From patchwork Fri Apr 21 13:12:17 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Power, Ciara" <ciara.power@intel.com>
X-Patchwork-Id: 126393
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 2D3FD429AD;
	Fri, 21 Apr 2023 15:13:06 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 1A2D642D38;
	Fri, 21 Apr 2023 15:12:39 +0200 (CEST)
Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31])
 by mails.dpdk.org (Postfix) with ESMTP id E336E42D17
 for <dev@dpdk.org>; Fri, 21 Apr 2023 15:12:36 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1682082757; x=1713618757;
 h=from:to:cc:subject:date:message-id:in-reply-to:
 references:mime-version:content-transfer-encoding;
 bh=dnlJ/8S4kkwz/pPb4P9ZiCU5kpo8YWkKOLdTGVf1Hd4=;
 b=UJ7yYpKXa3C1DqVAB9BHofsTfclfjkmy2hYehgzVQO/faVIUcCstkEfE
 g+ylKvR5ke6DUm9/xC/QoKxJU5e2jmbdj1ziODv6tpQWP31H+2kFQGyM4
 UWNaK8k+PxGywvNRzc9GSPc/tqkEvs1W7tIAs0BTi/WfMjX0FPMyeGxqQ
 niX0v8kyYoBr0a+i8LtbEAXFqtOc7s45egNtGEbgHhaa0IpNsF8mz9xA8
 iTZZtWF6DvNCeVGJ8ZePY47LNsT4t9306rx0TqsSyWCy/47FhnBdHQh9C
 7rMbyU6e5TOyOnHMHD/DsF00k0DoPsA2hZ8X5yAU8cExAbIv/uG5oXBsJ A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="408927717"
X-IronPort-AV: E=Sophos;i="5.99,214,1677571200"; d="scan'208";a="408927717"
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 Apr 2023 06:12:36 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10686"; a="724817378"
X-IronPort-AV: E=Sophos;i="5.99,214,1677571200"; d="scan'208";a="724817378"
Received: from silpixa00400355.ir.intel.com (HELO
 silpixa00400355.ger.corp.intel.com) ([10.237.222.80])
 by orsmga001.jf.intel.com with ESMTP; 21 Apr 2023 06:12:34 -0700
From: Ciara Power <ciara.power@intel.com>
To: dev@dpdk.org
Cc: kai.ji@intel.com, Pablo de Lara <pablo.de.lara.guarch@intel.com>,
 Ciara Power <ciara.power@intel.com>
Subject: [PATCH 5/8] crypto/ipsec_mb: store template job
Date: Fri, 21 Apr 2023 13:12:17 +0000
Message-Id: <20230421131221.1732314-6-ciara.power@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230421131221.1732314-1-ciara.power@intel.com>
References: <20230421131221.1732314-1-ciara.power@intel.com>
MIME-Version: 1.0
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Store template IMB_JOB in session that
will have filled all session-related fields.
These fields include cipher direction, chain order, cipher mode,
hash algorithm, key length, IV lengths, AAD length, digest length,
and key pointers.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 403 ++++++++------------
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |  20 +-
 2 files changed, 159 insertions(+), 264 deletions(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 3ebbade8ca..8ccdd2ad2e 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -76,7 +76,7 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 	uint32_t auth_precompute = 1;
 
 	if (xform == NULL) {
-		sess->auth.algo = IMB_AUTH_NULL;
+		sess->template_job.hash_alg = IMB_AUTH_NULL;
 		return 0;
 	}
 
@@ -87,7 +87,6 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 
 	/* Set IV parameters */
 	sess->auth_iv.offset = xform->auth.iv.offset;
-	sess->auth_iv.length = xform->auth.iv.length;
 
 	/* Set the request digest size */
 	sess->auth.req_digest_len = xform->auth.digest_length;
@@ -97,13 +96,13 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 
 	/* Set Authentication Parameters */
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_NULL) {
-		sess->auth.algo = IMB_AUTH_NULL;
-		sess->auth.gen_digest_len = 0;
+		sess->template_job.hash_alg = IMB_AUTH_NULL;
+		sess->template_job.auth_tag_output_len_in_bytes = 0;
 		return 0;
 	}
 
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
-		sess->auth.algo = IMB_AUTH_AES_XCBC;
+		sess->template_job.hash_alg = IMB_AUTH_AES_XCBC;
 
 		uint16_t xcbc_mac_digest_len =
 			get_truncated_digest_byte_length(IMB_AUTH_AES_XCBC);
@@ -111,18 +110,21 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
 		}
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		IMB_AES_XCBC_KEYEXP(mb_mgr, xform->auth.key.data,
 				sess->auth.xcbc.k1_expanded,
 				sess->auth.xcbc.k2, sess->auth.xcbc.k3);
+		sess->template_job.u.XCBC._k1_expanded = sess->auth.xcbc.k1_expanded;
+		sess->template_job.u.XCBC._k2 = sess->auth.xcbc.k2;
+		sess->template_job.u.XCBC._k3 = sess->auth.xcbc.k3;
 		return 0;
 	}
 
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_CMAC) {
 		uint32_t dust[4*15];
 
