[dpdk-dev,05/30] crypto/qat: add symmetric session file

Message ID 1523040732-3290-6-git-send-email-fiona.trahe@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Pablo de Lara Guarch
Headers

Checks

Context Check Description
ci/checkpatch warning coding style issues
ci/Intel-compilation fail apply issues

Commit Message

Fiona Trahe April 6, 2018, 6:51 p.m. UTC
This commit adds qat_sym_session.c/h files and moves objects
from qat_algs_build_desc and qat_algs.h

Following objects were moved:
qat_adf/qat_algs_build_desc.c => qat_sym_session.c
- all objects -
qat_adf/qat_algs.h => qat_sym_session.h
- enum qat_crypto_proto_flag
- struct qat_alg_cd
- struct qat_session
- int qat_get_inter_state_size()
- int qat_alg_aead_session_create_content_desc_cipher()
- int qat_alg_aead_session_create_content_desc_auth()
- void qat_alg_init_common_hdr()
- int qat_alg_validate_aes_key()
- int qat_alg_validate_aes_docsisbpi_key()
- int qat_alg_validate_snow3g_key()
- int qat_alg_validate_kasumi_key()
- int qat_alg_validate_3des_key()
- int qat_alg_validate_des_key()
- int qat_cipher_get_block_size()
- int qat_alg_validate_zuc_key()
-- all macros
qat_crypto.h => qat_sym_session.h
int qat_crypto_sym_configure_session()
int qat_crypto_set_session_parameters()
int qat_crypto_sym_configure_session_aead()
int qat_crypto_sym_configure_session_cipher()
int qat_crypto_sym_configure_session_auth()
int qat_alg_aead_session_create_content_desc_cipher()
int qat_alg_aead_session_create_content_desc_auth()
static struct rte_crypto_auth_xform qat_get_auth_xform()
static struct rte_crypto_cipher_xform qat_get_cipher_xform()

Signed-off-by: ArkadiuszX Kusztal <arkadiuszx.kusztal@intel.com>
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
---
 drivers/crypto/qat/Makefile                        |   2 +-
 drivers/crypto/qat/meson.build                     |   2 +-
 drivers/crypto/qat/qat_crypto.c                    | 704 +-------------------
 drivers/crypto/qat/qat_crypto.h                    |  36 -
 drivers/crypto/qat/qat_qp.c                        |   1 -
 .../qat_algs_build_desc.c => qat_sym_session.c}    | 726 ++++++++++++++++++++-
 drivers/crypto/qat/qat_sym_session.h               | 142 ++++
 drivers/crypto/qat/rte_qat_cryptodev.c             |   1 +
 8 files changed, 863 insertions(+), 751 deletions(-)
 rename drivers/crypto/qat/{qat_adf/qat_algs_build_desc.c => qat_sym_session.c} (61%)
 create mode 100644 drivers/crypto/qat/qat_sym_session.h
  

Patch

diff --git a/drivers/crypto/qat/Makefile b/drivers/crypto/qat/Makefile
index 6bdd11679..c63c1515e 100644
--- a/drivers/crypto/qat/Makefile
+++ b/drivers/crypto/qat/Makefile
@@ -24,7 +24,7 @@  LDLIBS += -lrte_pci -lrte_bus_pci
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += qat_crypto.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += qat_device.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += qat_qp.c
-SRCS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += qat_adf/qat_algs_build_desc.c
+SRCS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += qat_sym_session.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += rte_qat_cryptodev.c
 
 # export include files
diff --git a/drivers/crypto/qat/meson.build b/drivers/crypto/qat/meson.build
index 51630e31b..be4282a83 100644
--- a/drivers/crypto/qat/meson.build
+++ b/drivers/crypto/qat/meson.build
@@ -6,7 +6,7 @@  if not dep.found()
 	build = false
 endif
 sources = files('qat_crypto.c', 'qat_qp.c',
-		'qat_adf/qat_algs_build_desc.c',
+		'qat_sym_session.c',
 		'rte_qat_cryptodev.c',
 		'qat_device.c')
 includes += include_directories('qat_adf')
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 7f2c2c86b..96a1b78f0 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -13,7 +13,7 @@ 
 #include <openssl/evp.h>
 
 #include "qat_logs.h"
-#include "qat_algs.h"
+#include "qat_sym_session.h"
 #include "qat_crypto.h"
 #include "adf_transport_access_macros.h"
 
@@ -23,46 +23,6 @@ 
  */
 #define BPI_MAX_ENCR_IV_LEN ICP_QAT_HW_AES_BLK_SZ
 
-static int
-qat_is_cipher_alg_supported(enum rte_crypto_cipher_algorithm algo,
-		struct qat_pmd_private *internals) {
-	int i = 0;
-	const struct rte_cryptodev_capabilities *capability;
-
-	while ((capability = &(internals->qat_dev_capabilities[i++]))->op !=
-			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-		if (capability->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
-			continue;
-
-		if (capability->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
-			continue;
-
-		if (capability->sym.cipher.algo == algo)
-			return 1;
-	}
-	return 0;
-}
-
-static int
-qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
-		struct qat_pmd_private *internals) {
-	int i = 0;
-	const struct rte_cryptodev_capabilities *capability;
-
-	while ((capability = &(internals->qat_dev_capabilities[i++]))->op !=
-			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-		if (capability->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
-			continue;
-
-		if (capability->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
-			continue;
-
-		if (capability->sym.auth.algo == algo)
-			return 1;
-	}
-	return 0;
-}
-
 /** Encrypt a single partial block
  *  Depends on openssl libcrypto
  *  Uses ECB+XOR to do CFB encryption, same result, more performant
@@ -124,49 +84,6 @@  bpi_cipher_decrypt(uint8_t *src, uint8_t *dst,
 /** Creates a context in either AES or DES in ECB mode
  *  Depends on openssl libcrypto
  */
-static int
-bpi_cipher_ctx_init(enum rte_crypto_cipher_algorithm cryptodev_algo,
-		enum rte_crypto_cipher_operation direction __rte_unused,
-		uint8_t *key, void **ctx)
-{
-	const EVP_CIPHER *algo = NULL;
-	int ret;
-	*ctx = EVP_CIPHER_CTX_new();
-
-	if (*ctx == NULL) {
-		ret = -ENOMEM;
-		goto ctx_init_err;
-	}
-
-	if (cryptodev_algo == RTE_CRYPTO_CIPHER_DES_DOCSISBPI)
-		algo = EVP_des_ecb();
-	else
-		algo = EVP_aes_128_ecb();
-
-	/* IV will be ECB encrypted whether direction is encrypt or decrypt*/
-	if (EVP_EncryptInit_ex(*ctx, algo, NULL, key, 0) != 1) {
-		ret = -EINVAL;
-		goto ctx_init_err;
-	}
-
-	return 0;
-
-ctx_init_err:
-	if (*ctx != NULL)
-		EVP_CIPHER_CTX_free(*ctx);
-	return ret;
-}
-
-/** Frees a context previously created
- *  Depends on openssl libcrypto
- */
-static void
-bpi_cipher_ctx_free(void *bpi_ctx)
-{
-	if (bpi_ctx != NULL)
-		EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)bpi_ctx);
-}
-
 static inline uint32_t
 adf_modulo(uint32_t data, uint32_t shift);
 
