3 files changed, 191 insertions, 146 deletions

diff --git a/test/validation/api/crypto/crypto_op_test.c b/test/validation/api/crypto/crypto_op_test.c
index 4ad333488..1d883f6b8 100644
--- a/test/validation/api/crypto/crypto_op_test.c
+++ b/test/validation/api/crypto/crypto_op_test.c
@@ -178,19 +178,13 @@ static void prepare_crypto_ranges(const crypto_op_test_param_t *param,
 				  odp_packet_data_range_t *cipher_range,
 				  odp_packet_data_range_t *auth_range)
 {
-	odp_packet_data_range_t zero_range = {.offset = 0, .length = 0};
-	uint32_t c_scale = param->is_bit_mode_cipher ? 8 : 1;
-	uint32_t a_scale = param->is_bit_mode_auth ? 8 : 1;
+	uint32_t c_scale = param->session.cipher_range_in_bits ? 8 : 1;
+	uint32_t a_scale = param->session.auth_range_in_bits ? 8 : 1;
 
 	*cipher_range = param->cipher_range;
 	*auth_range = param->auth_range;
 	cipher_range->offset += c_scale * param->header_len;
 	auth_range->offset += a_scale * param->header_len;
-
-	if (param->ref->cipher == ODP_CIPHER_ALG_NULL)
-		*cipher_range = zero_range;
-	if (param->ref->auth == ODP_AUTH_ALG_NULL)
-		*auth_range = zero_range;
 }
 
 static int prepare_input_packet(const crypto_op_test_param_t *param,
@@ -217,7 +211,7 @@ static int prepare_input_packet(const crypto_op_test_param_t *param,
 
 	write_header_and_trailer(pkt, param->header_len, param->trailer_len);
 
-	if (param->op == ODP_CRYPTO_OP_ENCODE) {
+	if (param->session.op == ODP_CRYPTO_OP_ENCODE) {
 		odp_packet_copy_from_mem(pkt, param->header_len,
 					 reflength, ref->plaintext);
 	} else {
@@ -322,7 +316,7 @@ static void prepare_ignore_info(const crypto_op_test_param_t *param,
 	 * Leftover bits in the last byte of the cipher range of bit mode
 	 * ciphers have undefined values.
 	 */
-	if (param->is_bit_mode_cipher &&
+	if (param->session.cipher_range_in_bits &&
 	    param->ref->cipher != ODP_CIPHER_ALG_NULL) {
 		uint8_t leftover_bits = ref_length_in_bits(param->ref) % 8;
 
@@ -338,10 +332,10 @@ static void prepare_ignore_info(const crypto_op_test_param_t *param,
 	 * undefined values.
 	 */
 	if (param->ref->auth != ODP_AUTH_ALG_NULL &&
-	    param->op == ODP_CRYPTO_OP_DECODE) {
+	    param->session.op == ODP_CRYPTO_OP_DECODE) {
 		uint32_t offs = param->digest_offset;
 
-		if (param->op_type != ODP_CRYPTO_OP_TYPE_OOP ||
+		if (param->session.op_type != ODP_CRYPTO_OP_TYPE_OOP ||
 		    is_in_range(offs, cipher_offset, cipher_len) ||
 		    is_in_range(offs, auth_offset, auth_len)) {
 			add_ignored_range(ignore,
@@ -351,11 +345,11 @@ static void prepare_ignore_info(const crypto_op_test_param_t *param,
 	}
 
 	/* Decrypted bytes are undefined if authentication fails. */
-	if (param->op == ODP_CRYPTO_OP_DECODE &&
+	if (param->session.op == ODP_CRYPTO_OP_DECODE &&
 	    param->wrong_digest) {
 		add_ignored_range(ignore, cipher_offset + shift, cipher_len);
 		/* In OOP case, auth range may not get copied */
-		if (param->op_type == ODP_CRYPTO_OP_TYPE_OOP)
+		if (param->session.op_type == ODP_CRYPTO_OP_TYPE_OOP)
 			add_ignored_range(ignore, auth_offset + shift, auth_len);
 	}
 }
@@ -372,30 +366,29 @@ static void prepare_expected_data(const crypto_op_test_param_t *param,
 	uint32_t cipher_len = cipher_range->length;
 	uint32_t auth_offset = auth_range->offset;
 	uint32_t auth_len = auth_range->length;
-	const int32_t shift = param->op_type == ODP_CRYPTO_OP_TYPE_OOP ? param->oop_shift : 0;
-	const odp_packet_t base_pkt = param->op_type == ODP_CRYPTO_OP_TYPE_OOP ? pkt_out : pkt_in;
+	const int32_t shift = param->session.op_type == ODP_CRYPTO_OP_TYPE_OOP ? param->oop_shift
+									       : 0;
+	const odp_packet_t base_pkt = param->session.op_type == ODP_CRYPTO_OP_TYPE_OOP ? pkt_out
+										       : pkt_in;
 	int rc;
 	uint32_t cipher_offset_in_ref = param->cipher_range.offset;
 
