test/crypto: add IPsec transport mode cases

[dpdk.git] / app / test / test_cryptodev.c
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c

index bc2490b..2adec1d 100644 (file)
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -18,6 +18,8 @@
  #include <rte_cryptodev.h>
  #include <rte_ip.h>
  #include <rte_string_fns.h>
+#include <rte_tcp.h>
+#include <rte_udp.h>
  
  #ifdef RTE_CRYPTO_SCHEDULER
  #include <rte_cryptodev_scheduler.h>
@@ -177,6 +179,10 @@ post_process_raw_dp_op(void *user_data,    uint32_t index __rte_unused,
                         RTE_CRYPTO_OP_STATUS_ERROR;
  }
  
+static struct crypto_testsuite_params testsuite_params = { NULL };
+struct crypto_testsuite_params *p_testsuite_params = &testsuite_params;
+static struct crypto_unittest_params unittest_params;
+
  void
  process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
                 struct rte_crypto_op *op, uint8_t is_cipher, uint8_t is_auth,
@@ -184,13 +190,14 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
  {
         struct rte_crypto_sym_op *sop = op->sym;
         struct rte_crypto_op *ret_op = NULL;
-       struct rte_crypto_vec data_vec[UINT8_MAX];
+       struct rte_crypto_vec data_vec[UINT8_MAX], dest_data_vec[UINT8_MAX];
         struct rte_crypto_va_iova_ptr cipher_iv, digest, aad_auth_iv;
         union rte_crypto_sym_ofs ofs;
         struct rte_crypto_sym_vec vec;
-       struct rte_crypto_sgl sgl;
+       struct rte_crypto_sgl sgl, dest_sgl;
         uint32_t max_len;
         union rte_cryptodev_session_ctx sess;
+       uint64_t auth_end_iova;
         uint32_t count = 0;
         struct rte_crypto_raw_dp_ctx *ctx;
         uint32_t cipher_offset = 0, cipher_len = 0, auth_offset = 0,
@@ -200,6 +207,8 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
         int ctx_service_size;
         int32_t status = 0;
         int enqueue_status, dequeue_status;
+       struct crypto_unittest_params *ut_params = &unittest_params;
+       int is_sgl = sop->m_src->nb_segs > 1;
  
         ctx_service_size = rte_cryptodev_get_raw_dp_ctx_size(dev_id);
         if (ctx_service_size < 0) {
@@ -230,7 +239,7 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
         digest.va = NULL;
         sgl.vec = data_vec;
         vec.num = 1;
-       vec.sgl = &sgl;
+       vec.src_sgl = &sgl;
         vec.iv = &cipher_iv;
         vec.digest = &digest;
         vec.aad = &aad_auth_iv;
@@ -265,6 +274,28 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
                 digest.va = (void *)sop->auth.digest.data;
                 digest.iova = sop->auth.digest.phys_addr;
  
+               if (is_sgl) {
+                       uint32_t remaining_off = auth_offset + auth_len;
+                       struct rte_mbuf *sgl_buf = sop->m_src;
+
+                       while (remaining_off >= rte_pktmbuf_data_len(sgl_buf)
+                                       && sgl_buf->next != NULL) {
+                               remaining_off -= rte_pktmbuf_data_len(sgl_buf);
+                               sgl_buf = sgl_buf->next;
+                       }
+
+                       auth_end_iova = (uint64_t)rte_pktmbuf_iova_offset(
+                               sgl_buf, remaining_off);
+               } else {
+                       auth_end_iova = rte_pktmbuf_iova(op->sym->m_src) +
+                                                        auth_offset + auth_len;
+               }
+               /* Then check if digest-encrypted conditions are met */
+               if ((auth_offset + auth_len < cipher_offset + cipher_len) &&
+                               (digest.iova == auth_end_iova) && is_sgl)
+                       max_len = RTE_MAX(max_len, auth_offset + auth_len +
+                               ut_params->auth_xform.auth.digest_length);
+
         } else if (is_cipher) {
                 cipher_offset = sop->cipher.data.offset;
                 cipher_len = sop->cipher.data.length;
@@ -324,6 +355,19 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
         }
  