@@ -174,625 +91,6 @@  static inline int
 qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		struct qat_crypto_op_cookie *qat_op_cookie, struct qat_qp *qp);
 
-void
-qat_crypto_sym_clear_session(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *sess)
-{
-	PMD_INIT_FUNC_TRACE();
-	uint8_t index = dev->driver_id;
-	void *sess_priv = get_session_private_data(sess, index);
-	struct qat_session *s = (struct qat_session *)sess_priv;
-
-	if (sess_priv) {
-		if (s->bpi_ctx)
-			bpi_cipher_ctx_free(s->bpi_ctx);
-		memset(s, 0, qat_crypto_sym_get_session_private_size(dev));
-		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
-		set_session_private_data(sess, index, NULL);
-		rte_mempool_put(sess_mp, sess_priv);
-	}
-}
-
-static int
-qat_get_cmd_id(const struct rte_crypto_sym_xform *xform)
-{
-	/* Cipher Only */
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL)
-		return ICP_QAT_FW_LA_CMD_CIPHER;
-
-	/* Authentication Only */
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
-		return ICP_QAT_FW_LA_CMD_AUTH;
-
-	/* AEAD */
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-		/* AES-GCM and AES-CCM works with different direction
-		 * GCM first encrypts and generate hash where AES-CCM
-		 * first generate hash and encrypts. Similar relation
-		 * applies to decryption.
-		 */
-		if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
-			if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
-				return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
-			else
-				return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
-		else
-			if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
-				return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
-			else
-				return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
-	}
-
-	if (xform->next == NULL)
-		return -1;
-
-	/* Cipher then Authenticate */
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-			xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
-		return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
-
-	/* Authenticate then Cipher */
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-			xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
-		return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
-
-	return -1;
-}
-
-static struct rte_crypto_auth_xform *
-qat_get_auth_xform(struct rte_crypto_sym_xform *xform)
-{
-	do {
-		if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH)
-			return &xform->auth;
-
-		xform = xform->next;
-	} while (xform);
-
-	return NULL;
-}
-
-static struct rte_crypto_cipher_xform *
-qat_get_cipher_xform(struct rte_crypto_sym_xform *xform)
-{
-	do {
-		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
-			return &xform->cipher;
-
-		xform = xform->next;
-	} while (xform);
-
-	return NULL;
-}
-
-int
-qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct qat_session *session)
-{
-	struct qat_pmd_private *internals = dev->data->dev_private;
-	struct rte_crypto_cipher_xform *cipher_xform = NULL;
-	int ret;
-
-	/* Get cipher xform from crypto xform chain */
-	cipher_xform = qat_get_cipher_xform(xform);
-
-	session->cipher_iv.offset = cipher_xform->iv.offset;
-	session->cipher_iv.length = cipher_xform->iv.length;
-
-	switch (cipher_xform->algo) {
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-		if (qat_alg_validate_aes_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-		if (qat_alg_validate_aes_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
-		if (qat_alg_validate_snow3g_key(cipher_xform->key.length,
-					&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid SNOW 3G cipher key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_NULL:
-		session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_KASUMI_F8:
-		if (qat_alg_validate_kasumi_key(cipher_xform->key.length,
-					&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid KASUMI cipher key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_F8_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_3DES_CBC:
-		if (qat_alg_validate_3des_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid 3DES cipher key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_DES_CBC:
-		if (qat_alg_validate_des_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid DES cipher key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_3DES_CTR:
-		if (qat_alg_validate_3des_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid 3DES cipher key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_DES_DOCSISBPI:
-		ret = bpi_cipher_ctx_init(
-					cipher_xform->algo,
-					cipher_xform->op,
-					cipher_xform->key.data,
-					&session->bpi_ctx);
-		if (ret != 0) {
-			PMD_DRV_LOG(ERR, "failed to create DES BPI ctx");
-			goto error_out;
-		}
-		if (qat_alg_validate_des_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid DES cipher key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_DOCSISBPI:
-		ret = bpi_cipher_ctx_init(
-					cipher_xform->algo,
-					cipher_xform->op,
-					cipher_xform->key.data,
-					&session->bpi_ctx);
-		if (ret != 0) {
-			PMD_DRV_LOG(ERR, "failed to create AES BPI ctx");
-			goto error_out;
-		}
-		if (qat_alg_validate_aes_docsisbpi_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid AES DOCSISBPI key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_ZUC_EEA3:
-		if (!qat_is_cipher_alg_supported(
-			cipher_xform->algo, internals)) {
-			PMD_DRV_LOG(ERR, "%s not supported on this device",
-				rte_crypto_cipher_algorithm_strings
-					[cipher_xform->algo]);
-			ret = -ENOTSUP;
-			goto error_out;
-		}
-		if (qat_alg_validate_zuc_key(cipher_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid ZUC cipher key size");
-			ret = -EINVAL;
-			goto error_out;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
-		break;
-	case RTE_CRYPTO_CIPHER_3DES_ECB:
-	case RTE_CRYPTO_CIPHER_AES_ECB:
-	case RTE_CRYPTO_CIPHER_AES_F8:
-	case RTE_CRYPTO_CIPHER_AES_XTS:
-	case RTE_CRYPTO_CIPHER_ARC4:
-		PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported Cipher alg %u",
-				cipher_xform->algo);
-		ret = -ENOTSUP;
-		goto error_out;
-	default:
-		PMD_DRV_LOG(ERR, "Crypto: Undefined Cipher specified %u\n",
-				cipher_xform->algo);
-		ret = -EINVAL;
-		goto error_out;
-	}
-
-	if (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
-		session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
-	else
-		session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
-
-	if (qat_alg_aead_session_create_content_desc_cipher(session,
-						cipher_xform->key.data,
-						cipher_xform->key.length)) {
-		ret = -EINVAL;
-		goto error_out;
-	}
-
-	return 0;
-
-error_out:
-	if (session->bpi_ctx) {
-		bpi_cipher_ctx_free(session->bpi_ctx);
-		session->bpi_ctx = NULL;
-	}
-	return ret;
-}
-
-int
-qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool)
-{
-	void *sess_private_data;
-	int ret;
-
-	if (rte_mempool_get(mempool, &sess_private_data)) {
-		CDEV_LOG_ERR(
-			"Couldn't get object from session mempool");
-		return -ENOMEM;
-	}
-
-	ret = qat_crypto_set_session_parameters(dev, xform, sess_private_data);
-	if (ret != 0) {
-		PMD_DRV_LOG(ERR, "Crypto QAT PMD: failed to configure "
-				"session parameters");
-
-		/* Return session to mempool */
-		rte_mempool_put(mempool, sess_private_data);
-		return ret;
-	}
-
-	set_session_private_data(sess, dev->driver_id,
-		sess_private_data);
-
-	return 0;
-}
-
-int
-qat_crypto_set_session_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private)
-{
-	struct qat_session *session = session_private;
-	int ret;
-
-	int qat_cmd_id;
-	PMD_INIT_FUNC_TRACE();
-
-	/* Set context descriptor physical address */
-	session->cd_paddr = rte_mempool_virt2iova(session) +
-			offsetof(struct qat_session, cd);
-
-	session->min_qat_dev_gen = QAT_GEN1;
-
-	/* Get requested QAT command id */
-	qat_cmd_id = qat_get_cmd_id(xform);
-	if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) {
-		PMD_DRV_LOG(ERR, "Unsupported xform chain requested");
-		return -ENOTSUP;
-	}
-	session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id;
-	switch (session->qat_cmd) {
-	case ICP_QAT_FW_LA_CMD_CIPHER:
-		ret = qat_crypto_sym_configure_session_cipher(dev, xform, session);
-		if (ret < 0)
-			return ret;
-		break;
-	case ICP_QAT_FW_LA_CMD_AUTH:
-		ret = qat_crypto_sym_configure_session_auth(dev, xform, session);
-		if (ret < 0)
-			return ret;
-		break;
-	case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
-		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-			ret = qat_crypto_sym_configure_session_aead(xform,
-					session);
-			if (ret < 0)
-				return ret;
-		} else {
-			ret = qat_crypto_sym_configure_session_cipher(dev,
-					xform, session);
-			if (ret < 0)
-				return ret;