-	if (param->op == ODP_CRYPTO_OP_ENCODE)
+	if (param->session.op == ODP_CRYPTO_OP_ENCODE)
 		digest_offset += shift;
 
-	if (param->is_bit_mode_cipher) {
+	if (param->session.cipher_range_in_bits) {
 		cipher_offset_in_ref /= 8;
 		cipher_offset /= 8;
 		cipher_len = (cipher_len + 7) / 8;
 	}
-	if (param->is_bit_mode_auth) {
+	if (param->session.auth_range_in_bits) {
 		auth_offset /= 8;
 		auth_len = (auth_len + 7) / 8;
 	}
-	if (param->ref->cipher == ODP_CIPHER_ALG_NULL)
-		cipher_len = 0;
-	if (param->ref->auth == ODP_AUTH_ALG_NULL ||
-	    param->ref->auth == ODP_AUTH_ALG_AES_GCM ||
+	if (param->ref->auth == ODP_AUTH_ALG_AES_GCM ||
 	    param->ref->auth == ODP_AUTH_ALG_AES_CCM ||
 	    param->ref->auth == ODP_AUTH_ALG_CHACHA20_POLY1305) {
-		/* auth range is ignored with null and AEAD algorithms */
+		/* auth range is ignored with AEAD algorithms */
 		auth_len = 0;
 	}
 
@@ -405,14 +398,14 @@ static void prepare_expected_data(const crypto_op_test_param_t *param,
 	rc = odp_packet_copy_to_mem(base_pkt, 0, ex->len, ex->data);
 	CU_ASSERT(rc == 0);
 
-	if (param->op_type == ODP_CRYPTO_OP_TYPE_OOP && auth_len > 0) {
+	if (param->session.op_type == ODP_CRYPTO_OP_TYPE_OOP && auth_len > 0) {
 		/* copy auth range from input packet */
 		rc = odp_packet_copy_to_mem(pkt_in, auth_offset, auth_len,
 					    ex->data + auth_offset + shift);
 		CU_ASSERT(rc == 0);
 	}
 
-	if (param->op == ODP_CRYPTO_OP_ENCODE) {
+	if (param->session.op == ODP_CRYPTO_OP_ENCODE) {
 		/* copy hash first */
 		memcpy(ex->data + digest_offset,
 		       param->ref->digest,
@@ -472,6 +465,23 @@ static void check_output_packet_data(odp_packet_t pkt, expected_t *ex)
 	}
 }
 
+static int is_digest_in_cipher_range(const crypto_op_test_param_t *param,
+				     const odp_crypto_packet_op_param_t *op_params)
+{
+	/*
+	 * Do not use op_params.hash_result_offset here as it refers to
+	 * the output packet which (in the OOP case) might be shifted
+	 * relative to the input packet.
+	 */
+	uint32_t d_offset = param->digest_offset;
+
+	if (param->session.cipher_range_in_bits)
+		d_offset *= 8;
+
+	return d_offset >= op_params->cipher_range.offset &&
+		d_offset < op_params->cipher_range.offset + op_params->cipher_range.length;
+}
+
 void test_crypto_op(const crypto_op_test_param_t *param)
 {
 	odp_bool_t ok = false;
@@ -481,13 +491,14 @@ void test_crypto_op(const crypto_op_test_param_t *param)
 	test_packet_md_t md_in, md_out, md_out_orig;
 	expected_t expected;
 	odp_crypto_packet_op_param_t op_params = {
-		.session = param->session,
+		.session = param->session.session,
 		.cipher_iv_ptr = param->ref->cipher_iv,
 		.auth_iv_ptr = param->ref->auth_iv,
 		.hash_result_offset = param->digest_offset,
 		.aad_ptr = param->ref->aad,
 		.dst_offset_shift = param->oop_shift,
 	};
+	odp_bool_t failure_allowed = false;
 
 	/*
 	 * Test detection of wrong digest value in input packet
@@ -495,26 +506,34 @@ void test_crypto_op(const crypto_op_test_param_t *param)
 	 */
 	if (param->wrong_digest &&
 	    (param->ref->auth == ODP_AUTH_ALG_NULL ||
-	     param->op == ODP_CRYPTO_OP_ENCODE))
+	     param->session.op == ODP_CRYPTO_OP_ENCODE))
 		return;
 
 	prepare_crypto_ranges(param, &op_params.cipher_range, &op_params.auth_range);
 	if (prepare_input_packet(param, &pkt))
 		return;
 