-		sess->auth.algo = IMB_AUTH_AES_CMAC;
+		sess->template_job.hash_alg = IMB_AUTH_AES_CMAC;
 
 		uint16_t cmac_digest_len =
 				get_digest_byte_length(IMB_AUTH_AES_CMAC);
@@ -140,70 +142,74 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		 * the requested number of bytes.
 		 */
 		if (sess->auth.req_digest_len < 4)
-			sess->auth.gen_digest_len = cmac_digest_len;
+			sess->template_job.auth_tag_output_len_in_bytes = cmac_digest_len;
 		else
-			sess->auth.gen_digest_len = sess->auth.req_digest_len;
+			sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		IMB_AES_KEYEXP_128(mb_mgr, xform->auth.key.data,
 				sess->auth.cmac.expkey, dust);
 		IMB_AES_CMAC_SUBKEY_GEN_128(mb_mgr, sess->auth.cmac.expkey,
 				sess->auth.cmac.skey1, sess->auth.cmac.skey2);
+		sess->template_job.u.CMAC._key_expanded = sess->auth.cmac.expkey;
+		sess->template_job.u.CMAC._skey1 = sess->auth.cmac.skey1;
+		sess->template_job.u.CMAC._skey2 = sess->auth.cmac.skey2;
 		return 0;
 	}
 
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
 		if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) {
-			sess->cipher.direction = IMB_DIR_ENCRYPT;
-			sess->chain_order = IMB_ORDER_CIPHER_HASH;
+			sess->template_job.cipher_direction = IMB_DIR_ENCRYPT;
+			sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		} else
-			sess->cipher.direction = IMB_DIR_DECRYPT;
+			sess->template_job.cipher_direction = IMB_DIR_DECRYPT;
 
 		if (sess->auth.req_digest_len >
 			get_digest_byte_length(IMB_AUTH_AES_GMAC)) {
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
 		}
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
-		sess->iv.length = xform->auth.iv.length;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
+		sess->template_job.u.GMAC.iv_len_in_bytes = xform->auth.iv.length;
 		sess->iv.offset = xform->auth.iv.offset;
 
 		switch (xform->auth.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->auth.algo = IMB_AUTH_AES_GMAC_128;
+			sess->template_job.hash_alg = IMB_AUTH_AES_GMAC_128;
 			IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			break;
 		case IMB_KEY_192_BYTES:
-			sess->auth.algo = IMB_AUTH_AES_GMAC_192;
+			sess->template_job.hash_alg = IMB_AUTH_AES_GMAC_192;
 			IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
-			sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_192_BYTES;
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->auth.algo = IMB_AUTH_AES_GMAC_256;
+			sess->template_job.hash_alg = IMB_AUTH_AES_GMAC_256;
 			IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			break;
 		default:
 			IPSEC_MB_LOG(ERR, "Invalid authentication key length\n");
 			return -EINVAL;
 		}
+		sess->template_job.u.GMAC._key = &sess->cipher.gcm_key;
 
 		return 0;
 	}
 
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 		if (xform->auth.key.length == 16) {
-			sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
+			sess->template_job.hash_alg = IMB_AUTH_ZUC_EIA3_BITLEN;
 
 			if (sess->auth.req_digest_len != 4) {
 				IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 				return -EINVAL;
 			}
 		} else if (xform->auth.key.length == 32) {
-			sess->auth.algo = IMB_AUTH_ZUC256_EIA3_BITLEN;
+			sess->template_job.hash_alg = IMB_AUTH_ZUC256_EIA3_BITLEN;
 #if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 			if (sess->auth.req_digest_len != 4 &&
 					sess->auth.req_digest_len != 8 &&
@@ -219,13 +225,14 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		memcpy(sess->auth.zuc_auth_key, xform->auth.key.data,
 			xform->auth.key.length);
+		sess->template_job.u.ZUC_EIA3._key = sess->auth.zuc_auth_key;
 		return 0;
 	} else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
-		sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN;
+		sess->template_job.hash_alg = IMB_AUTH_SNOW3G_UIA2_BITLEN;
 		uint16_t snow3g_uia2_digest_len =
 			get_truncated_digest_byte_length(
 						IMB_AUTH_SNOW3G_UIA2_BITLEN);
@@ -233,33 +240,37 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
 		}
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data,
 					&sess->auth.pKeySched_snow3g_auth);
+		sess->template_job.u.SNOW3G_UIA2._key = (void *)
+			&sess->auth.pKeySched_snow3g_auth;
 		return 0;
 	} else if (xform->auth.algo == RTE_CRYPTO_AUTH_KASUMI_F9) {
-		sess->auth.algo = IMB_AUTH_KASUMI_UIA1;
+		sess->template_job.hash_alg = IMB_AUTH_KASUMI_UIA1;
 		uint16_t kasumi_f9_digest_len =
 			get_truncated_digest_byte_length(IMB_AUTH_KASUMI_UIA1);
 		if (sess->auth.req_digest_len != kasumi_f9_digest_len) {
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
 		}
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 		IMB_KASUMI_INIT_F9_KEY_SCHED(mb_mgr, xform->auth.key.data,
 					&sess->auth.pKeySched_kasumi_auth);
+		sess->template_job.u.KASUMI_UIA1._key = (void *)
+			&sess->auth.pKeySched_kasumi_auth;
 		return 0;
 	}
 