-			ret = qat_crypto_sym_configure_session_auth(dev,
-					xform, session);
-			if (ret < 0)
-				return ret;
-		}
-		break;
-	case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
-		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-			ret = qat_crypto_sym_configure_session_aead(xform,
-					session);
-			if (ret < 0)
-				return ret;
-		} else {
-			ret = qat_crypto_sym_configure_session_auth(dev,
-					xform, session);
-			if (ret < 0)
-				return ret;
-			ret = qat_crypto_sym_configure_session_cipher(dev,
-					xform, session);
-			if (ret < 0)
-				return ret;
-		}
-		break;
-	case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
-	case ICP_QAT_FW_LA_CMD_TRNG_TEST:
-	case ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE:
-	case ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE:
-	case ICP_QAT_FW_LA_CMD_TLS_V1_2_KEY_DERIVE:
-	case ICP_QAT_FW_LA_CMD_MGF1:
-	case ICP_QAT_FW_LA_CMD_AUTH_PRE_COMP:
-	case ICP_QAT_FW_LA_CMD_CIPHER_PRE_COMP:
-	case ICP_QAT_FW_LA_CMD_DELIMITER:
-	PMD_DRV_LOG(ERR, "Unsupported Service %u",
-		session->qat_cmd);
-		return -ENOTSUP;
-	default:
-	PMD_DRV_LOG(ERR, "Unsupported Service %u",
-		session->qat_cmd);
-		return -ENOTSUP;
-	}
-
-	return 0;
-}
-
-int
-qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
-				struct rte_crypto_sym_xform *xform,
-				struct qat_session *session)
-{
-	struct rte_crypto_auth_xform *auth_xform = NULL;
-	struct qat_pmd_private *internals = dev->data->dev_private;
-	auth_xform = qat_get_auth_xform(xform);
-	uint8_t *key_data = auth_xform->key.data;
-	uint8_t key_length = auth_xform->key.length;
-
-	switch (auth_xform->algo) {
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA1;
-		break;
-	case RTE_CRYPTO_AUTH_SHA224_HMAC:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA224;
-		break;
-	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA256;
-		break;
-	case RTE_CRYPTO_AUTH_SHA384_HMAC:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA384;
-		break;
-	case RTE_CRYPTO_AUTH_SHA512_HMAC:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA512;
-		break;
-	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
-		break;
-	case RTE_CRYPTO_AUTH_AES_GMAC:
-		if (qat_alg_validate_aes_key(auth_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid AES key size");
-			return -EINVAL;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
-
-		break;
-	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2;
-		break;
-	case RTE_CRYPTO_AUTH_MD5_HMAC:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_MD5;
-		break;
-	case RTE_CRYPTO_AUTH_NULL:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_NULL;
-		break;
-	case RTE_CRYPTO_AUTH_KASUMI_F9:
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_KASUMI_F9;
-		break;
-	case RTE_CRYPTO_AUTH_ZUC_EIA3:
-		if (!qat_is_auth_alg_supported(auth_xform->algo, internals)) {
-			PMD_DRV_LOG(ERR, "%s not supported on this device",
-				rte_crypto_auth_algorithm_strings
-				[auth_xform->algo]);
-			return -ENOTSUP;
-		}
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3;
-		break;
-	case RTE_CRYPTO_AUTH_SHA1:
-	case RTE_CRYPTO_AUTH_SHA256:
-	case RTE_CRYPTO_AUTH_SHA512:
-	case RTE_CRYPTO_AUTH_SHA224:
-	case RTE_CRYPTO_AUTH_SHA384:
-	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_CMAC:
-	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
-		PMD_DRV_LOG(ERR, "Crypto: Unsupported hash alg %u",
-				auth_xform->algo);
-		return -ENOTSUP;
-	default:
-		PMD_DRV_LOG(ERR, "Crypto: Undefined Hash algo %u specified",
-				auth_xform->algo);
-		return -EINVAL;
-	}
-
-	session->auth_iv.offset = auth_xform->iv.offset;
-	session->auth_iv.length = auth_xform->iv.length;
-
-	if (auth_xform->algo == RTE_CRYPTO_AUTH_AES_GMAC) {
-		if (auth_xform->op == RTE_CRYPTO_AUTH_OP_GENERATE) {
-			session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER_HASH;
-			session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
-			/*
-			 * It needs to create cipher desc content first,
-			 * then authentication
-			 */
-			if (qat_alg_aead_session_create_content_desc_cipher(session,
-						auth_xform->key.data,
-						auth_xform->key.length))
-				return -EINVAL;
-
-			if (qat_alg_aead_session_create_content_desc_auth(session,
-						key_data,
-						key_length,
-						0,
-						auth_xform->digest_length,
-						auth_xform->op))
-				return -EINVAL;
-		} else {
-			session->qat_cmd = ICP_QAT_FW_LA_CMD_HASH_CIPHER;
-			session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
-			/*
-			 * It needs to create authentication desc content first,
-			 * then cipher
-			 */
-			if (qat_alg_aead_session_create_content_desc_auth(session,
-					key_data,
-					key_length,
-					0,
-					auth_xform->digest_length,
-					auth_xform->op))
-				return -EINVAL;
-
-			if (qat_alg_aead_session_create_content_desc_cipher(session,
-						auth_xform->key.data,
-						auth_xform->key.length))
-				return -EINVAL;
-		}
-		/* Restore to authentication only only */
-		session->qat_cmd = ICP_QAT_FW_LA_CMD_AUTH;
-	} else {
-		if (qat_alg_aead_session_create_content_desc_auth(session,
-				key_data,
-				key_length,
-				0,
-				auth_xform->digest_length,
-				auth_xform->op))
-			return -EINVAL;
-	}
-
-	session->digest_length = auth_xform->digest_length;
-	return 0;
-}
-
-int
-qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
-				struct qat_session *session)
-{
-	struct rte_crypto_aead_xform *aead_xform = &xform->aead;
-	enum rte_crypto_auth_operation crypto_operation;
-
-	/*
-	 * Store AEAD IV parameters as cipher IV,
-	 * to avoid unnecessary memory usage
-	 */
-	session->cipher_iv.offset = xform->aead.iv.offset;
-	session->cipher_iv.length = xform->aead.iv.length;
-
-	switch (aead_xform->algo) {
-	case RTE_CRYPTO_AEAD_AES_GCM:
-		if (qat_alg_validate_aes_key(aead_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid AES key size");
-			return -EINVAL;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
-		break;
-	case RTE_CRYPTO_AEAD_AES_CCM:
-		if (qat_alg_validate_aes_key(aead_xform->key.length,
-				&session->qat_cipher_alg) != 0) {
-			PMD_DRV_LOG(ERR, "Invalid AES key size");
-			return -EINVAL;
-		}
-		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
-		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC;
-		break;
-	default:
-		PMD_DRV_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
-				aead_xform->algo);
-		return -EINVAL;
-	}
-
-	if ((aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT &&
-			aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) ||
-			(aead_xform->op == RTE_CRYPTO_AEAD_OP_DECRYPT &&
-			aead_xform->algo == RTE_CRYPTO_AEAD_AES_CCM)) {
-		session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
-		/*
-		 * It needs to create cipher desc content first,
-		 * then authentication
-		 */
-
-		crypto_operation = aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM ?
-			RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
-
-		if (qat_alg_aead_session_create_content_desc_cipher(session,
-					aead_xform->key.data,
-					aead_xform->key.length))
-			return -EINVAL;
-
-		if (qat_alg_aead_session_create_content_desc_auth(session,
-					aead_xform->key.data,
-					aead_xform->key.length,
-					aead_xform->aad_length,
-					aead_xform->digest_length,
-					crypto_operation))
-			return -EINVAL;
-	} else {
-		session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
-		/*
-		 * It needs to create authentication desc content first,
-		 * then cipher
-		 */
-
-		crypto_operation = aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM ?
-			RTE_CRYPTO_AUTH_OP_VERIFY : RTE_CRYPTO_AUTH_OP_GENERATE;
-
-		if (qat_alg_aead_session_create_content_desc_auth(session,
-					aead_xform->key.data,
-					aead_xform->key.length,
-					aead_xform->aad_length,
-					aead_xform->digest_length,
-					crypto_operation))
-			return -EINVAL;
-
-		if (qat_alg_aead_session_create_content_desc_cipher(session,
-					aead_xform->key.data,
-					aead_xform->key.length))
-			return -EINVAL;
-	}
-
-	session->digest_length = aead_xform->digest_length;
-	return 0;
-}
-
-unsigned qat_crypto_sym_get_session_private_size(
-		struct rte_cryptodev *dev __rte_unused)
-{
-	return RTE_ALIGN_CEIL(sizeof(struct qat_session), 8);
-}
-
 static inline uint32_t
 qat_bpicipher_preprocess(struct qat_session *ctx,
 				struct rte_crypto_op *op)
diff --git a/drivers/crypto/qat/qat_crypto.h b/drivers/crypto/qat/qat_crypto.h
index 46f03ccde..e3873171c 100644
--- a/drivers/crypto/qat/qat_crypto.h
+++ b/drivers/crypto/qat/qat_crypto.h
@@ -75,42 +75,6 @@  int qat_crypto_sym_qp_setup(struct rte_cryptodev *dev, uint16_t queue_pair_id,
 int qat_crypto_sym_qp_release(struct rte_cryptodev *dev,
 	uint16_t queue_pair_id);
 