-	if (param->op_type == ODP_CRYPTO_OP_TYPE_OOP) {
+	if (param->session.op_type == ODP_CRYPTO_OP_TYPE_OOP) {
 		prepare_oop_output_packet(param, &pkt_out, odp_packet_len(pkt));
 
 		pkt_copy = odp_packet_copy(pkt, suite_context.pool);
 		CU_ASSERT_FATAL(pkt_copy != ODP_PACKET_INVALID);
 		test_packet_get_md(pkt_out, &md_out_orig);
+
+		/* Non-zero-length ranges do not have to be supported. */
+		if ((param->ref->cipher == ODP_CIPHER_ALG_NULL &&
+		     op_params.cipher_range.length != 0))
+			failure_allowed = true;
+		if ((param->ref->auth == ODP_AUTH_ALG_NULL &&
+		     op_params.auth_range.length != 0))
+			failure_allowed = true;
 	}
 
 	prepare_expected_data(param, &op_params.cipher_range, &op_params.auth_range,
 			      pkt, pkt_out, &expected);
 
-	if (param->op_type == ODP_CRYPTO_OP_TYPE_OOP &&
-	    param->op == ODP_CRYPTO_OP_ENCODE) {
+	if (param->session.op_type == ODP_CRYPTO_OP_TYPE_OOP &&
+	    param->session.op == ODP_CRYPTO_OP_ENCODE) {
 		/*
 		 * In this type of sessions digest offset is an offset to the output
 		 * packet, so apply the shift.
@@ -525,12 +544,12 @@ void test_crypto_op(const crypto_op_test_param_t *param)
 	test_packet_set_md(pkt);
 	test_packet_get_md(pkt, &md_in);
 
-	if (crypto_op(pkt, &pkt_out, &ok, &op_params, param->op_type))
+	if (crypto_op(pkt, &pkt_out, &ok, &op_params, param->session.op_type))
 		return;
 
 	test_packet_get_md(pkt_out, &md_out);
 
-	if (param->op_type == ODP_CRYPTO_OP_TYPE_OOP) {
+	if (param->session.op_type == ODP_CRYPTO_OP_TYPE_OOP) {
 		test_packet_md_t md;
 
 		/* check that input packet has not changed */
@@ -548,17 +567,18 @@ void test_crypto_op(const crypto_op_test_param_t *param)
 
 	if (param->ref->cipher != ODP_CIPHER_ALG_NULL &&
 	    param->ref->auth != ODP_AUTH_ALG_NULL &&
-	    param->digest_offset >= op_params.cipher_range.offset &&
-	    param->digest_offset < op_params.cipher_range.offset + op_params.cipher_range.length) {
+	    is_digest_in_cipher_range(param, &op_params)) {
 		/*
 		 * Not all implementations support digest offset in cipher
 		 * range, so allow crypto op failure without further checks
 		 * in this case.
 		 */
-		if (!ok)
-			goto out;
+		failure_allowed = true;
 	}
 
+	if (!ok && failure_allowed)
+		goto out;
+
 	if (param->wrong_digest) {
 		CU_ASSERT(!ok);
 	} else {
diff --git a/test/validation/api/crypto/crypto_op_test.h b/test/validation/api/crypto/crypto_op_test.h
index 4b2f66c47..4f5957820 100644
--- a/test/validation/api/crypto/crypto_op_test.h
+++ b/test/validation/api/crypto/crypto_op_test.h
@@ -12,17 +12,21 @@
 #include <stdint.h>
 #include "test_vectors.h"
 
-typedef struct crypto_op_test_param_t {
+typedef struct crypto_session_t {
 	odp_crypto_session_t session;
 	odp_crypto_op_t op;
 	odp_crypto_op_type_t op_type;
+	odp_bool_t cipher_range_in_bits;
+	odp_bool_t auth_range_in_bits;
+} crypto_session_t;
+
+typedef struct crypto_op_test_param_t {
+	crypto_session_t session;
 	int32_t oop_shift;
 	crypto_test_reference_t *ref;
 	odp_packet_data_range_t cipher_range;
 	odp_packet_data_range_t auth_range;
 	uint32_t digest_offset;
-	odp_bool_t is_bit_mode_cipher;
-	odp_bool_t is_bit_mode_auth;
 	odp_bool_t adjust_segmentation;
 	odp_bool_t wrong_digest;
 	uint32_t first_seg_len;
diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c b/test/validation/api/crypto/odp_crypto_test_inp.c
index d7e2bd16b..0cc01b8e4 100644
--- a/test/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/validation/api/crypto/odp_crypto_test_inp.c
@@ -36,6 +36,8 @@ static void test_defaults(uint8_t fill)
 