 	switch (xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
-		sess->auth.algo = IMB_AUTH_MD5;
+		sess->template_job.hash_alg = IMB_AUTH_MD5;
 		hash_oneblock_fn = mb_mgr->md5_one_block;
 		break;
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_1;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1;
 		hash_oneblock_fn = mb_mgr->sha1_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_1)) {
@@ -271,11 +282,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA1:
-		sess->auth.algo = IMB_AUTH_SHA_1;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_1;
 		auth_precompute = 0;
 		break;
 	case RTE_CRYPTO_AUTH_SHA224_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_224;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
 		hash_oneblock_fn = mb_mgr->sha224_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_224)) {
@@ -287,11 +298,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA224:
-		sess->auth.algo = IMB_AUTH_SHA_224;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_224;
 		auth_precompute = 0;
 		break;
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_256;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
 		hash_oneblock_fn = mb_mgr->sha256_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_256)) {
@@ -303,11 +314,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA256:
-		sess->auth.algo = IMB_AUTH_SHA_256;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_256;
 		auth_precompute = 0;
 		break;
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_384;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384;
 		hash_oneblock_fn = mb_mgr->sha384_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_384)) {
@@ -319,11 +330,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA384:
-		sess->auth.algo = IMB_AUTH_SHA_384;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_384;
 		auth_precompute = 0;
 		break;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
-		sess->auth.algo = IMB_AUTH_HMAC_SHA_512;
+		sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512;
 		hash_oneblock_fn = mb_mgr->sha512_one_block;
 		if (xform->auth.key.length > get_auth_algo_blocksize(
 				IMB_AUTH_HMAC_SHA_512)) {
@@ -335,7 +346,7 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		}
 		break;
 	case RTE_CRYPTO_AUTH_SHA512:
-		sess->auth.algo = IMB_AUTH_SHA_512;
+		sess->template_job.hash_alg = IMB_AUTH_SHA_512;
 		auth_precompute = 0;
 		break;
 	default:
@@ -344,9 +355,9 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		return -ENOTSUP;
 	}
 	uint16_t trunc_digest_size =
-			get_truncated_digest_byte_length(sess->auth.algo);
+			get_truncated_digest_byte_length(sess->template_job.hash_alg);
 	uint16_t full_digest_size =
-			get_digest_byte_length(sess->auth.algo);
+			get_digest_byte_length(sess->template_job.hash_alg);
 
 	if (sess->auth.req_digest_len > full_digest_size ||
 			sess->auth.req_digest_len == 0) {
@@ -356,9 +367,9 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 
 	if (sess->auth.req_digest_len != trunc_digest_size &&
 			sess->auth.req_digest_len != full_digest_size)
-		sess->auth.gen_digest_len = full_digest_size;
+		sess->template_job.auth_tag_output_len_in_bytes = full_digest_size;
 	else
-		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 	/* Plain SHA does not require precompute key */
 	if (auth_precompute == 0)
@@ -370,14 +381,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 			sess->auth.pads.inner, sess->auth.pads.outer,
 			hashed_key,
 			xform->auth.key.length,
-			get_auth_algo_blocksize(sess->auth.algo));
+			get_auth_algo_blocksize(sess->template_job.hash_alg));
 	} else {
 		calculate_auth_precomputes(hash_oneblock_fn,
 			sess->auth.pads.inner, sess->auth.pads.outer,
 			xform->auth.key.data,
 			xform->auth.key.length,
-			get_auth_algo_blocksize(sess->auth.algo));
+			get_auth_algo_blocksize(sess->template_job.hash_alg));
 	}
+	sess->template_job.u.HMAC._hashed_auth_key_xor_ipad =
+		sess->auth.pads.inner;
+	sess->template_job.u.HMAC._hashed_auth_key_xor_opad =
+		sess->auth.pads.outer;
 
 	return 0;
 }
@@ -396,7 +411,7 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	uint8_t is_kasumi = 0;
 
 	if (xform == NULL) {
-		sess->cipher.mode = IMB_CIPHER_NULL;
+		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
 		return 0;
 	}
 
@@ -408,10 +423,10 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	/* Select cipher direction */
 	switch (xform->cipher.op) {
 	case RTE_CRYPTO_CIPHER_OP_ENCRYPT:
-		sess->cipher.direction = IMB_DIR_ENCRYPT;
+		sess->template_job.cipher_direction = IMB_DIR_ENCRYPT;
 		break;
 	case RTE_CRYPTO_CIPHER_OP_DECRYPT:
-		sess->cipher.direction = IMB_DIR_DECRYPT;
+		sess->template_job.cipher_direction = IMB_DIR_DECRYPT;
 		break;
 	default:
 		IPSEC_MB_LOG(ERR, "Invalid cipher operation parameter");
@@ -421,48 +436,48 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	/* Select cipher mode */
 	switch (xform->cipher.algo) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
-		sess->cipher.mode = IMB_CIPHER_CBC;
+		sess->template_job.cipher_mode = IMB_CIPHER_CBC;
 		is_aes = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
-		sess->cipher.mode = IMB_CIPHER_CNTR;
+		sess->template_job.cipher_mode = IMB_CIPHER_CNTR;
 		is_aes = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_DOCSISBPI:
-		sess->cipher.mode = IMB_CIPHER_DOCSIS_SEC_BPI;
+		sess->template_job.cipher_mode = IMB_CIPHER_DOCSIS_SEC_BPI;
 		is_docsis = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_DES_CBC:
-		sess->cipher.mode = IMB_CIPHER_DES;
+		sess->template_job.cipher_mode = IMB_CIPHER_DES;
 		break;
 	case RTE_CRYPTO_CIPHER_DES_DOCSISBPI:
-		sess->cipher.mode = IMB_CIPHER_DOCSIS_DES;
+		sess->template_job.cipher_mode = IMB_CIPHER_DOCSIS_DES;
 		break;
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
-		sess->cipher.mode = IMB_CIPHER_DES3;
+		sess->template_job.cipher_mode = IMB_CIPHER_DES3;
 		is_3DES = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_ECB:
-		sess->cipher.mode = IMB_CIPHER_ECB;
+		sess->template_job.cipher_mode = IMB_CIPHER_ECB;
 		is_aes = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_ZUC_EEA3:
-		sess->cipher.mode = IMB_CIPHER_ZUC_EEA3;
+		sess->template_job.cipher_mode = IMB_CIPHER_ZUC_EEA3;
 		is_zuc = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
-		sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
+		sess->template_job.cipher_mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
 		is_snow3g = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_KASUMI_F8:
-		sess->cipher.mode = IMB_CIPHER_KASUMI_UEA1_BITLEN;
+		sess->template_job.cipher_mode = IMB_CIPHER_KASUMI_UEA1_BITLEN;
 		is_kasumi = 1;
 		break;
 	case RTE_CRYPTO_CIPHER_NULL:
-		sess->cipher.mode = IMB_CIPHER_NULL;
-		sess->cipher.key_length_in_bytes = 0;
+		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
+		sess->template_job.key_len_in_bytes = 0;
 		sess->iv.offset = xform->cipher.iv.offset;
-		sess->iv.length = xform->cipher.iv.length;
+		sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
 		return 0;
 	default:
 		IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
@@ -471,25 +486,25 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 
 	/* Set IV parameters */
 	sess->iv.offset = xform->cipher.iv.offset;
-	sess->iv.length = xform->cipher.iv.length;
+	sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
 