-int
-qat_pmd_session_mempool_create(struct rte_cryptodev *dev,
-	unsigned nb_objs, unsigned obj_cache_size, int socket_id);
-
-extern unsigned
-qat_crypto_sym_get_session_private_size(struct rte_cryptodev *dev);
-
-extern int
-qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct rte_cryptodev_sym_session *sess,
-		struct rte_mempool *mempool);
-
-
-int
-qat_crypto_set_session_parameters(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform, void *session_private);
-
-int
-qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
-				struct qat_session *session);
-
-int
-qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
-				struct rte_crypto_sym_xform *xform,
-				struct qat_session *session);
-
-int
-qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
-		struct rte_crypto_sym_xform *xform,
-		struct qat_session *session);
-
-
-extern void
-qat_crypto_sym_clear_session(struct rte_cryptodev *dev,
-		struct rte_cryptodev_sym_session *session);
 
 extern uint16_t
 qat_pmd_enqueue_op_burst(void *qp, struct rte_crypto_op **ops,
diff --git a/drivers/crypto/qat/qat_qp.c b/drivers/crypto/qat/qat_qp.c
index ba6df7f6c..e42acd877 100644
--- a/drivers/crypto/qat/qat_qp.c
+++ b/drivers/crypto/qat/qat_qp.c
@@ -14,7 +14,6 @@ 
 
 #include "qat_logs.h"
 #include "qat_crypto.h"
-#include "qat_algs.h"
 #include "adf_transport_access_macros.h"
 
 #define ADF_MAX_SYM_DESC			4096
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_sym_session.c
similarity index 61%
rename from drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
rename to drivers/crypto/qat/qat_sym_session.c
index c87ed40fe..a67e22919 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -9,13 +9,722 @@ 
 #include <rte_malloc.h>
 #include <rte_crypto_sym.h>
 
-#include "../qat_logs.h"
+#include "qat_logs.h"
+#include "qat_device.h"
 
 #include <openssl/sha.h>	/* Needed to calculate pre-compute values */
 #include <openssl/aes.h>	/* Needed to calculate pre-compute values */
 #include <openssl/md5.h>	/* Needed to calculate pre-compute values */
+#include <openssl/evp.h>
 