         sgl.num = n;
+       /* Out of place */
+       if (sop->m_dst != NULL) {
+               dest_sgl.vec = dest_data_vec;
+               vec.dest_sgl = &dest_sgl;
+               n = rte_crypto_mbuf_to_vec(sop->m_dst, 0, max_len,
+                               dest_data_vec, RTE_DIM(dest_data_vec));
+               if (n < 0 || n > sop->m_dst->nb_segs) {
+                       op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+                       goto exit;
+               }
+               dest_sgl.num = n;
+       } else
+               vec.dest_sgl = NULL;
  
         if (rte_cryptodev_raw_enqueue_burst(ctx, &vec, ofs, (void **)&op,
                         &enqueue_status) < 1) {
@@ -364,6 +408,7 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
         }
  
         op->status = (count == MAX_RAW_DEQUEUE_COUNT + 1 || ret_op != op ||
+                       ret_op->status == RTE_CRYPTO_OP_STATUS_ERROR ||
                         n_success < 1) ? RTE_CRYPTO_OP_STATUS_ERROR :
                                         RTE_CRYPTO_OP_STATUS_SUCCESS;
  
@@ -394,7 +439,7 @@ process_cpu_aead_op(uint8_t dev_id, struct rte_crypto_op *op)
  
         sgl.vec = vec;
         sgl.num = n;
-       symvec.sgl = &sgl;
+       symvec.src_sgl = &sgl;
         symvec.iv = &iv_ptr;
         symvec.digest = &digest_ptr;
         symvec.aad = &aad_ptr;
@@ -440,7 +485,7 @@ process_cpu_crypt_auth_op(uint8_t dev_id, struct rte_crypto_op *op)
  
         sgl.vec = vec;
         sgl.num = n;
-       symvec.sgl = &sgl;
+       symvec.src_sgl = &sgl;
         symvec.iv = &iv_ptr;
         symvec.digest = &digest_ptr;
         symvec.status = &st;
@@ -487,10 +532,6 @@ process_crypto_request(uint8_t dev_id, struct rte_crypto_op *op)
         return op;
  }
  
-static struct crypto_testsuite_params testsuite_params = { NULL };
-struct crypto_testsuite_params *p_testsuite_params = &testsuite_params;
-static struct crypto_unittest_params unittest_params;
-
  static int
  testsuite_setup(void)
  {
@@ -794,6 +835,8 @@ ipsec_proto_testsuite_setup(void)
                 ret = TEST_SKIPPED;
         }
  
+       test_ipsec_alg_list_populate();
+
         /*
          * Stop the device. Device would be started again by individual test
          * case setup routine.
@@ -858,13 +901,13 @@ docsis_proto_testsuite_setup(void)
         if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
                         !(dev_info.feature_flags &
                         RTE_CRYPTODEV_FF_SECURITY)) {
-               RTE_LOG(INFO, USER1, "Feature flag requirements for Docsis "
+               RTE_LOG(INFO, USER1, "Feature flag requirements for DOCSIS "
                                 "Proto testsuite not met\n");
                 return TEST_SKIPPED;
         }
  
         if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0) {
-               RTE_LOG(INFO, USER1, "Capability requirements for Docsis Proto "
+               RTE_LOG(INFO, USER1, "Capability requirements for DOCSIS Proto "
                                 "testsuite not met\n");
                 return TEST_SKIPPED;
         }
@@ -1376,7 +1419,6 @@ ut_teardown(void)
  {
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         struct crypto_unittest_params *ut_params = &unittest_params;
-       struct rte_cryptodev_stats stats;
  
         /* free crypto session structure */
  #ifdef RTE_LIB_SECURITY
@@ -1423,8 +1465,6 @@ ut_teardown(void)
                 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
                         rte_mempool_avail_count(ts_params->mbuf_pool));
  
-       rte_cryptodev_stats_get(ts_params->valid_devs[0], &stats);
-
         /* Stop the device */
         rte_cryptodev_stop(ts_params->valid_devs[0]);
  }
@@ -2097,6 +2137,7 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
  {
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         struct crypto_unittest_params *ut_params = &unittest_params;
+       int status;
  
         /* Verify the capabilities */
         struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -2143,12 +2184,17 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
  
         ut_params->sess = rte_cryptodev_sym_session_create(
                         ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
  