 	CU_ASSERT_EQUAL(param.op, ODP_CRYPTO_OP_ENCODE);
 	CU_ASSERT_EQUAL(param.op_type, ODP_CRYPTO_OP_TYPE_LEGACY);
+	CU_ASSERT_EQUAL(param.cipher_range_in_bits, false);
+	CU_ASSERT_EQUAL(param.auth_range_in_bits, false);
 	CU_ASSERT_EQUAL(param.auth_cipher_text, false);
 	CU_ASSERT_EQUAL(param.op_mode, ODP_CRYPTO_SYNC);
 	CU_ASSERT_EQUAL(param.cipher_alg, ODP_CIPHER_ALG_NULL);
@@ -53,15 +55,10 @@ static void test_default_values(void)
 
 static void print_alg_test_param(const crypto_op_test_param_t *p)
 {
-	const char *cipher_mode = p->is_bit_mode_cipher ? "bit" : "byte";
+	const char *cipher_mode = p->session.cipher_range_in_bits ? "bit" : "byte";
+	const char *auth_mode   = p->session.auth_range_in_bits   ? "bit" : "byte";
 
-
-
-
-
-	const char *auth_mode = p->is_bit_mode_auth ? "bit" : "byte";
-
-	switch (p->op_type) {
+	switch (p->session.op_type) {
 	case ODP_CRYPTO_OP_TYPE_LEGACY:
 		printf("legacy ");
 		break;
@@ -72,7 +69,7 @@ static void print_alg_test_param(const crypto_op_test_param_t *p)
 		printf("out-of-place ");
 		break;
 	}
-	printf("%s\n", p->op == ODP_CRYPTO_OP_ENCODE ? "encode" : "decode");
+	printf("%s\n", p->session.op == ODP_CRYPTO_OP_ENCODE ? "encode" : "decode");
 
 	printf("cipher: %s, %s mode\n", cipher_alg_name(p->ref->cipher), cipher_mode);
 	printf("  key length: %d, iv length: %d\n",
@@ -93,7 +90,7 @@ static void print_alg_test_param(const crypto_op_test_param_t *p)
 	printf("header length: %d, trailer length: %d\n", p->header_len, p->trailer_len);
 	if (p->adjust_segmentation)
 		printf("segmentation adjusted, first_seg_len: %d\n", p->first_seg_len);
-	if (p->op_type == ODP_CRYPTO_OP_TYPE_OOP)
+	if (p->session.op_type == ODP_CRYPTO_OP_TYPE_OOP)
 		printf("oop_shift: %d\n", p->oop_shift);
 }
 
@@ -122,7 +119,7 @@ static void alg_test_op(crypto_op_test_param_t *param)
 
 	for (uint32_t n = 0; n < ARRAY_SIZE(oop_shifts); n++) {
 		if (oop_shifts[n] != 0 &&
-		    param->op_type != ODP_CRYPTO_OP_TYPE_OOP)
+		    param->session.op_type != ODP_CRYPTO_OP_TYPE_OOP)
 			continue;
 		if ((int32_t)param->header_len + oop_shifts[n] < 0)
 			continue;
@@ -150,13 +147,11 @@ typedef enum {
 	AUTH_PLAINTEXT
 } alg_order_t;
 
-static odp_crypto_session_t session_create(odp_crypto_op_t op,
-					   odp_crypto_op_type_t op_type,
-					   alg_order_t order,
-					   crypto_test_reference_t *ref,
-					   hash_test_mode_t hash_mode)
+static int session_create(crypto_session_t *session,
+			  alg_order_t order,
+			  crypto_test_reference_t *ref,
+			  hash_test_mode_t hash_mode)
 {
-	odp_crypto_session_t session = ODP_CRYPTO_SESSION_INVALID;
 	int rc;
 	odp_crypto_ses_create_err_t status;
 	odp_crypto_session_param_t ses_params;
@@ -176,8 +171,10 @@ static odp_crypto_session_t session_create(odp_crypto_op_t op,
 
 	/* Create a crypto session */
 	odp_crypto_session_param_init(&ses_params);
-	ses_params.op = op;
-	ses_params.op_type = op_type;
+	ses_params.op = session->op;
+	ses_params.op_type = session->op_type;
+	ses_params.cipher_range_in_bits = session->cipher_range_in_bits;
+	ses_params.auth_range_in_bits = session->auth_range_in_bits;
 	ses_params.auth_cipher_text = (order == AUTH_CIPHERTEXT);
 	ses_params.op_mode = suite_context.op_mode;
 	ses_params.cipher_alg = ref->cipher;
@@ -191,7 +188,7 @@ static odp_crypto_session_t session_create(odp_crypto_op_t op,
 	ses_params.auth_digest_len = ref->digest_length;
 	ses_params.auth_aad_len = ref->aad_length;
 	ses_params.hash_result_in_auth_range = (hash_mode == HASH_OVERLAP);
-	rc = odp_crypto_session_create(&ses_params, &session, &status);
+	rc = odp_crypto_session_create(&ses_params, &session->session, &status);
 
 	if (rc < 0 && status == ODP_CRYPTO_SES_ERR_ALG_COMBO) {
 		if (!combo_warning_shown) {
@@ -200,7 +197,7 @@ static odp_crypto_session_t session_create(odp_crypto_op_t op,
 			       cipher_alg_name(ref->cipher),
 			       auth_alg_name(ref->auth));
 		}
-		return ODP_CRYPTO_SESSION_INVALID;
+		return -1;
 	}
 