-#include "qat_algs.h"
+#include "qat_sym_session.h"
+
+/** Frees a context previously created
+ *  Depends on openssl libcrypto
+ */
+static void
+bpi_cipher_ctx_free(void *bpi_ctx)
+{
+	if (bpi_ctx != NULL)
+		EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)bpi_ctx);
+}
+
+static int
+bpi_cipher_ctx_init(enum rte_crypto_cipher_algorithm cryptodev_algo,
+		enum rte_crypto_cipher_operation direction __rte_unused,
+		uint8_t *key, void **ctx)
+{
+	const EVP_CIPHER *algo = NULL;
+	int ret;
+	*ctx = EVP_CIPHER_CTX_new();
+
+	if (*ctx == NULL) {
+		ret = -ENOMEM;
+		goto ctx_init_err;
+	}
+
+	if (cryptodev_algo == RTE_CRYPTO_CIPHER_DES_DOCSISBPI)
+		algo = EVP_des_ecb();
+	else
+		algo = EVP_aes_128_ecb();
+
+	/* IV will be ECB encrypted whether direction is encrypt or decrypt*/
+	if (EVP_EncryptInit_ex(*ctx, algo, NULL, key, 0) != 1) {
+		ret = -EINVAL;
+		goto ctx_init_err;
+	}
+
+	return 0;
+
+ctx_init_err:
+	if (*ctx != NULL)
+		EVP_CIPHER_CTX_free(*ctx);
+	return ret;
+}
+
+static int
+qat_is_cipher_alg_supported(enum rte_crypto_cipher_algorithm algo,
+		struct qat_pmd_private *internals) {
+	int i = 0;
+	const struct rte_cryptodev_capabilities *capability;
+
+	while ((capability = &(internals->qat_dev_capabilities[i++]))->op !=
+			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		if (capability->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+			continue;
+
+		if (capability->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
+			continue;
+
+		if (capability->sym.cipher.algo == algo)
+			return 1;
+	}
+	return 0;
+}
+
+static int
+qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
+		struct qat_pmd_private *internals) {
+	int i = 0;
+	const struct rte_cryptodev_capabilities *capability;
+
+	while ((capability = &(internals->qat_dev_capabilities[i++]))->op !=
+			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		if (capability->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+			continue;
+
+		if (capability->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
+			continue;
+
+		if (capability->sym.auth.algo == algo)
+			return 1;
+	}
+	return 0;
+}
+
+void
+qat_crypto_sym_clear_session(struct rte_cryptodev *dev,
+		struct rte_cryptodev_sym_session *sess)
+{
+	PMD_INIT_FUNC_TRACE();
+	uint8_t index = dev->driver_id;
+	void *sess_priv = get_session_private_data(sess, index);
+	struct qat_session *s = (struct qat_session *)sess_priv;
+
+	if (sess_priv) {
+		if (s->bpi_ctx)
+			bpi_cipher_ctx_free(s->bpi_ctx);
+		memset(s, 0, qat_crypto_sym_get_session_private_size(dev));
+		struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+
+		set_session_private_data(sess, index, NULL);
+		rte_mempool_put(sess_mp, sess_priv);
+	}
+}
+
+static int
+qat_get_cmd_id(const struct rte_crypto_sym_xform *xform)
+{
+	/* Cipher Only */
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL)
+		return ICP_QAT_FW_LA_CMD_CIPHER;
+
+	/* Authentication Only */
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
+		return ICP_QAT_FW_LA_CMD_AUTH;
+
+	/* AEAD */
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		/* AES-GCM and AES-CCM works with different direction
+		 * GCM first encrypts and generate hash where AES-CCM
+		 * first generate hash and encrypts. Similar relation
+		 * applies to decryption.
+		 */
+		if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+			if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
+				return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+			else
+				return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+		else
+			if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
+				return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+			else
+				return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+	}
+
+	if (xform->next == NULL)
+		return -1;
+
+	/* Cipher then Authenticate */
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+			xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+		return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+
+	/* Authenticate then Cipher */
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+			xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
+		return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+
+	return -1;
+}
+
+static struct rte_crypto_auth_xform *
+qat_get_auth_xform(struct rte_crypto_sym_xform *xform)
+{
+	do {
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+			return &xform->auth;
+
+		xform = xform->next;
+	} while (xform);
+
+	return NULL;
+}
+
+static struct rte_crypto_cipher_xform *
+qat_get_cipher_xform(struct rte_crypto_sym_xform *xform)
+{
+	do {
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
+			return &xform->cipher;
+
+		xform = xform->next;
+	} while (xform);
+
+	return NULL;
+}
+
+int
+qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
+		struct rte_crypto_sym_xform *xform,
+		struct qat_session *session)
+{
+	struct qat_pmd_private *internals = dev->data->dev_private;
+	struct rte_crypto_cipher_xform *cipher_xform = NULL;
+	int ret;
+
+	/* Get cipher xform from crypto xform chain */
+	cipher_xform = qat_get_cipher_xform(xform);
+
+	session->cipher_iv.offset = cipher_xform->iv.offset;
+	session->cipher_iv.length = cipher_xform->iv.length;
+
+	switch (cipher_xform->algo) {
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		if (qat_alg_validate_aes_key(cipher_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_AES_CTR:
+		if (qat_alg_validate_aes_key(cipher_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
+		if (qat_alg_validate_snow3g_key(cipher_xform->key.length,
+					&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid SNOW 3G cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_NULL:
+		session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_KASUMI_F8:
+		if (qat_alg_validate_kasumi_key(cipher_xform->key.length,
+					&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid KASUMI cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_F8_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_3DES_CBC:
+		if (qat_alg_validate_3des_key(cipher_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid 3DES cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_DES_CBC:
+		if (qat_alg_validate_des_key(cipher_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid DES cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_3DES_CTR:
+		if (qat_alg_validate_3des_key(cipher_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid 3DES cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_DES_DOCSISBPI:
+		ret = bpi_cipher_ctx_init(
+					cipher_xform->algo,
+					cipher_xform->op,
+					cipher_xform->key.data,
+					&session->bpi_ctx);
+		if (ret != 0) {
+			PMD_DRV_LOG(ERR, "failed to create DES BPI ctx");
+			goto error_out;
+		}
+		if (qat_alg_validate_des_key(cipher_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid DES cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_AES_DOCSISBPI:
+		ret = bpi_cipher_ctx_init(
+					cipher_xform->algo,
+					cipher_xform->op,
+					cipher_xform->key.data,
+					&session->bpi_ctx);
+		if (ret != 0) {
+			PMD_DRV_LOG(ERR, "failed to create AES BPI ctx");
+			goto error_out;
+		}
+		if (qat_alg_validate_aes_docsisbpi_key(cipher_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES DOCSISBPI key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_ZUC_EEA3:
+		if (!qat_is_cipher_alg_supported(
+			cipher_xform->algo, internals)) {
+			PMD_DRV_LOG(ERR, "%s not supported on this device",
+				rte_crypto_cipher_algorithm_strings
+					[cipher_xform->algo]);
+			ret = -ENOTSUP;
+			goto error_out;
+		}
+		if (qat_alg_validate_zuc_key(cipher_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid ZUC cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
+		break;
+	case RTE_CRYPTO_CIPHER_3DES_ECB:
+	case RTE_CRYPTO_CIPHER_AES_ECB:
+	case RTE_CRYPTO_CIPHER_AES_F8:
+	case RTE_CRYPTO_CIPHER_AES_XTS:
+	case RTE_CRYPTO_CIPHER_ARC4:
+		PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported Cipher alg %u",
+				cipher_xform->algo);
+		ret = -ENOTSUP;
+		goto error_out;
+	default:
+		PMD_DRV_LOG(ERR, "Crypto: Undefined Cipher specified %u\n",
+				cipher_xform->algo);
+		ret = -EINVAL;
+		goto error_out;
+	}
+
+	if (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+		session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+	else
+		session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+
+	if (qat_alg_aead_session_create_content_desc_cipher(session,
+						cipher_xform->key.data,
+						cipher_xform->key.length)) {
+		ret = -EINVAL;
+		goto error_out;
+	}
+
+	return 0;
+
+error_out:
+	if (session->bpi_ctx) {
+		bpi_cipher_ctx_free(session->bpi_ctx);
+		session->bpi_ctx = NULL;
+	}
+	return ret;
+}
+
+int
+qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
+		struct rte_crypto_sym_xform *xform,
+		struct rte_cryptodev_sym_session *sess,
+		struct rte_mempool *mempool)
+{
+	void *sess_private_data;
+	int ret;
+
+	if (rte_mempool_get(mempool, &sess_private_data)) {
+		CDEV_LOG_ERR(
+			"Couldn't get object from session mempool");
+		return -ENOMEM;
+	}
+
+	ret = qat_crypto_set_session_parameters(dev, xform, sess_private_data);
+	if (ret != 0) {
+		PMD_DRV_LOG(ERR,
+		    "Crypto QAT PMD: failed to configure session parameters");
+
+		/* Return session to mempool */
+		rte_mempool_put(mempool, sess_private_data);
+		return ret;
+	}
+
+	set_session_private_data(sess, dev->driver_id,
+		sess_private_data);
+
+	return 0;
+}
+
+int
+qat_crypto_set_session_parameters(struct rte_cryptodev *dev,