         /* Create crypto session*/
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                         ut_params->sess, &ut_params->cipher_xform,
                         ts_params->session_priv_mpool);
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
+
+       TEST_ASSERT_EQUAL(status, 0, "Session init failed");
  
         /* Generate crypto op data structure */
         ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -2403,6 +2449,9 @@ create_wireless_algo_hash_session(uint8_t dev_id,
         status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                         &ut_params->auth_xform,
                         ts_params->session_priv_mpool);
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
+
         TEST_ASSERT_EQUAL(status, 0, "session init failed");
         TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
         return 0;
@@ -2442,6 +2491,9 @@ create_wireless_algo_cipher_session(uint8_t dev_id,
         status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                         &ut_params->cipher_xform,
                         ts_params->session_priv_mpool);
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
+
         TEST_ASSERT_EQUAL(status, 0, "session init failed");
         TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
         return 0;
@@ -4055,9 +4107,9 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata)
  
         /* Create KASUMI operation */
         retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
-                                       tdata->cipher_iv.len,
-                                       tdata->ciphertext.len,
-                                       tdata->validCipherOffsetInBits.len);
+                       tdata->cipher_iv.len,
+                       RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8),
+                       tdata->validCipherOffsetInBits.len);
         if (retval < 0)
                 return retval;
  
@@ -4189,6 +4241,16 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
         int retval;
         unsigned plaintext_pad_len;
         unsigned plaintext_len;
+       struct rte_cryptodev_info dev_info;
+
+       rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+       uint64_t feat_flags = dev_info.feature_flags;
+
+       if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+                       (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+               printf("Device does not support RAW data-path APIs.\n");
+               return -ENOTSUP;
+       }
  
         /* Verify the capabilities */
         struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -4244,7 +4306,11 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata)
         if (retval < 0)
                 return retval;
  
-       ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+       if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+               process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+                       ut_params->op, 1, 0, 1, tdata->cipher_iv.len);
+       else
+               ut_params->op = process_crypto_request(ts_params->valid_devs[0],
                                                 ut_params->op);
         TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
  
@@ -4304,6 +4370,12 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
                 return TEST_SKIPPED;
         }
  
+       if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+                       (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+               printf("Device does not support RAW data-path APIs.\n");
+               return -ENOTSUP;
+       }
+
         /* Create SNOW 3G session */
         retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
                                         RTE_CRYPTO_CIPHER_OP_ENCRYPT,
@@ -4338,7 +4410,11 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
         if (retval < 0)
                 return retval;
  
-       ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+       if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+               process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+                       ut_params->op, 1, 0, 1, tdata->cipher_iv.len);
+       else
+               ut_params->op = process_crypto_request(ts_params->valid_devs[0],
                                                 ut_params->op);
         TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
  
@@ -4465,7 +4541,11 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata)
         if (retval < 0)
                 return retval;
  
-       ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+       if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+               process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+                       ut_params->op, 1, 0, 1, tdata->cipher_iv.len);
+       else
+               ut_params->op = process_crypto_request(ts_params->valid_devs[0],
                                                 ut_params->op);
         TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
  
@@ -4596,7 +4676,16 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
         uint8_t *plaintext, *ciphertext;
         unsigned ciphertext_pad_len;
         unsigned ciphertext_len;
+       struct rte_cryptodev_info dev_info;
  
+       rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+       uint64_t feat_flags = dev_info.feature_flags;
+
+       if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+                       (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+               printf("Device does not support RAW data-path APIs.\n");
+               return -ENOTSUP;
+       }
         /* Verify the capabilities */
         struct rte_cryptodev_sym_capability_idx cap_idx;
         cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
@@ -4654,7 +4743,11 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata)
         if (retval < 0)
                 return retval;
  
-       ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+       if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+               process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+                       ut_params->op, 1, 0, 1, tdata->cipher_iv.len);
+       else
+               ut_params->op = process_crypto_request(ts_params->valid_devs[0],
                                                 ut_params->op);
         TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
         ut_params->obuf = ut_params->op->sym->m_dst;
@@ -5819,6 +5912,61 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata)
         return 0;
  }
  
