top->sym->auth.digest.data = (uint8_t *)m->buf_addr +\n+\top->sym->aead.digest.data = (uint8_t *)m->buf_addr +\n \t\t\t\t\t(m->data_off + data_len);\n-\top->sym->auth.digest.phys_addr =\n+\top->sym->aead.digest.phys_addr =\n \t\t\t\trte_pktmbuf_mtophys_offset(m, data_len);\n-\top->sym->auth.aad.data = aes_gcm_aad;\n+\top->sym->aead.aad.data = aes_gcm_aad;\n \n \t/* Copy IV at the end of the crypto operation */\n \trte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),\n \t\t\taes_iv, AES_CIPHER_IV_LENGTH);\n \n \t/* Data lengths/offsets Parameters */\n-\top->sym->auth.data.offset = 0;\n-\top->sym->auth.data.length = data_len;\n-\n-\top->sym->cipher.data.offset = 0;\n-\top->sym->cipher.data.length = data_len;\n+\top->sym->aead.data.offset = 0;\n+\top->sym->aead.data.length = data_len;\n \n \top->sym->m_src = m;\n \n@@ -3102,7 +3156,7 @@ test_perf_aes_sha(uint8_t dev_id, uint16_t queue_id,\n \t/* Create Crypto session*/\n \tsess = test_perf_create_aes_sha_session(ts_params->dev_id,\n \t\t\tpparams->chain, pparams->cipher_algo,\n-\t\t\tpparams->cipher_key_length, pparams->auth_algo);\n+\t\t\tpparams->key_length, pparams->auth_algo);\n \tTEST_ASSERT_NOT_NULL(sess, \"Session creation failed\");\n \n \t/* Generate a burst of crypto operations */\n@@ -3235,7 +3289,7 @@ test_perf_snow3g(uint8_t dev_id, uint16_t queue_id,\n \t/* Create Crypto session*/\n \tsess = test_perf_create_snow3g_session(ts_params->dev_id,\n \t\t\tpparams->chain, pparams->cipher_algo,\n-\t\t\tpparams->cipher_key_length, pparams->auth_algo);\n+\t\t\tpparams->key_length, pparams->auth_algo);\n \tTEST_ASSERT_NOT_NULL(sess, \"Session creation failed\");\n \n \t/* Generate a burst of crypto operations */\n@@ -3394,20 +3448,22 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,\n \t\t\t\t\tunsigned int,\n \t\t\t\t\tenum chain_mode);\n \n-\tswitch (pparams->cipher_algo) {\n-\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n-\tcase RTE_CRYPTO_CIPHER_3DES_CTR:\n-\t\ttest_perf_set_crypto_op = test_perf_set_crypto_op_3des;\n-\t\tbreak;\n-\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n-\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n-\t\ttest_perf_set_crypto_op = test_perf_set_crypto_op_aes;\n-\t\tbreak;\n-\tcase RTE_CRYPTO_CIPHER_AES_GCM:\n-\t\ttest_perf_set_crypto_op = test_perf_set_crypto_op_aes_gcm;\n-\t\tbreak;\n-\tdefault:\n-\t\treturn TEST_FAILED;\n+\tif (pparams->chain == AEAD)\n+\t\ttest_perf_set_crypto_op =\n+\t\t\t\t\ttest_perf_set_crypto_op_aes_gcm;\n+\telse {\n+\t\tswitch (pparams->cipher_algo) {\n+\t\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n+\t\tcase RTE_CRYPTO_CIPHER_3DES_CTR:\n+\t\t\ttest_perf_set_crypto_op = test_perf_set_crypto_op_3des;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\t\ttest_perf_set_crypto_op = test_perf_set_crypto_op_aes;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn TEST_FAILED;\n+\t\t}\n \t}\n \n \tif (rte_cryptodev_count() == 0) {\n@@ -3418,7 +3474,8 @@ test_perf_openssl(uint8_t dev_id, uint16_t queue_id,\n \t/* Create Crypto session*/\n \tsess = test_perf_create_openssl_session(ts_params->dev_id,\n \t\t\tpparams->chain, pparams->cipher_algo,\n-\t\t\tpparams->cipher_key_length, pparams->auth_algo);\n+\t\t\tpparams->key_length, pparams->auth_algo,\n+\t\t\tpparams->aead_algo);\n \tTEST_ASSERT_NOT_NULL(sess, \"Session creation failed\");\n \n \t/* Generate a burst of crypto operations */\n@@ -3548,7 +3605,7 @@ test_perf_armv8(uint8_t dev_id, uint16_t queue_id,\n \t/* Create Crypto session*/\n \tsess = test_perf_create_armv8_session(ts_params->dev_id,\n \t\t\tpparams->chain, pparams->cipher_algo,\n-\t\t\tpparams->cipher_key_length, pparams->auth_algo);\n+\t\t\tpparams->key_length, pparams->auth_algo);\n \tTEST_ASSERT_NOT_NULL(sess, \"Session creation failed\");\n \n \t/* Generate a burst of crypto operations */\n@@ -3674,48 +3731,48 @@ test_perf_aes_cbc_encrypt_digest_vary_pkt_size(void)\n \t\t{\n \t\t\t.chain = CIPHER_ONLY,\n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_NULL\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 32,\n+\t\t\t.key_length = 32,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 32,\n+\t\t\t.key_length = 32,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 32,\n+\t\t\t.key_length = 32,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC\n \t\t},\n \t};\n@@ -3729,7 +3786,7 @@ test_perf_aes_cbc_encrypt_digest_vary_pkt_size(void)\n \t\t\tchain_mode_name(params_set[i].chain),\n \t\t\trte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],\n \t\t\trte_crypto_auth_algorithm_strings[params_set[i].auth_algo],\n-\t\t\tparams_set[i].cipher_key_length,\n+\t\t\tparams_set[i].key_length,\n \t\t\tburst_size);\n \t\tprintf(\"\\nBuffer Size(B)\\tOPS(M)\\tThroughput(Gbps)\\t\"\n \t\t\t\"Retries\\tEmptyPolls\\n\");\n@@ -3755,14 +3812,14 @@ test_perf_snow3G_vary_pkt_size(void)\n \t\t{\n \t\t\t.chain = CIPHER_ONLY,\n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_NULL,\n \t\t},\n \t\t{\n \t\t\t.chain = HASH_ONLY,\n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_NULL,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,\n-\t\t\t.cipher_key_length = 16\n+\t\t\t.key_length = 16\n \t\t},\n \t};\n \n@@ -3813,63 +3870,77 @@ test_perf_openssl_vary_pkt_size(void)\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CBC,\n-\t\t\t.cipher_key_length = 24,\n+\t\t\t.key_length = 24,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,\n-\t\t\t.cipher_key_length = 32,\n+\t\t\t.key_length = 32,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CTR,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CTR,\n-\t\t\t.cipher_key_length = 24,\n+\t\t\t.key_length = 24,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n-\t\t\t.chain = CIPHER_HASH,\n+\t\t\t.chain = AEAD,\n \n-\t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_GCM,\n-\t\t\t.cipher_key_length = 16,\n-\t\t\t.auth_algo = RTE_CRYPTO_AUTH_AES_GCM\n+\t\t\t.aead_algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t\t.key_length = 16,\n \t\t},\n \t};\n \n \tfor (i = 0; i < RTE_DIM(params_set); i++) {\n \t\tparams_set[i].total_operations = total_operations;\n \t\tparams_set[i].burst_size = burst_size;\n-\t\tprintf(\"\\n%s. cipher algo: %s auth algo: %s cipher key size=%u.