+		struct rte_crypto_sym_xform *xform, void *session_private)
+{
+	struct qat_session *session = session_private;
+	int ret;
+	int qat_cmd_id;
+
+	PMD_INIT_FUNC_TRACE();
+
+	/* Set context descriptor physical address */
+	session->cd_paddr = rte_mempool_virt2iova(session) +
+			offsetof(struct qat_session, cd);
+
+	session->min_qat_dev_gen = QAT_GEN1;
+
+	/* Get requested QAT command id */
+	qat_cmd_id = qat_get_cmd_id(xform);
+	if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) {
+		PMD_DRV_LOG(ERR, "Unsupported xform chain requested");
+		return -ENOTSUP;
+	}
+	session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id;
+	switch (session->qat_cmd) {
+	case ICP_QAT_FW_LA_CMD_CIPHER:
+		ret = qat_crypto_sym_configure_session_cipher(dev,
+							xform, session);
+		if (ret < 0)
+			return ret;
+		break;
+	case ICP_QAT_FW_LA_CMD_AUTH:
+		ret = qat_crypto_sym_configure_session_auth(dev,
+							xform, session);
+		if (ret < 0)
+			return ret;
+		break;
+	case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			ret = qat_crypto_sym_configure_session_aead(xform,
+					session);
+			if (ret < 0)
+				return ret;
+		} else {
+			ret = qat_crypto_sym_configure_session_cipher(dev,
+					xform, session);
+			if (ret < 0)
+				return ret;
+			ret = qat_crypto_sym_configure_session_auth(dev,
+					xform, session);
+			if (ret < 0)
+				return ret;
+		}
+		break;
+	case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
+		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			ret = qat_crypto_sym_configure_session_aead(xform,
+					session);
+			if (ret < 0)
+				return ret;
+		} else {
+			ret = qat_crypto_sym_configure_session_auth(dev,
+					xform, session);
+			if (ret < 0)
+				return ret;
+			ret = qat_crypto_sym_configure_session_cipher(dev,
+					xform, session);
+			if (ret < 0)
+				return ret;
+		}
+		break;
+	case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
+	case ICP_QAT_FW_LA_CMD_TRNG_TEST:
+	case ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE:
+	case ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE:
+	case ICP_QAT_FW_LA_CMD_TLS_V1_2_KEY_DERIVE:
+	case ICP_QAT_FW_LA_CMD_MGF1:
+	case ICP_QAT_FW_LA_CMD_AUTH_PRE_COMP:
+	case ICP_QAT_FW_LA_CMD_CIPHER_PRE_COMP:
+	case ICP_QAT_FW_LA_CMD_DELIMITER:
+	PMD_DRV_LOG(ERR, "Unsupported Service %u",
+		session->qat_cmd);
+		return -ENOTSUP;
+	default:
+	PMD_DRV_LOG(ERR, "Unsupported Service %u",
+		session->qat_cmd);
+		return -ENOTSUP;
+	}
+
+	return 0;
+}
+
+int
+qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
+				struct rte_crypto_sym_xform *xform,
+				struct qat_session *session)
+{
+	struct rte_crypto_auth_xform *auth_xform = qat_get_auth_xform(xform);
+	struct qat_pmd_private *internals = dev->data->dev_private;
+	uint8_t *key_data = auth_xform->key.data;
+	uint8_t key_length = auth_xform->key.length;
+
+	switch (auth_xform->algo) {
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA1;
+		break;
+	case RTE_CRYPTO_AUTH_SHA224_HMAC:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA224;
+		break;
+	case RTE_CRYPTO_AUTH_SHA256_HMAC:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA256;
+		break;
+	case RTE_CRYPTO_AUTH_SHA384_HMAC:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA384;
+		break;
+	case RTE_CRYPTO_AUTH_SHA512_HMAC:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA512;
+		break;
+	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
+		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
+		if (qat_alg_validate_aes_key(auth_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES key size");
+			return -EINVAL;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+
+		break;
+	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2;
+		break;
+	case RTE_CRYPTO_AUTH_MD5_HMAC:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_MD5;
+		break;
+	case RTE_CRYPTO_AUTH_NULL:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_NULL;
+		break;
+	case RTE_CRYPTO_AUTH_KASUMI_F9:
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_KASUMI_F9;
+		break;
+	case RTE_CRYPTO_AUTH_ZUC_EIA3:
+		if (!qat_is_auth_alg_supported(auth_xform->algo, internals)) {
+			PMD_DRV_LOG(ERR, "%s not supported on this device",
+				rte_crypto_auth_algorithm_strings
+				[auth_xform->algo]);
+			return -ENOTSUP;
+		}
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3;
+		break;
+	case RTE_CRYPTO_AUTH_SHA1:
+	case RTE_CRYPTO_AUTH_SHA256:
+	case RTE_CRYPTO_AUTH_SHA512:
+	case RTE_CRYPTO_AUTH_SHA224:
+	case RTE_CRYPTO_AUTH_SHA384:
+	case RTE_CRYPTO_AUTH_MD5:
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+		PMD_DRV_LOG(ERR, "Crypto: Unsupported hash alg %u",
+				auth_xform->algo);
+		return -ENOTSUP;
+	default:
+		PMD_DRV_LOG(ERR, "Crypto: Undefined Hash algo %u specified",
+				auth_xform->algo);
+		return -EINVAL;
+	}
+
+	session->auth_iv.offset = auth_xform->iv.offset;
+	session->auth_iv.length = auth_xform->iv.length;
+
+	if (auth_xform->algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+		if (auth_xform->op == RTE_CRYPTO_AUTH_OP_GENERATE) {
+			session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+			session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+			/*
+			 * It needs to create cipher desc content first,
+			 * then authentication
+			 */
+			if (qat_alg_aead_session_create_content_desc_cipher(
+						session,
+						auth_xform->key.data,
+						auth_xform->key.length))
+				return -EINVAL;
+
+			if (qat_alg_aead_session_create_content_desc_auth(
+						session,
+						key_data,
+						key_length,
+						0,
+						auth_xform->digest_length,
+						auth_xform->op))
+				return -EINVAL;
+		} else {
+			session->qat_cmd = ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+			session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+			/*
+			 * It needs to create authentication desc content first,
+			 * then cipher
+			 */
+			if (qat_alg_aead_session_create_content_desc_auth(
+					session,
+					key_data,
+					key_length,
+					0,
+					auth_xform->digest_length,
+					auth_xform->op))
+				return -EINVAL;
+
+			if (qat_alg_aead_session_create_content_desc_cipher(
+						session,
+						auth_xform->key.data,
+						auth_xform->key.length))
+				return -EINVAL;
+		}
+		/* Restore to authentication only only */
+		session->qat_cmd = ICP_QAT_FW_LA_CMD_AUTH;
+	} else {
+		if (qat_alg_aead_session_create_content_desc_auth(session,
+				key_data,
+				key_length,
+				0,
+				auth_xform->digest_length,
+				auth_xform->op))
+			return -EINVAL;
+	}
+
+	session->digest_length = auth_xform->digest_length;
+	return 0;
+}
+
+int
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+				struct qat_session *session)
+{
+	struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+	enum rte_crypto_auth_operation crypto_operation;
+
+	/*
+	 * Store AEAD IV parameters as cipher IV,
+	 * to avoid unnecessary memory usage
+	 */
+	session->cipher_iv.offset = xform->aead.iv.offset;
+	session->cipher_iv.length = xform->aead.iv.length;
+
+	switch (aead_xform->algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
+		if (qat_alg_validate_aes_key(aead_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES key size");
+			return -EINVAL;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+		break;
+	case RTE_CRYPTO_AEAD_AES_CCM:
+		if (qat_alg_validate_aes_key(aead_xform->key.length,
+				&session->qat_cipher_alg) != 0) {
+			PMD_DRV_LOG(ERR, "Invalid AES key size");
+			return -EINVAL;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+		session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC;
+		break;
+	default:
+		PMD_DRV_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
+				aead_xform->algo);
+		return -EINVAL;
+	}
+
+	if ((aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT &&
+			aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) ||
+			(aead_xform->op == RTE_CRYPTO_AEAD_OP_DECRYPT &&
+			aead_xform->algo == RTE_CRYPTO_AEAD_AES_CCM)) {
+		session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+		/*
+		 * It needs to create cipher desc content first,
+		 * then authentication
+		 */
+		crypto_operation = aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM ?
+			RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
+
+		if (qat_alg_aead_session_create_content_desc_cipher(session,
+					aead_xform->key.data,
+					aead_xform->key.length))
+			return -EINVAL;
+
+		if (qat_alg_aead_session_create_content_desc_auth(session,
+					aead_xform->key.data,
+					aead_xform->key.length,
+					aead_xform->aad_length,
+					aead_xform->digest_length,
+					crypto_operation))
+			return -EINVAL;
+	} else {
+		session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+		/*
+		 * It needs to create authentication desc content first,
+		 * then cipher
+		 */
+
+		crypto_operation = aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM ?
+			RTE_CRYPTO_AUTH_OP_VERIFY : RTE_CRYPTO_AUTH_OP_GENERATE;
+
+		if (qat_alg_aead_session_create_content_desc_auth(session,
+					aead_xform->key.data,
+					aead_xform->key.length,
+					aead_xform->aad_length,
+					aead_xform->digest_length,
+					crypto_operation))
+			return -EINVAL;
+
+		if (qat_alg_aead_session_create_content_desc_cipher(session,
+					aead_xform->key.data,
+					aead_xform->key.length))
+			return -EINVAL;
+	}
+
+	session->digest_length = aead_xform->digest_length;
+	return 0;
+}
+
+unsigned int qat_crypto_sym_get_session_private_size(
+		struct rte_cryptodev *dev __rte_unused)
+{
+	return RTE_ALIGN_CEIL(sizeof(struct qat_session), 8);
+}
 