+static int
+check_cipher_capability(const struct crypto_testsuite_params *ts_params,
+                       const enum rte_crypto_cipher_algorithm cipher_algo,
+                       const uint16_t key_size, const uint16_t iv_size)
+{
+       struct rte_cryptodev_sym_capability_idx cap_idx;
+       const struct rte_cryptodev_symmetric_capability *cap;
+
+       /* Check if device supports the algorithm */
+       cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+       cap_idx.algo.cipher = cipher_algo;
+
+       cap = rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
+                       &cap_idx);
+
+       if (cap == NULL)
+               return -1;
+
+       /* Check if device supports key size and IV size */
+       if (rte_cryptodev_sym_capability_check_cipher(cap, key_size,
+                       iv_size) < 0) {
+               return -1;
+       }
+
+       return 0;
+}
+
+static int
+check_auth_capability(const struct crypto_testsuite_params *ts_params,
+                       const enum rte_crypto_auth_algorithm auth_algo,
+                       const uint16_t key_size, const uint16_t iv_size,
+                       const uint16_t tag_size)
+{
+       struct rte_cryptodev_sym_capability_idx cap_idx;
+       const struct rte_cryptodev_symmetric_capability *cap;
+
+       /* Check if device supports the algorithm */
+       cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+       cap_idx.algo.auth = auth_algo;
+
+       cap = rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
+                       &cap_idx);
+
+       if (cap == NULL)
+               return -1;
+
+       /* Check if device supports key size and IV size */
+       if (rte_cryptodev_sym_capability_check_auth(cap, key_size,
+                       tag_size, iv_size) < 0) {
+               return -1;
+       }
+
+       return 0;
+}
+
  static int
  test_zuc_encryption(const struct wireless_test_data *tdata)
  {
@@ -5843,14 +5991,9 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
         if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)
                 return TEST_SKIPPED;
  
-       struct rte_cryptodev_sym_capability_idx cap_idx;
-
         /* Check if device supports ZUC EEA3 */
-       cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-       cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_ZUC_EEA3;
-
-       if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
-                       &cap_idx) == NULL)
+       if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3,
+                       tdata->key.len, tdata->cipher_iv.len) < 0)
                 return TEST_SKIPPED;
  
         /* Create ZUC session */
@@ -5859,7 +6002,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata)
                                         RTE_CRYPTO_CIPHER_ZUC_EEA3,
                                         tdata->key.data, tdata->key.len,
                                         tdata->cipher_iv.len);
-       if (retval < 0)
+       if (retval != 0)
                 return retval;
  
         ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -5925,14 +6068,9 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
         uint8_t ciphertext_buffer[2048];
         struct rte_cryptodev_info dev_info;
  
-       struct rte_cryptodev_sym_capability_idx cap_idx;
-
         /* Check if device supports ZUC EEA3 */
-       cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-       cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_ZUC_EEA3;
-
-       if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
-                       &cap_idx) == NULL)
+       if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3,
+                       tdata->key.len, tdata->cipher_iv.len) < 0)
                 return TEST_SKIPPED;
  
         if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)
@@ -6026,7 +6164,6 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
         unsigned plaintext_len;
         uint8_t *plaintext;
  
-       struct rte_cryptodev_sym_capability_idx cap_idx;
         struct rte_cryptodev_info dev_info;
  
         rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
@@ -6048,11 +6185,9 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
                 return TEST_SKIPPED;
  
         /* Check if device supports ZUC EIA3 */
-       cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-       cap_idx.algo.auth = RTE_CRYPTO_AUTH_ZUC_EIA3;
-
-       if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
-                       &cap_idx) == NULL)
+       if (check_auth_capability(ts_params, RTE_CRYPTO_AUTH_ZUC_EIA3,
+                       tdata->key.len, tdata->auth_iv.len,
+                       tdata->digest.len) < 0)
                 return TEST_SKIPPED;
  
         /* Create ZUC session */
@@ -6061,7 +6196,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
                         tdata->auth_iv.len, tdata->digest.len,
                         RTE_CRYPTO_AUTH_OP_GENERATE,
                         RTE_CRYPTO_AUTH_ZUC_EIA3);
-       if (retval < 0)
+       if (retval != 0)
                 return retval;
  