 	/* Check key length and choose key expansion function for AES */
 	if (is_aes) {
 		switch (xform->cipher.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			IMB_AES_KEYEXP_128(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
 			break;
 		case IMB_KEY_192_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_192_BYTES;
 			IMB_AES_KEYEXP_192(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
@@ -498,16 +513,19 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
+
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 	} else if (is_docsis) {
 		switch (xform->cipher.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			IMB_AES_KEYEXP_128(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
@@ -516,6 +534,8 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 	} else if (is_3DES) {
 		uint64_t *keys[3] = {sess->cipher.exp_3des_keys.key[0],
 				sess->cipher.exp_3des_keys.key[1],
@@ -559,38 +579,46 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
-		sess->cipher.key_length_in_bytes = 24;
+		sess->template_job.enc_keys = sess->cipher.exp_3des_keys.ks_ptr;
+		sess->template_job.dec_keys = sess->cipher.exp_3des_keys.ks_ptr;
+		sess->template_job.key_len_in_bytes = 24;
 	} else if (is_zuc) {
 		if (xform->cipher.key.length != 16 &&
 				xform->cipher.key.length != 32) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = xform->cipher.key.length;
+		sess->template_job.key_len_in_bytes = xform->cipher.key.length;
 		memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
 			xform->cipher.key.length);
+		sess->template_job.enc_keys = sess->cipher.zuc_cipher_key;
+		sess->template_job.dec_keys = sess->cipher.zuc_cipher_key;
 	} else if (is_snow3g) {
 		if (xform->cipher.key.length != 16) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = 16;
+		sess->template_job.key_len_in_bytes = 16;
 		IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data,
 					&sess->cipher.pKeySched_snow3g_cipher);
+		sess->template_job.enc_keys = &sess->cipher.pKeySched_snow3g_cipher;
+		sess->template_job.dec_keys = &sess->cipher.pKeySched_snow3g_cipher;
 	} else if (is_kasumi) {
 		if (xform->cipher.key.length != 16) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = 16;
+		sess->template_job.key_len_in_bytes = 16;
 		IMB_KASUMI_INIT_F8_KEY_SCHED(mb_mgr, xform->cipher.key.data,
 					&sess->cipher.pKeySched_kasumi_cipher);
+		sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
+		sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
 	} else {
 		if (xform->cipher.key.length != 8) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = 8;
+		sess->template_job.key_len_in_bytes = 8;
 
 		IMB_DES_KEYSCHED(mb_mgr,
 			(uint64_t *)sess->cipher.expanded_aes_keys.encode,
@@ -598,6 +626,8 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 		IMB_DES_KEYSCHED(mb_mgr,
 			(uint64_t *)sess->cipher.expanded_aes_keys.decode,
 				xform->cipher.key.data);
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 	}
 
 	return 0;
@@ -610,11 +640,11 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 {
 	switch (xform->aead.op) {
 	case RTE_CRYPTO_AEAD_OP_ENCRYPT:
-		sess->cipher.direction = IMB_DIR_ENCRYPT;
+		sess->template_job.cipher_direction = IMB_DIR_ENCRYPT;
 		sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
 		break;
 	case RTE_CRYPTO_AEAD_OP_DECRYPT:
-		sess->cipher.direction = IMB_DIR_DECRYPT;
+		sess->template_job.cipher_direction = IMB_DIR_DECRYPT;
 		sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
 		break;
 	default:
@@ -624,27 +654,28 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 
 	/* Set IV parameters */
 	sess->iv.offset = xform->aead.iv.offset;
-	sess->iv.length = xform->aead.iv.length;
+	sess->template_job.iv_len_in_bytes = xform->aead.iv.length;
 
 	/* Set digest sizes */
 	sess->auth.req_digest_len = xform->aead.digest_length;
-	sess->auth.gen_digest_len = sess->auth.req_digest_len;
+	sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
 
 	switch (xform->aead.algo) {
 	case RTE_CRYPTO_AEAD_AES_CCM:
-		sess->cipher.mode = IMB_CIPHER_CCM;
-		sess->auth.algo = IMB_AUTH_AES_CCM;
+		sess->template_job.cipher_mode = IMB_CIPHER_CCM;
+		sess->template_job.hash_alg = IMB_AUTH_AES_CCM;
+		sess->template_job.u.CCM.aad_len_in_bytes = xform->aead.aad_length;
 