 /* returns block size in bytes per cipher algo */
 int qat_cipher_get_block_size(enum icp_qat_hw_cipher_algo qat_cipher_alg)
@@ -77,12 +786,12 @@  static int qat_hash_get_state1_size(enum icp_qat_hw_auth_algo qat_hash_alg)
 	case ICP_QAT_HW_AUTH_ALGO_KASUMI_F9:
 		return QAT_HW_ROUND_UP(ICP_QAT_HW_KASUMI_F9_STATE1_SZ,
 						QAT_HW_DEFAULT_ALIGNMENT);
-	case ICP_QAT_HW_AUTH_ALGO_NULL:
-		return QAT_HW_ROUND_UP(ICP_QAT_HW_NULL_STATE1_SZ,
-						QAT_HW_DEFAULT_ALIGNMENT);
 	case ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC:
 		return QAT_HW_ROUND_UP(ICP_QAT_HW_AES_CBC_MAC_STATE1_SZ,
 						QAT_HW_DEFAULT_ALIGNMENT);
+	case ICP_QAT_HW_AUTH_ALGO_NULL:
+		return QAT_HW_ROUND_UP(ICP_QAT_HW_NULL_STATE1_SZ,
+						QAT_HW_DEFAULT_ALIGNMENT);
 	case ICP_QAT_HW_AUTH_ALGO_DELIMITER:
 		/* return maximum state1 size in this case */
 		return QAT_HW_ROUND_UP(ICP_QAT_HW_SHA512_STATE1_SZ,
@@ -854,14 +1563,13 @@  int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 
 		if (aad_length > 0) {
 			aad_length += ICP_QAT_HW_CCM_AAD_B0_LEN +
-				ICP_QAT_HW_CCM_AAD_LEN_INFO;
+			ICP_QAT_HW_CCM_AAD_LEN_INFO;
 			auth_param->u2.aad_sz =
-					RTE_ALIGN_CEIL(aad_length,
-					ICP_QAT_HW_CCM_AAD_ALIGNMENT);
+			RTE_ALIGN_CEIL(aad_length,
+			ICP_QAT_HW_CCM_AAD_ALIGNMENT);
 		} else {
 			auth_param->u2.aad_sz = ICP_QAT_HW_CCM_AAD_B0_LEN;
 		}
-
 		cdesc->aad_len = aad_length;
 		hash->auth_counter.counter = 0;
 