 	/*
@@ -214,21 +211,21 @@ static odp_crypto_session_t session_create(odp_crypto_op_t op,
 		       cipher_alg_name(ref->cipher),
 		       auth_alg_name(ref->auth),
 		       ses_params.auth_cipher_text);
-		return ODP_CRYPTO_SESSION_INVALID;
+		return -1;
 	}
 
 	/* For now, allow out-of-place sessions not to be supported. */
 	if (rc < 0 && status == ODP_CRYPTO_SES_ERR_PARAMS &&
-	    op_type == ODP_CRYPTO_OP_TYPE_OOP) {
+	    ses_params.op_type == ODP_CRYPTO_OP_TYPE_OOP) {
 		if (!oop_warning_shown)
 			printf("\n    Skipping ODP_CRYPTO_OP_TYPE_OOP tests\n");
 		oop_warning_shown = 1;
-		return ODP_CRYPTO_SESSION_INVALID;
+		return -1;
 	}
 
 	CU_ASSERT_FATAL(!rc);
 	CU_ASSERT(status == ODP_CRYPTO_SES_ERR_NONE);
-	CU_ASSERT(odp_crypto_session_to_u64(session) !=
+	CU_ASSERT(odp_crypto_session_to_u64(session->session) !=
 		  odp_crypto_session_to_u64(ODP_CRYPTO_SESSION_INVALID));
 
 	/*
@@ -239,7 +236,7 @@ static odp_crypto_session_t session_create(odp_crypto_op_t op,
 	memset(auth_key_data, 0, sizeof(auth_key_data));
 	memset(&ses_params, 0, sizeof(ses_params));
 
-	return session;
+	return 0;
 }
 
 static void alg_test_ses(odp_crypto_op_t op,
@@ -249,35 +246,32 @@ static void alg_test_ses(odp_crypto_op_t op,
 			 odp_packet_data_range_t cipher_range,
 			 odp_packet_data_range_t auth_range,
 			 uint32_t digest_offset,
-			 odp_bool_t is_bit_mode_cipher,
-			 odp_bool_t is_bit_mode_auth)
+			 odp_bool_t cipher_range_in_bits,
+			 odp_bool_t auth_range_in_bits)
 {
 	unsigned int initial_num_failures = CU_get_number_of_failures();
 	const uint32_t reflength = ref_length_in_bytes(ref);
+	const uint32_t auth_scale = auth_range_in_bits ? 8 : 1;
 	hash_test_mode_t hash_mode = HASH_NO_OVERLAP;
-	odp_crypto_session_t session;
 	int rc;
 	uint32_t seg_len;
 	uint32_t max_shift;
 	crypto_op_test_param_t test_param;
 
-	if (digest_offset >= auth_range.offset &&
-	    digest_offset < auth_range.offset + auth_range.length)
+	if (digest_offset * auth_scale >= auth_range.offset &&
+	    digest_offset * auth_scale < auth_range.offset + auth_range.length)
 		hash_mode = HASH_OVERLAP;
 
-	session = session_create(op, op_type, order, ref, hash_mode);
-	if (session == ODP_CRYPTO_SESSION_INVALID)
-		return;
-
 	memset(&test_param, 0, sizeof(test_param));
-	test_param.session = session;
-	test_param.op = op;
-	test_param.op_type = op_type;
+	test_param.session.op = op;
+	test_param.session.op_type = op_type;
+	test_param.session.cipher_range_in_bits = cipher_range_in_bits;
+	test_param.session.auth_range_in_bits = auth_range_in_bits;
+	if (session_create(&test_param.session, order, ref, hash_mode))
+		return;
 	test_param.ref = ref;
 	test_param.cipher_range = cipher_range;
 	test_param.auth_range = auth_range;
-	test_param.is_bit_mode_cipher = is_bit_mode_cipher;
-	test_param.is_bit_mode_auth = is_bit_mode_auth;
 	test_param.digest_offset = digest_offset;
 
 	alg_test_op(&test_param);
@@ -319,18 +313,18 @@ static void alg_test_ses(odp_crypto_op_t op,
 		alg_test_op(&test_param);
 	}
 
-	rc = odp_crypto_session_destroy(session);
+	rc = odp_crypto_session_destroy(test_param.session.session);
 	CU_ASSERT(!rc);
 }
 