 		/* Check key length and choose key expansion function for AES */
 		switch (xform->aead.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			IMB_AES_KEYEXP_128(mb_mgr, xform->aead.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			IMB_AES_KEYEXP_256(mb_mgr, xform->aead.key.data,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
@@ -654,6 +685,8 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 		/* CCM digests must be between 4 and 16 and an even number */
 		if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN ||
 			sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN ||
@@ -664,22 +697,23 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 		break;
 
 	case RTE_CRYPTO_AEAD_AES_GCM:
-		sess->cipher.mode = IMB_CIPHER_GCM;
-		sess->auth.algo = IMB_AUTH_AES_GMAC;
+		sess->template_job.cipher_mode = IMB_CIPHER_GCM;
+		sess->template_job.hash_alg = IMB_AUTH_AES_GMAC;
+		sess->template_job.u.GCM.aad_len_in_bytes = xform->aead.aad_length;
 
 		switch (xform->aead.key.length) {
 		case IMB_KEY_128_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
 			IMB_AES128_GCM_PRE(mb_mgr, xform->aead.key.data,
 				&sess->cipher.gcm_key);
 			break;
 		case IMB_KEY_192_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_192_BYTES;
 			IMB_AES192_GCM_PRE(mb_mgr, xform->aead.key.data,
 				&sess->cipher.gcm_key);
 			break;
 		case IMB_KEY_256_BYTES:
-			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+			sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
 			IMB_AES256_GCM_PRE(mb_mgr, xform->aead.key.data,
 				&sess->cipher.gcm_key);
 			break;
@@ -688,6 +722,8 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		sess->template_job.enc_keys = &sess->cipher.gcm_key;
+		sess->template_job.dec_keys = &sess->cipher.gcm_key;
 		/* GCM digest size must be between 1 and 16 */
 		if (sess->auth.req_digest_len == 0 ||
 				sess->auth.req_digest_len > 16) {
@@ -697,16 +733,20 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 		break;
 
 	case RTE_CRYPTO_AEAD_CHACHA20_POLY1305:
-		sess->cipher.mode = IMB_CIPHER_CHACHA20_POLY1305;
-		sess->auth.algo = IMB_AUTH_CHACHA20_POLY1305;
+		sess->template_job.cipher_mode = IMB_CIPHER_CHACHA20_POLY1305;
+		sess->template_job.hash_alg = IMB_AUTH_CHACHA20_POLY1305;
+		sess->template_job.u.CHACHA20_POLY1305.aad_len_in_bytes =
+			xform->aead.aad_length;
 
 		if (xform->aead.key.length != 32) {
 			IPSEC_MB_LOG(ERR, "Invalid key length");
 			return -EINVAL;
 		}
-		sess->cipher.key_length_in_bytes = 32;
+		sess->template_job.key_len_in_bytes = 32;
 		memcpy(sess->cipher.expanded_aes_keys.encode,
 			xform->aead.key.data, 32);
+		sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
 		if (sess->auth.req_digest_len != 16) {
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 			return -EINVAL;
@@ -741,16 +781,16 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
 	/* Select Crypto operation - hash then cipher / cipher then hash */
 	switch (mode) {
 	case IPSEC_MB_OP_HASH_VERIFY_THEN_DECRYPT:
-		sess->chain_order = IMB_ORDER_HASH_CIPHER;
+		sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		break;
 	case IPSEC_MB_OP_ENCRYPT_THEN_HASH_GEN:
 	case IPSEC_MB_OP_DECRYPT_THEN_HASH_VERIFY:
-		sess->chain_order = IMB_ORDER_CIPHER_HASH;
+		sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		break;
 	case IPSEC_MB_OP_HASH_GEN_ONLY:
 	case IPSEC_MB_OP_HASH_VERIFY_ONLY:
 	case IPSEC_MB_OP_HASH_GEN_THEN_ENCRYPT:
-		sess->chain_order = IMB_ORDER_HASH_CIPHER;
+		sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		break;
 	/*
 	 * Multi buffer library operates only at two modes,
@@ -760,18 +800,16 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
 	 * the first operation and decryption the last one.
 	 */
 	case IPSEC_MB_OP_ENCRYPT_ONLY:
-		sess->chain_order = IMB_ORDER_CIPHER_HASH;
+		sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		break;
 	case IPSEC_MB_OP_DECRYPT_ONLY:
-		sess->chain_order = IMB_ORDER_HASH_CIPHER;
+		sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		break;
 	case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
-		sess->chain_order = IMB_ORDER_CIPHER_HASH;
-		sess->aead.aad_len = xform->aead.aad_length;
+		sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		break;
 	case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT:
-		sess->chain_order = IMB_ORDER_HASH_CIPHER;
-		sess->aead.aad_len = xform->aead.aad_length;
+		sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		break;
 	case IPSEC_MB_OP_NOT_SUPPORTED:
 	default:
@@ -781,8 +819,7 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
 	}
 
 	/* Default IV length = 0 */
-	sess->iv.length = 0;
-	sess->auth_iv.length = 0;
+	sess->template_job.iv_len_in_bytes = 0;
 
 	ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform);
 	if (ret != 0) {
@@ -864,10 +901,10 @@ aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess,
 