\"\n-\t\t\t\" burst_size: %d ops\\n\",\n-\t\t\tchain_mode_name(params_set[i].chain),\n-\t\t\trte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],\n-\t\t\trte_crypto_auth_algorithm_strings[params_set[i].auth_algo],\n-\t\t\tparams_set[i].cipher_key_length,\n-\t\t\tburst_size);\n+\t\tif (params_set[i].chain == AEAD) {\n+\t\t\tenum rte_crypto_aead_algorithm aead_algo =\n+\t\t\t\tparams_set[i].aead_algo;\n+\t\t\tprintf(\"\\n%s. aead algo: %s key size=%u.\"\n+\t\t\t\t\" burst_size: %d ops\\n\",\n+\t\t\t\tchain_mode_name(params_set[i].chain),\n+\t\t\t\trte_crypto_aead_algorithm_strings[aead_algo],\n+\t\t\t\tparams_set[i].key_length,\n+\t\t\t\tburst_size);\n+\t\t} else {\n+\t\t\tenum rte_crypto_cipher_algorithm cipher_algo =\n+\t\t\t\tparams_set[i].cipher_algo;\n+\t\t\tenum rte_crypto_auth_algorithm auth_algo =\n+\t\t\t\tparams_set[i].auth_algo;\n+\t\t\tprintf(\"\\n%s. cipher algo: %s auth algo: %s key size=%u.\"\n+\t\t\t\t\" burst_size: %d ops\\n\",\n+\t\t\t\tchain_mode_name(params_set[i].chain),\n+\t\t\t\trte_crypto_cipher_algorithm_strings[cipher_algo],\n+\t\t\t\trte_crypto_auth_algorithm_strings[auth_algo],\n+\t\t\t\tparams_set[i].key_length,\n+\t\t\t\tburst_size);\n+\t\t}\n \t\tprintf(\"\\nBuffer Size(B)\\tOPS(M)\\tThroughput(Gbps)\\tRetries\\t\"\n \t\t\t\t\"EmptyPolls\\n\");\n \t\tfor (j = 0; j < RTE_DIM(buf_lengths); j++) {\n@@ -3894,50 +3965,49 @@ test_perf_openssl_vary_burst_size(void)\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CBC,\n-\t\t\t.cipher_key_length = 24,\n+\t\t\t.key_length = 24,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,\n-\t\t\t.cipher_key_length = 32,\n+\t\t\t.key_length = 32,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CTR,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CTR,\n-\t\t\t.cipher_key_length = 24,\n+\t\t\t.key_length = 24,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n-\t\t\t.chain = CIPHER_HASH,\n+\t\t\t.chain = AEAD,\n \n-\t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_GCM,\n-\t\t\t.cipher_key_length = 16,\n-\t\t\t.auth_algo = RTE_CRYPTO_AUTH_AES_GCM\n+\t\t\t.aead_algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t\t.key_length = 16,\n \t\t},\n \t};\n \n@@ -3974,28 +4044,28 @@ test_perf_armv8_vary_pkt_size(void)\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = HASH_CIPHER,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = HASH_CIPHER,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC\n \t\t},\n \t};\n@@ -4008,7 +4078,7 @@ test_perf_armv8_vary_pkt_size(void)\n \t\t\tchain_mode_name(params_set[i].chain),\n \t\t\trte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],\n \t\t\trte_crypto_auth_algorithm_strings[params_set[i].auth_algo],\n-\t\t\tparams_set[i].cipher_key_length,\n+\t\t\tparams_set[i].key_length,\n \t\t\tburst_size);\n \t\tprintf(\"\\nBuffer Size(B)\\tOPS(M)\\tThroughput(Gbps)\\tRetries\\t\"\n \t\t\t\t\"EmptyPolls\\n\");\n@@ -4034,28 +4104,28 @@ test_perf_armv8_vary_burst_size(void)\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = HASH_CIPHER,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = CIPHER_HASH,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC\n \t\t},\n \t\t{\n \t\t\t.chain = HASH_CIPHER,\n \n \t\t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t\t.cipher_key_length = 16,\n+\t\t\t.key_length = 16,\n \t\t\t.