-static void alg_test(odp_crypto_op_t op,
-		     alg_order_t order,
-		     crypto_test_reference_t *ref,
-		     odp_packet_data_range_t cipher_range,
-		     odp_packet_data_range_t auth_range,
-		     uint32_t digest_offset,
-		     odp_bool_t is_bit_mode_cipher,
-		     odp_bool_t is_bit_mode_auth)
+static void alg_test_op_types(odp_crypto_op_t op,
+			      alg_order_t order,
+			      crypto_test_reference_t *ref,
+			      odp_packet_data_range_t cipher_range,
+			      odp_packet_data_range_t auth_range,
+			      uint32_t digest_offset,
+			      odp_bool_t cipher_range_in_bits,
+			      odp_bool_t auth_range_in_bits)
 {
 	odp_crypto_op_type_t op_types[] = {
 		ODP_CRYPTO_OP_TYPE_LEGACY,
@@ -346,8 +340,47 @@ static void alg_test(odp_crypto_op_t op,
 			     cipher_range,
 			     auth_range,
 			     digest_offset,
-			     is_bit_mode_cipher,
-			     is_bit_mode_auth);
+			     cipher_range_in_bits,
+			     auth_range_in_bits);
+	}
+}
+
+static void alg_test(odp_crypto_op_t op,
+		     alg_order_t order,
+		     crypto_test_reference_t *ref,
+		     odp_packet_data_range_t cipher_bit_range,
+		     odp_packet_data_range_t auth_bit_range,
+		     uint32_t digest_offset,
+		     odp_bool_t is_bit_mode_cipher,
+		     odp_bool_t is_bit_mode_auth)
+{
+	odp_packet_data_range_t cipher_range;
+	odp_packet_data_range_t auth_range;
+
+	for (int cr_in_bits = 0; cr_in_bits <= 1; cr_in_bits++) {
+		if (!cr_in_bits && cipher_bit_range.length % 8 != 0)
+			continue;
+		if (cr_in_bits && !is_bit_mode_cipher)
+			continue;
+		for (int ar_in_bits = 0; ar_in_bits <= 1; ar_in_bits++) {
+			if (!ar_in_bits && auth_bit_range.length % 8 != 0)
+				continue;
+			if (ar_in_bits && !is_bit_mode_auth)
+				continue;
+
+			cipher_range = cipher_bit_range;
+			auth_range = auth_bit_range;
+			if (!cr_in_bits) {
+				cipher_range.offset /= 8;
+				cipher_range.length /= 8;
+			}
+			if (!ar_in_bits) {
+				auth_range.offset /= 8;
+				auth_range.length /= 8;
+			}
+			alg_test_op_types(op, order, ref, cipher_range, auth_range,
+					  digest_offset, cr_in_bits, ar_in_bits);
+		}
 	}
 }
 
@@ -404,8 +437,8 @@ static void check_alg(odp_crypto_op_t op,
 		odp_bool_t is_bit_mode_cipher = false;
 		odp_bool_t is_bit_mode_auth = false;
 		uint32_t digest_offs = ref_length_in_bytes(&ref[idx]);
-		odp_packet_data_range_t cipher_range = {.offset = 0};
-		odp_packet_data_range_t auth_range = {.offset = 0};
+		odp_packet_data_range_t cipher_bit_range = {.offset = 0};
+		odp_packet_data_range_t auth_bit_range = {.offset = 0};
 
 		if (ref_length_in_bits(&ref[idx]) % 8 != 0)
 			bit_mode_needed = true;
@@ -465,18 +498,14 @@ static void check_alg(odp_crypto_op_t op,
 			continue;
 		}
 
-		cipher_range.length = is_bit_mode_cipher ?
-			ref_length_in_bits(&ref[idx]) :
-			ref_length_in_bytes(&ref[idx]);
-		auth_range.length = is_bit_mode_auth ?
-			ref_length_in_bits(&ref[idx]) :
-			ref_length_in_bytes(&ref[idx]);
+		cipher_bit_range.length = ref_length_in_bits(&ref[idx]);
+		auth_bit_range.length = ref_length_in_bits(&ref[idx]);
 
 		alg_test(op, AUTH_PLAINTEXT, &ref[idx],
-			 cipher_range, auth_range, digest_offs,
+			 cipher_bit_range, auth_bit_range, digest_offs,
 			 is_bit_mode_cipher, is_bit_mode_auth);
 		alg_test(op, AUTH_CIPHERTEXT, &ref[idx],
-			 cipher_range, auth_range, digest_offs,
+			 cipher_bit_range, auth_bit_range, digest_offs,
 			 is_bit_mode_cipher, is_bit_mode_auth);
 
 		cipher_tested[cipher_idx] = true;
@@ -537,7 +566,7 @@ static int create_hash_test_reference(odp_auth_alg_t auth,
 				      uint32_t digest_offset,
 				      uint8_t digest_fill)
 {
-	odp_crypto_session_t session;
+	crypto_session_t session;
 	int rc;
 	odp_packet_t pkt;
 	odp_bool_t ok;
@@ -570,33 +599,33 @@ static int create_hash_test_reference(odp_auth_alg_t auth,
 	rc = odp_packet_copy_from_mem(pkt, 0, auth_bytes, ref->plaintext);
 	CU_ASSERT(rc == 0);
 