 	/* Select CRC generate/verify */
 	if (xform->direction == RTE_SECURITY_DOCSIS_UPLINK) {
-		sess->auth.algo = IMB_AUTH_DOCSIS_CRC32;
+		sess->template_job.hash_alg = IMB_AUTH_DOCSIS_CRC32;
 		sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
 	} else if (xform->direction == RTE_SECURITY_DOCSIS_DOWNLINK) {
-		sess->auth.algo = IMB_AUTH_DOCSIS_CRC32;
+		sess->template_job.hash_alg = IMB_AUTH_DOCSIS_CRC32;
 		sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
 	} else {
 		IPSEC_MB_LOG(ERR, "Unsupported DOCSIS direction");
@@ -875,7 +912,7 @@ aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess,
 	}
 
 	sess->auth.req_digest_len = RTE_ETHER_CRC_LEN;
-	sess->auth.gen_digest_len = RTE_ETHER_CRC_LEN;
+	sess->template_job.auth_tag_output_len_in_bytes = RTE_ETHER_CRC_LEN;
 
 	return 0;
 }
@@ -907,12 +944,12 @@ aesni_mb_set_docsis_sec_session_parameters(
 
 	switch (conf->docsis.direction) {
 	case RTE_SECURITY_DOCSIS_UPLINK:
-		ipsec_sess->chain_order = IMB_ORDER_CIPHER_HASH;
+		ipsec_sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
 		docsis_xform = &conf->docsis;
 		cipher_xform = conf->crypto_xform;
 		break;
 	case RTE_SECURITY_DOCSIS_DOWNLINK:
-		ipsec_sess->chain_order = IMB_ORDER_HASH_CIPHER;
+		ipsec_sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
 		cipher_xform = conf->crypto_xform;
 		docsis_xform = &conf->docsis;
 		break;
@@ -923,7 +960,7 @@ aesni_mb_set_docsis_sec_session_parameters(
 	}
 
 	/* Default IV length = 0 */
-	ipsec_sess->iv.length = 0;
+	ipsec_sess->template_job.iv_len_in_bytes = 0;
 
 	ret = aesni_mb_set_docsis_sec_session_auth_parameters(ipsec_sess,
 			docsis_xform);
@@ -958,7 +995,7 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
 	uint32_t cipher_end, auth_end;
 
 	/* Only cipher then hash needs special calculation. */
-	if (!oop || session->chain_order != IMB_ORDER_CIPHER_HASH || lb_sgl)
+	if (!oop || session->template_job.chain_order != IMB_ORDER_CIPHER_HASH || lb_sgl)
 		return auth_offset;
 
 	m_src = op->sym->m_src;
@@ -1004,80 +1041,35 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 		struct rte_crypto_va_iova_ptr *iv,
 		struct rte_crypto_va_iova_ptr *aad, void *digest, void *udata)
 {
-	/* Set crypto operation */
-	job->chain_order = session->chain_order;
-
-	/* Set cipher parameters */
-	job->cipher_direction = session->cipher.direction;
-	job->cipher_mode = session->cipher.mode;
-
-	job->key_len_in_bytes = session->cipher.key_length_in_bytes;
+	memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	/* Set authentication parameters */
-	job->hash_alg = session->auth.algo;
 	job->iv = iv->va;
 
 	switch (job->hash_alg) {
-	case IMB_AUTH_AES_XCBC:
-		job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
-		job->u.XCBC._k2 = session->auth.xcbc.k2;
-		job->u.XCBC._k3 = session->auth.xcbc.k3;
-
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		break;
-
 	case IMB_AUTH_AES_CCM:
 		job->u.CCM.aad = (uint8_t *)aad->va + 18;
-		job->u.CCM.aad_len_in_bytes = session->aead.aad_len;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
 		job->iv++;
 		break;
 
-	case IMB_AUTH_AES_CMAC:
-		job->u.CMAC._key_expanded = session->auth.cmac.expkey;
-		job->u.CMAC._skey1 = session->auth.cmac.skey1;
-		job->u.CMAC._skey2 = session->auth.cmac.skey2;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		break;
-
 	case IMB_AUTH_AES_GMAC:
 		job->u.GCM.aad = aad->va;
-		job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
-		job->enc_keys = &session->cipher.gcm_key;
-		job->dec_keys = &session->cipher.gcm_key;
 		break;
 
 	case IMB_AUTH_AES_GMAC_128:
 	case IMB_AUTH_AES_GMAC_192:
 	case IMB_AUTH_AES_GMAC_256:
-		job->u.GMAC._key = &session->cipher.gcm_key;
 		job->u.GMAC._iv = iv->va;
-		job->u.GMAC.iv_len_in_bytes = session->iv.length;
 		break;
 
 	case IMB_AUTH_CHACHA20_POLY1305:
 		job->u.CHACHA20_POLY1305.aad = aad->va;
-		job->u.CHACHA20_POLY1305.aad_len_in_bytes =
-			session->aead.aad_len;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.encode;
 		break;
 	default:
 		job->u.HMAC._hashed_auth_key_xor_ipad =
 				session->auth.pads.inner;
 		job->u.HMAC._hashed_auth_key_xor_opad =
 				session->auth.pads.outer;
-
-		if (job->cipher_mode == IMB_CIPHER_DES3) {
-			job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
-			job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
-		} else {
-			job->enc_keys = session->cipher.expanded_aes_keys.encode;
-			job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		}
 	}
 
 	/*
@@ -1087,10 +1079,6 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 
 	/* Set digest location and length */
 	job->auth_tag_output = digest;
-	job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
-
-	/* Set IV parameters */
-	job->iv_len_in_bytes = session->iv.length;
 