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC\n \t\t},\n \t};\n@@ -4090,48 +4160,26 @@ static struct rte_cryptodev_sym_session *\n test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)\n {\n \tstatic struct rte_cryptodev_sym_session *sess;\n-\tstruct rte_crypto_sym_xform cipher_xform = { 0 };\n-\tstruct rte_crypto_sym_xform auth_xform = { 0 };\n+\tstruct rte_crypto_sym_xform aead_xform = { 0 };\n \n-\tuint8_t cipher_key[pparams->session_attrs->key_cipher_len];\n-\tuint8_t auth_key[pparams->session_attrs->key_auth_len];\n+\tuint8_t aead_key[pparams->session_attrs->key_aead_len];\n \n-\tmemcpy(cipher_key, pparams->session_attrs->key_cipher_data,\n-\t\t pparams->session_attrs->key_cipher_len);\n-\tmemcpy(auth_key, pparams->session_attrs->key_auth_data,\n-\t\t pparams->session_attrs->key_auth_len);\n-\n-\tcipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n-\tcipher_xform.next = NULL;\n-\n-\tcipher_xform.cipher.algo = pparams->session_attrs->cipher_algorithm;\n-\tcipher_xform.cipher.op = pparams->session_attrs->cipher;\n-\tcipher_xform.cipher.key.data = cipher_key;\n-\tcipher_xform.cipher.key.length = pparams->session_attrs->key_cipher_len;\n-\tcipher_xform.cipher.iv.length = pparams->session_attrs->iv_len;\n-\tcipher_xform.cipher.iv.offset = IV_OFFSET;\n-\n-\tauth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n-\tauth_xform.next = NULL;\n+\tmemcpy(aead_key, pparams->session_attrs->key_aead_data,\n+\t\t pparams->session_attrs->key_aead_len);\n \n-\tauth_xform.auth.op = pparams->session_attrs->auth;\n-\tauth_xform.auth.algo = pparams->session_attrs->auth_algorithm;\n+\taead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;\n+\taead_xform.next = NULL;\n \n-\tauth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;\n-\tauth_xform.auth.digest_length = pparams->session_attrs->digest_len;\n-\tauth_xform.auth.key.length = pparams->session_attrs->key_auth_len;\n+\taead_xform.aead.algo = pparams->session_attrs->aead_algorithm;\n+\taead_xform.aead.op = pparams->session_attrs->aead;\n+\taead_xform.aead.key.data = aead_key;\n+\taead_xform.aead.key.length = pparams->session_attrs->key_aead_len;\n+\taead_xform.aead.iv.length = pparams->session_attrs->iv_len;\n+\taead_xform.aead.iv.offset = IV_OFFSET;\n+\taead_xform.aead.add_auth_data_length = pparams->session_attrs->aad_len;\n+\taead_xform.aead.digest_length = pparams->session_attrs->digest_len;\n \n-\n-\tcipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;\n-\tif (cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {\n-\t\tcipher_xform.next = &auth_xform;\n-\t\tsess = rte_cryptodev_sym_session_create(dev_id,\n-\t\t\t\t&cipher_xform);\n-\t} else {\n-\t\tauth_xform.next = &cipher_xform;\n-\t\tsess = rte_cryptodev_sym_session_create(dev_id,\n-\t\t\t\t&auth_xform);\n-\t}\n+\tsess = rte_cryptodev_sym_session_create(dev_id,\t&aead_xform);\n \n \treturn sess;\n }\n@@ -4150,17 +4198,17 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,\n \t\treturn NULL;\n \t}\n \n-\top->sym->auth.digest.data = m_hlp->digest;\n-\top->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(\n+\top->sym->aead.digest.data = m_hlp->digest;\n+\top->sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(\n \t\t\t\t\t m,\n \t\t\t\t\t params->session_attrs->aad_len +\n \t\t\t\t\t params->symmetric_op->p_len);\n \n \n-\top->sym->auth.aad.data = m_hlp->aad;\n-\top->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);\n+\top->sym->aead.aad.data = m_hlp->aad;\n+\top->sym->aead.aad.phys_addr = rte_pktmbuf_mtophys(m);\n \n-\trte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,\n+\trte_memcpy(op->sym->aead.aad.data, params->symmetric_op->aad_data,\n \t\t params->session_attrs->aad_len);\n \n \trte_memcpy(IV_ptr, params->session_attrs->iv_data,\n@@ -4168,13 +4216,9 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,\n \tif (params->session_attrs->iv_len == 12)\n \t\tIV_ptr[15] = 1;\n \n-\top->sym->auth.data.offset =\n-\t\t\tparams->session_attrs->aad_len;\n-\top->sym->auth.data.length = params->symmetric_op->p_len;\n-\n-\top->sym->cipher.data.offset =\n+\top->sym->aead.data.offset =\n \t\t\tparams->session_attrs->aad_len;\n-\top->sym->cipher.data.length = params->symmetric_op->p_len;\n+\top->sym->aead.data.length = params->symmetric_op->p_len;\n \n \top->sym->m_src = m;\n \n@@ -4388,20 +4432,14 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)\n \n \t\tgcm_test = gcm_tests[i];\n \n-\t\tsession_attrs[i].cipher =\n-\t\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT;\n-\t\tsession_attrs[i].cipher_algorithm =\n-\t\t\t\tRTE_CRYPTO_CIPHER_AES_GCM;\n-\t\tsession_attrs[i].key_cipher_data =\n+\t\tsession_attrs[i].aead =\n+\t\t\t\tRTE_CRYPTO_AEAD_OP_ENCRYPT;\n+\t\tsession_attrs[i].aead_algorithm =\n+\t\t\t\tRTE_CRYPTO_AEAD_AES_GCM;\n+\t\tsession_attrs[i].key_aead_data =\n \t\t\t\tgcm_test->key.data;\n-\t\tsession_attrs[i].key_cipher_len =\n+\t\tsession_attrs[i].key_aead_len =\n \t\t\t\tgcm_test->key.len;\n-\t\tsession_attrs[i].auth_algorithm =\n-\t\t\t\tRTE_CRYPTO_AUTH_AES_GCM;\n-\t\tsession_attrs[i].auth =\n-\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE;\n-\t\tsession_attrs[i].key_auth_data = NULL;\n-\t\tsession_attrs[i].key_auth_len = 0;\n \t\tsession_attrs[i].aad_len = gcm_test->aad.len;\n \t\tsession_attrs[i].digest_len =\n \t\t\t\tgcm_test->auth_tag.len;\n@@ -4416,7 +4454,7 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)\n \t\tops_set[i].t_data = gcm_test->auth_tags[i].data;\n \t\tops_set[i].t_len = gcm_test->auth_tags[i].len;\n \n-\t\tparams_set[i].chain = CIPHER_HASH;\n+\t\tparams_set[i].chain = AEAD;\n \t\tparams_set[i].session_attrs = &session_attrs[i];\n \t\tparams_set[i].symmetric_op = &ops_set[i];\n \t\tif (continual_buf_len)\n@@ -4518,7 +4556,7 @@ test_perf_continual_performance_test(void)\n \t\t.chain = CIPHER_HASH,\n \n \t\t.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,\n-\t\t.cipher_key_length = 16,\n+\t\t.key_length = 16,\n \t\t.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC\n \t};\n \n@@ -4528,7 +4566,7 @@ test_perf_continual_performance_test(void)\n \t\t\tchain_mode_name(params_set.chain),\n \t\t\trte_crypto_cipher_algorithm_strings[params_set.cipher_algo],\n \t\t\trte_crypto_auth_algorithm_strings[params_set.auth_algo],\n-\t\t\tparams_set.cipher_key_length,\n+\t\t\tparams_set.key_length,\n \t\t\tburst_size);\n \t\tprintf(\"\\nBuffer Size(B)\\tOPS(M)\\tThroughput(Gbps)\\t\"\n \t\t\t\t\"Retries\\tEmptyPolls\\n\");\n", "prefixes": [ "dpdk-dev", "21/22" ] }