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
new file mode 100644
index 000000000..f90b1821d
--- /dev/null
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -0,0 +1,142 @@ 
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+#ifndef _QAT_SYM_SESSION_H_
+#define _QAT_SYM_SESSION_H_
+
+#include <rte_crypto.h>
+#include <rte_cryptodev_pmd.h>
+
+#include "qat_common.h"
+#include "icp_qat_hw.h"
+#include "icp_qat_fw.h"
+#include "icp_qat_fw_la.h"
+
+/*
+ * Key Modifier (KM) value used in KASUMI algorithm in F9 mode to XOR
+ * Integrity Key (IK)
+ */
+#define KASUMI_F9_KEY_MODIFIER_4_BYTES   0xAAAAAAAA
+
+#define KASUMI_F8_KEY_MODIFIER_4_BYTES   0x55555555
+
+/* 3DES key sizes */
+#define QAT_3DES_KEY_SZ_OPT1 24 /* Keys are independent */
+#define QAT_3DES_KEY_SZ_OPT2 16 /* K3=K1 */
+
+#define QAT_AES_HW_CONFIG_CBC_ENC(alg) \
+	ICP_QAT_HW_CIPHER_CONFIG_BUILD(ICP_QAT_HW_CIPHER_CBC_MODE, alg, \
+					ICP_QAT_HW_CIPHER_NO_CONVERT, \
+					ICP_QAT_HW_CIPHER_ENCRYPT)
+
+#define QAT_AES_HW_CONFIG_CBC_DEC(alg) \
+	ICP_QAT_HW_CIPHER_CONFIG_BUILD(ICP_QAT_HW_CIPHER_CBC_MODE, alg, \
+					ICP_QAT_HW_CIPHER_KEY_CONVERT, \
+					ICP_QAT_HW_CIPHER_DECRYPT)
+
+enum qat_crypto_proto_flag {
+	QAT_CRYPTO_PROTO_FLAG_NONE = 0,
+	QAT_CRYPTO_PROTO_FLAG_CCM = 1,
+	QAT_CRYPTO_PROTO_FLAG_GCM = 2,
+	QAT_CRYPTO_PROTO_FLAG_SNOW3G = 3,
+	QAT_CRYPTO_PROTO_FLAG_ZUC = 4
+};
+
+/* Common content descriptor */
+struct qat_alg_cd {
+	struct icp_qat_hw_cipher_algo_blk cipher;
+	struct icp_qat_hw_auth_algo_blk hash;
+} __rte_packed __rte_cache_aligned;
+
+struct qat_session {
+	enum icp_qat_fw_la_cmd_id qat_cmd;
+	enum icp_qat_hw_cipher_algo qat_cipher_alg;
+	enum icp_qat_hw_cipher_dir qat_dir;
+	enum icp_qat_hw_cipher_mode qat_mode;
+	enum icp_qat_hw_auth_algo qat_hash_alg;
+	enum icp_qat_hw_auth_op auth_op;
+	void *bpi_ctx;
+	struct qat_alg_cd cd;
+	uint8_t *cd_cur_ptr;
+	phys_addr_t cd_paddr;
+	struct icp_qat_fw_la_bulk_req fw_req;
+	uint8_t aad_len;
+	struct qat_crypto_instance *inst;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} cipher_iv;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} auth_iv;
+	uint16_t digest_length;
+	rte_spinlock_t lock;	/* protects this struct */
+	enum qat_device_gen min_qat_dev_gen;
+};
+
+int
+qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
+		struct rte_crypto_sym_xform *xform,
+		struct rte_cryptodev_sym_session *sess,
+		struct rte_mempool *mempool);
+
+int
+qat_crypto_set_session_parameters(struct rte_cryptodev *dev,
+		struct rte_crypto_sym_xform *xform, void *session_private);
+
+int
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+				struct qat_session *session);
+
+int
+qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
+		struct rte_crypto_sym_xform *xform,
+		struct qat_session *session);
+
+int
+qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
+				struct rte_crypto_sym_xform *xform,
+				struct qat_session *session);
+
+int
+qat_alg_aead_session_create_content_desc_cipher(struct qat_session *cd,
+						uint8_t *enckey,
+						uint32_t enckeylen);
+
+int
+qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
+						uint8_t *authkey,
+						uint32_t authkeylen,
+						uint32_t aad_length,
+						uint32_t digestsize,
+						unsigned int operation);
+
+int
+qat_pmd_session_mempool_create(struct rte_cryptodev *dev,
+	unsigned int nb_objs, unsigned int obj_cache_size, int socket_id);
+
+void
+qat_crypto_sym_clear_session(struct rte_cryptodev *dev,
+		struct rte_cryptodev_sym_session *session);
+
+unsigned int
+qat_crypto_sym_get_session_private_size(struct rte_cryptodev *dev);
+
+int qat_get_inter_state_size(enum icp_qat_hw_auth_algo qat_hash_alg);
+
+
+void qat_alg_init_common_hdr(struct icp_qat_fw_comn_req_hdr *header,
+					enum qat_crypto_proto_flag proto_flags);
+
+int qat_alg_validate_aes_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
+int qat_alg_validate_aes_docsisbpi_key(int key_len,
+					enum icp_qat_hw_cipher_algo *alg);
+int qat_alg_validate_snow3g_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
+int qat_alg_validate_kasumi_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
+int qat_alg_validate_3des_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
+int qat_alg_validate_des_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
+int qat_cipher_get_block_size(enum icp_qat_hw_cipher_algo qat_cipher_alg);
+int qat_alg_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg);
+
+#endif /* _QAT_SYM_SESSION_H_ */
diff --git a/drivers/crypto/qat/rte_qat_cryptodev.c b/drivers/crypto/qat/rte_qat_cryptodev.c
index c8da07af6..e425eb43f 100644
--- a/drivers/crypto/qat/rte_qat_cryptodev.c
+++ b/drivers/crypto/qat/rte_qat_cryptodev.c
@@ -10,6 +10,7 @@ 
 #include <rte_cryptodev_pmd.h>
 
 #include "qat_crypto.h"
+#include "qat_sym_session.h"
 #include "qat_logs.h"
 
 uint8_t cryptodev_qat_driver_id;