 	/* Data Parameters */
 	job->src = buf;
@@ -1235,8 +1223,10 @@ handle_sgl_linear(IMB_JOB *job, struct rte_crypto_op *op, uint32_t dst_offset,
 static inline int
 imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
 {
-	if (alg == IMB_CIPHER_CHACHA20_POLY1305
-			|| alg == IMB_CIPHER_GCM)
+	if (alg == IMB_CIPHER_CHACHA20_POLY1305 ||
+			alg == IMB_CIPHER_CHACHA20_POLY1305_SGL ||
+			alg == IMB_CIPHER_GCM_SGL ||
+			alg == IMB_CIPHER_GCM)
 		return 1;
 	return 0;
 }
@@ -1413,28 +1403,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		return -1;
 	}
 
-	/* Set crypto operation */
-	job->chain_order = session->chain_order;
-
-	/* Set cipher parameters */
-	job->cipher_direction = session->cipher.direction;
-	job->cipher_mode = session->cipher.mode;
-
-	job->key_len_in_bytes = session->cipher.key_length_in_bytes;
+	memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	/* Set authentication parameters */
-	job->hash_alg = session->auth.algo;
-
 	const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
 
-	if (job->cipher_mode == IMB_CIPHER_DES3) {
-		job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
-		job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
-	} else {
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-	}
-
 	if (!op->sym->m_dst) {
 		/* in-place operation */
 		m_dst = m_src;
@@ -1451,89 +1424,49 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 
 	if (m_src->nb_segs > 1 || m_dst->nb_segs > 1) {
 		sgl = 1;
-		if (!imb_lib_support_sgl_algo(session->cipher.mode))
+		if (!imb_lib_support_sgl_algo(job->cipher_mode))
 			lb_sgl = 1;
 	}
 
 	switch (job->hash_alg) {
-	case IMB_AUTH_AES_XCBC:
-		job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
-		job->u.XCBC._k2 = session->auth.xcbc.k2;
-		job->u.XCBC._k3 = session->auth.xcbc.k3;
-
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		break;
-
 	case IMB_AUTH_AES_CCM:
 		job->u.CCM.aad = op->sym->aead.aad.data + 18;
-		job->u.CCM.aad_len_in_bytes = session->aead.aad_len;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		break;
-
-	case IMB_AUTH_AES_CMAC:
-		job->u.CMAC._key_expanded = session->auth.cmac.expkey;
-		job->u.CMAC._skey1 = session->auth.cmac.skey1;
-		job->u.CMAC._skey2 = session->auth.cmac.skey2;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
 		break;
 
 	case IMB_AUTH_AES_GMAC:
 		job->u.GCM.aad = op->sym->aead.aad.data;
-		job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
 		if (sgl) {
 			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_GCM_SGL;
 			job->hash_alg = IMB_AUTH_GCM_SGL;
 		}
-		job->enc_keys = &session->cipher.gcm_key;
-		job->dec_keys = &session->cipher.gcm_key;
 		break;
 	case IMB_AUTH_AES_GMAC_128:
 	case IMB_AUTH_AES_GMAC_192:
 	case IMB_AUTH_AES_GMAC_256:
-		job->u.GMAC._key = &session->cipher.gcm_key;
 		job->u.GMAC._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 						session->auth_iv.offset);
-		job->u.GMAC.iv_len_in_bytes = session->auth_iv.length;
 		break;
 	case IMB_AUTH_ZUC_EIA3_BITLEN:
 	case IMB_AUTH_ZUC256_EIA3_BITLEN:
-		job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
 		job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 						session->auth_iv.offset);
 		break;
 	case IMB_AUTH_SNOW3G_UIA2_BITLEN:
-		job->u.SNOW3G_UIA2._key = (void *)
-			&session->auth.pKeySched_snow3g_auth;
 		job->u.SNOW3G_UIA2._iv =
 			rte_crypto_op_ctod_offset(op, uint8_t *,
 						session->auth_iv.offset);
 		break;
-	case IMB_AUTH_KASUMI_UIA1:
-		job->u.KASUMI_UIA1._key = (void *)
-			&session->auth.pKeySched_kasumi_auth;
-		break;
 	case IMB_AUTH_CHACHA20_POLY1305:
 		job->u.CHACHA20_POLY1305.aad = op->sym->aead.aad.data;
-		job->u.CHACHA20_POLY1305.aad_len_in_bytes =
-			session->aead.aad_len;
 		if (sgl) {
 			job->u.CHACHA20_POLY1305.ctx = &qp_data->chacha_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
 			job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
 		}
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.encode;
 		break;
 	default:
-		job->u.HMAC._hashed_auth_key_xor_ipad =
-			session->auth.pads.inner;
-		job->u.HMAC._hashed_auth_key_xor_opad =
-			session->auth.pads.outer;
-
+		break;
 	}
 
 	if (aead)
@@ -1542,14 +1475,10 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		m_offset = op->sym->cipher.data.offset;
 
 	if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
-		job->enc_keys = session->cipher.zuc_cipher_key;
-		job->dec_keys = session->cipher.zuc_cipher_key;
 		m_offset >>= 3;
 	} else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) {
-		job->enc_keys = &session->cipher.pKeySched_snow3g_cipher;
 		m_offset = 0;
 	} else if (job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) {
-		job->enc_keys = &session->cipher.pKeySched_kasumi_cipher;
 		m_offset = 0;
 	}
 