-	session = session_create(ODP_CRYPTO_OP_ENCODE,
-				 ODP_CRYPTO_OP_TYPE_LEGACY,
-				 AUTH_PLAINTEXT, ref, HASH_NO_OVERLAP);
-	if (session == ODP_CRYPTO_SESSION_INVALID)
+	session.op = ODP_CRYPTO_OP_ENCODE;
+	session.op_type = ODP_CRYPTO_OP_TYPE_LEGACY;
+	session.cipher_range_in_bits = false;
+	session.auth_range_in_bits = false;
+	if (session_create(&session, AUTH_PLAINTEXT, ref, HASH_NO_OVERLAP))
 		return -1;
 
 	odp_crypto_packet_op_param_t op_params = {
-		.session = session,
+		.session = session.session,
 		.cipher_iv_ptr = ref->cipher_iv,
 		.auth_iv_ptr = ref->auth_iv,
 		.hash_result_offset = enc_digest_offset,
 		.aad_ptr = ref->aad,
 		.cipher_range = {.offset = 0, .length = 0},
-		.auth_range = { .offset = 0,
-				.length = capa->bit_mode ? auth_bytes * 8 : auth_bytes },
+		.auth_range = { .offset = 0, .length = auth_bytes },
 		.dst_offset_shift = 0,
 	};
 	rc = crypto_op(pkt, &pkt, &ok, &op_params, ODP_CRYPTO_OP_TYPE_LEGACY);
 
 	CU_ASSERT(rc == 0);
 	if (rc) {
-		(void)odp_crypto_session_destroy(session);
+		(void)odp_crypto_session_destroy(session.session);
 		return -1;
 	}
 	CU_ASSERT(ok);
 
-	rc = odp_crypto_session_destroy(session);
+	rc = odp_crypto_session_destroy(session.session);
 	CU_ASSERT(rc == 0);
 
 	/* copy the processed packet to the ciphertext packet in ref */
@@ -624,8 +653,8 @@ static void test_auth_hash_in_auth_range(odp_auth_alg_t auth,
 {
 	static crypto_test_reference_t ref = {.length = 0};
 	uint32_t digest_offset = 13;
-	const odp_packet_data_range_t cipher_range = {.offset = 0, .length = 0};
-	odp_packet_data_range_t auth_range;
+	const odp_packet_data_range_t cipher_bit_range = {.offset = 0, .length = 0};
+	odp_packet_data_range_t auth_bit_range;
 
 	if (!full_test && capa->digest_len % 4 != 0)
 		return;
@@ -637,10 +666,8 @@ static void test_auth_hash_in_auth_range(odp_auth_alg_t auth,
 	if (create_hash_test_reference(auth, capa, &ref, digest_offset, 0))
 		return;
 
-	auth_range.offset = 0;
-	auth_range.length = capa->bit_mode ?
-		ref_length_in_bits(&ref) :
-		ref_length_in_bytes(&ref);
+	auth_bit_range.offset = 0;
+	auth_bit_range.length = ref_length_in_bits(&ref);
 
 	/*
 	 * Decode the ciphertext packet.
@@ -652,7 +679,7 @@ static void test_auth_hash_in_auth_range(odp_auth_alg_t auth,
 	alg_test(ODP_CRYPTO_OP_DECODE,
 		 order,
 		 &ref,
-		 cipher_range, auth_range,
+		 cipher_bit_range, auth_bit_range,
 		 digest_offset,
 		 false,
 		 capa->bit_mode);
@@ -664,10 +691,8 @@ static void test_auth_hash_in_auth_range(odp_auth_alg_t auth,
 	if (create_hash_test_reference(auth, capa, &ref, digest_offset, 1))
 		return;
 
-	auth_range.offset = 0;
-	auth_range.length = capa->bit_mode ?
-		ref_length_in_bits(&ref) :
-		ref_length_in_bytes(&ref);
+	auth_bit_range.offset = 0;
+	auth_bit_range.length = ref_length_in_bits(&ref);
 
 	/*
 	 * Encode the plaintext packet.
@@ -679,7 +704,7 @@ static void test_auth_hash_in_auth_range(odp_auth_alg_t auth,
 	alg_test(ODP_CRYPTO_OP_ENCODE,
 		 order,
 		 &ref,
-		 cipher_range, auth_range,
+		 cipher_bit_range, auth_bit_range,
 		 digest_offset,
 		 false,
 		 capa->bit_mode);
@@ -689,6 +714,7 @@ static void test_auth_hash_in_auth_range(odp_auth_alg_t auth,
  * Cipher algorithms that are not AEAD algorithms
  */
 static odp_cipher_alg_t cipher_algs[] = {
+	ODP_CIPHER_ALG_NULL,
 	ODP_CIPHER_ALG_DES,
 	ODP_CIPHER_ALG_3DES_CBC,
 	ODP_CIPHER_ALG_3DES_ECB,
@@ -704,10 +730,11 @@ static odp_cipher_alg_t cipher_algs[] = {
 };
 