@@ -1565,7 +1494,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->auth_tag_output = op->sym->auth.digest.data;
 
 		if (session->auth.req_digest_len !=
-				session->auth.gen_digest_len) {
+				job->auth_tag_output_len_in_bytes) {
 			job->auth_tag_output =
 				qp_data->temp_digests[*digest_idx];
 			*digest_idx = (*digest_idx + 1) % IMB_MAX_JOBS;
@@ -1576,12 +1505,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	 * digest length as specified in the relevant IPsec RFCs
 	 */
 
-	/* Set digest length */
-	job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
-
-	/* Set IV parameters */
-	job->iv_len_in_bytes = session->iv.length;
-
 	/* Data Parameters */
 	if (sgl) {
 		job->src = NULL;
@@ -1773,8 +1696,8 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		return -1;
 	}
 	/* Only DOCSIS protocol operations supported now */
-	if (session->cipher.mode != IMB_CIPHER_DOCSIS_SEC_BPI ||
-			session->auth.algo != IMB_AUTH_DOCSIS_CRC32) {
+	if (session->template_job.cipher_mode != IMB_CIPHER_DOCSIS_SEC_BPI ||
+			session->template_job.hash_alg != IMB_AUTH_DOCSIS_CRC32) {
 		op->status = RTE_CRYPTO_OP_STATUS_ERROR;
 		return -1;
 	}
@@ -1791,31 +1714,19 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		return -ENOTSUP;
 	}
 
-	/* Set crypto operation */
-	job->chain_order = session->chain_order;
+	memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	/* Set cipher parameters */
-	job->cipher_direction = session->cipher.direction;
-	job->cipher_mode = session->cipher.mode;
-
-	job->key_len_in_bytes = session->cipher.key_length_in_bytes;
 	job->enc_keys = session->cipher.expanded_aes_keys.encode;
 	job->dec_keys = session->cipher.expanded_aes_keys.decode;
 
 	/* Set IV parameters */
-	job->iv_len_in_bytes = session->iv.length;
 	job->iv = (uint8_t *)op + session->iv.offset;
 
-	/* Set authentication parameters */
-	job->hash_alg = session->auth.algo;
-
 	/* Set digest output location */
 	job->auth_tag_output = qp_data->temp_digests[*digest_idx];
 	*digest_idx = (*digest_idx + 1) % IMB_MAX_JOBS;
 
-	/* Set digest length */
-	job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
-
 	/* Set data parameters */
 	job->src = rte_pktmbuf_mtod(m_src, uint8_t *);
 	job->dst = rte_pktmbuf_mtod_offset(m_dst, uint8_t *,
@@ -1865,7 +1776,7 @@ generate_digest(IMB_JOB *job, struct rte_crypto_op *op,
 		struct aesni_mb_session *sess)
 {
 	/* No extra copy needed */
-	if (likely(sess->auth.req_digest_len == sess->auth.gen_digest_len))
+	if (likely(sess->auth.req_digest_len == job->auth_tag_output_len_in_bytes))
 		return;
 
 	/*
@@ -1940,7 +1851,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 			if ((op->sym->m_src->nb_segs > 1 ||
 					(op->sym->m_dst != NULL &&
 					op->sym->m_dst->nb_segs > 1)) &&
-					!imb_lib_support_sgl_algo(sess->cipher.mode)) {
+					!imb_lib_support_sgl_algo(job->cipher_mode)) {
 				linear_buf = (uint8_t *) job->user_data2;
 				post_process_sgl_linear(op, job, sess, linear_buf);
 			}
@@ -1950,7 +1861,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
 
 			if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
 				if (is_aead_algo(job->hash_alg,
-						sess->cipher.mode))
+						job->cipher_mode))
 					verify_digest(job,
 						op->sym->aead.digest.data,
 						sess->auth.req_digest_len,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 3cf44f8bc4..ce9a6e4886 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -852,14 +852,12 @@ get_digest_byte_length(IMB_HASH_ALG algo)
 
 /** AES-NI multi-buffer private session structure */
 struct aesni_mb_session {
-	IMB_CHAIN_ORDER chain_order;
-	/*  common job fields */
+	IMB_JOB template_job;
+	/*< Template job structure */
 	struct {
-		uint16_t length;
 		uint16_t offset;
 	} iv;
 	struct {
-		uint16_t length;
 		uint16_t offset;
 	} auth_iv;
 	/* *< IV parameters
@@ -868,13 +866,6 @@ struct aesni_mb_session {
 	/* * Cipher Parameters
 	 */
 	struct {
-		/* * Cipher direction - encrypt / decrypt */
-		IMB_CIPHER_DIRECTION direction;
-		/* * Cipher mode - CBC / Counter */
-		IMB_CIPHER_MODE mode;
-
-		uint64_t key_length_in_bytes;
-
 		union {
 			struct {
 				uint32_t encode[60] __rte_aligned(16);
@@ -907,7 +898,6 @@ struct aesni_mb_session {
 
 	/* *< Authentication Parameters */
 	struct {
-		IMB_HASH_ALG algo; /* *< Authentication Algorithm */
 		enum rte_crypto_auth_operation operation;
 		/* *< auth operation generate or verify */
 		union {
@@ -948,16 +938,10 @@ struct aesni_mb_session {
 			kasumi_key_sched_t pKeySched_kasumi_auth;
 			/* *< KASUMI scheduled authentication key */
 		};
-		/* * Generated digest size by the Multi-buffer library */
-		uint16_t gen_digest_len;
 		/* * Requested digest size from Cryptodev */
 		uint16_t req_digest_len;
 
 	} auth;
-	struct {
-		/* * AAD data length */
-		uint16_t aad_len;
-	} aead;
 } __rte_cache_aligned;
 
 typedef void (*hash_one_block_t)(const void *data, void *digest);