 /*
- * Authentication algorithms and hashes that use auth_range
+ * Authentication algorithms and hashes that may use auth_range
  * parameter. AEAD algorithms are excluded.
  */
 static odp_auth_alg_t auth_algs[] = {
+	ODP_AUTH_ALG_NULL,
 	ODP_AUTH_ALG_MD5_HMAC,
 	ODP_AUTH_ALG_SHA1_HMAC,
 	ODP_AUTH_ALG_SHA224_HMAC,
@@ -763,7 +790,7 @@ static int crypto_encode_ref(crypto_test_reference_t *ref,
 	odp_packet_data_range_t zero_range = {.offset = 0, .length = 0};
 	odp_packet_t pkt;
 	int rc;
-	odp_crypto_session_t session;
+	crypto_session_t session;
 	odp_bool_t ok;
 
 	pkt = odp_packet_alloc(suite_context.pool, ref->length);
@@ -772,13 +799,11 @@ static int crypto_encode_ref(crypto_test_reference_t *ref,
 	rc = odp_packet_copy_from_mem(pkt, 0, ref->length, ref->plaintext);
 	CU_ASSERT(rc == 0);
 
-	session = session_create(ODP_CRYPTO_OP_ENCODE,
-				 ODP_CRYPTO_OP_TYPE_LEGACY,
-				 AUTH_PLAINTEXT,
-				 ref,
-				 HASH_OVERLAP);
-
-	if (session == ODP_CRYPTO_SESSION_INVALID) {
+	session.op = ODP_CRYPTO_OP_ENCODE;
+	session.op_type = ODP_CRYPTO_OP_TYPE_LEGACY;
+	session.cipher_range_in_bits = false;
+	session.auth_range_in_bits = false;
+	if (session_create(&session, AUTH_PLAINTEXT, ref, HASH_OVERLAP)) {
 		odp_packet_free(pkt);
 		return 1;
 	}
@@ -793,7 +818,7 @@ static int crypto_encode_ref(crypto_test_reference_t *ref,
 	CU_ASSERT_FATAL(hash_result_offset + ref->digest_length <= ref->length);
 
 	odp_crypto_packet_op_param_t op_params = {
-		.session = session,
+		.session = session.session,
 		.cipher_iv_ptr = ref->cipher_iv,
 		.auth_iv_ptr = ref->auth_iv,
 		.hash_result_offset = hash_result_offset,
@@ -805,12 +830,12 @@ static int crypto_encode_ref(crypto_test_reference_t *ref,
 	rc = crypto_op(pkt, &pkt, &ok, &op_params, ODP_CRYPTO_OP_TYPE_LEGACY);
 	CU_ASSERT(rc == 0);
 	if (rc) {
-		(void)odp_crypto_session_destroy(session);
+		(void)odp_crypto_session_destroy(session.session);
 		return -1;
 	}
 	CU_ASSERT(ok);
 
-	rc = odp_crypto_session_destroy(session);
+	rc = odp_crypto_session_destroy(session.session);
 	CU_ASSERT(rc == 0);
 
 	rc = odp_packet_copy_to_mem(pkt, 0, ref->length, ref->ciphertext);
@@ -834,8 +859,8 @@ typedef struct crypto_suite_t {
  */
 static int create_combined_ref(const crypto_suite_t *suite,
 			       crypto_test_reference_t *ref,
-			       odp_packet_data_range_t *cipher_range,
-			       odp_packet_data_range_t *auth_range,
+			       const odp_packet_data_range_t *cipher_range,
+			       const odp_packet_data_range_t *auth_range,
 			       uint32_t digest_offset)
 {
 	uint32_t total_len;
@@ -861,15 +886,6 @@ static int create_combined_ref(const crypto_suite_t *suite,
 	ref->is_length_in_bits = false;
 	ref->length = total_len;
 
-	if (suite->cipher_capa->bit_mode) {
-		cipher_range->offset *= 8;
-		cipher_range->length *= 8;
-	}
-	if (suite->auth_capa->bit_mode) {
-		auth_range->offset *= 8;
-		auth_range->length *= 8;
-	}
-
 	if (ref->auth_key_length > MAX_KEY_LEN ||
 	    ref->auth_iv_length > MAX_IV_LEN ||
 	    total_len > MAX_DATA_LEN ||
@@ -1189,6 +1205,11 @@ static void test_combo(const crypto_suite_t *suite,
 	if (rc)
 		return;
 
+	cipher_range.offset *= 8;
+	cipher_range.length *= 8;
+	auth_range.offset *= 8;
+	auth_range.length *= 8;
+
 	alg_test(ODP_CRYPTO_OP_ENCODE,
 		 suite->order,
 		 &ref,