         /* alloc mbuf and set payload */
@@ -6124,14 +6259,16 @@ test_zuc_auth_cipher(const struct wireless_test_data *tdata,
         unsigned int ciphertext_len;
  
         struct rte_cryptodev_info dev_info;
-       struct rte_cryptodev_sym_capability_idx cap_idx;
  
-       /* Check if device supports ZUC EIA3 */
-       cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-       cap_idx.algo.auth = RTE_CRYPTO_AUTH_ZUC_EIA3;
+       /* Check if device supports ZUC EEA3 */
+       if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3,
+                       tdata->key.len, tdata->cipher_iv.len) < 0)
+               return TEST_SKIPPED;
  
-       if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
-                       &cap_idx) == NULL)
+       /* Check if device supports ZUC EIA3 */
+       if (check_auth_capability(ts_params, RTE_CRYPTO_AUTH_ZUC_EIA3,
+                       tdata->key.len, tdata->auth_iv.len,
+                       tdata->digest.len) < 0)
                 return TEST_SKIPPED;
  
         rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
@@ -6200,20 +6337,20 @@ test_zuc_auth_cipher(const struct wireless_test_data *tdata,
                 ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
                                         ciphertext_pad_len);
                 memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
-               if (op_mode == OUT_OF_PLACE)
-                       rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
                 debug_hexdump(stdout, "ciphertext:", ciphertext,
                         ciphertext_len);
         } else {
+               /* make sure enough space to cover partial digest verify case */
                 plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-                                       plaintext_pad_len);
+                                       ciphertext_pad_len);
                 memcpy(plaintext, tdata->plaintext.data, plaintext_len);
-               if (op_mode == OUT_OF_PLACE)
-                       rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
                 debug_hexdump(stdout, "plaintext:", plaintext,
                         plaintext_len);
         }
  
+       if (op_mode == OUT_OF_PLACE)
+               rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+
         /* Create ZUC operation */
         retval = create_wireless_algo_auth_cipher_operation(
                 tdata->digest.data, tdata->digest.len,
@@ -6322,14 +6459,16 @@ test_zuc_auth_cipher_sgl(const struct wireless_test_data *tdata,
         uint8_t digest_buffer[10000];
  
         struct rte_cryptodev_info dev_info;
-       struct rte_cryptodev_sym_capability_idx cap_idx;
  
-       /* Check if device supports ZUC EIA3 */
-       cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-       cap_idx.algo.auth = RTE_CRYPTO_AUTH_ZUC_EIA3;
+       /* Check if device supports ZUC EEA3 */
+       if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3,
+                       tdata->key.len, tdata->cipher_iv.len) < 0)
+               return TEST_SKIPPED;
  
-       if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
-                       &cap_idx) == NULL)
+       /* Check if device supports ZUC EIA3 */
+       if (check_auth_capability(ts_params, RTE_CRYPTO_AUTH_ZUC_EIA3,
+                       tdata->key.len, tdata->auth_iv.len,
+                       tdata->digest.len) < 0)
                 return TEST_SKIPPED;
  
         rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
@@ -6733,7 +6872,7 @@ test_snow3g_decryption_with_digest_test_case_1(void)
         }
  
         /*
-        * Function prepare data for hash veryfication test case.
+        * Function prepare data for hash verification test case.
          * Digest is allocated in 4 last bytes in plaintext, pattern.
          */
         snow3g_hash_test_vector_setup(&snow3g_test_case_7, &snow3g_hash_data);
@@ -7055,6 +7194,24 @@ test_zuc_hash_generate_test_case_8(void)
         return test_zuc_authentication(&zuc_test_case_auth_584b);
  }
  
+static int
+test_zuc_hash_generate_test_case_9(void)
+{
+       return test_zuc_authentication(&zuc_test_case_auth_4000b_mac_32b);
+}
+
+static int
+test_zuc_hash_generate_test_case_10(void)
+{
+       return test_zuc_authentication(&zuc_test_case_auth_4000b_mac_64b);
+}
+
+static int
+test_zuc_hash_generate_test_case_11(void)
+{
+       return test_zuc_authentication(&zuc_test_case_auth_4000b_mac_128b);
+}
+
  static int
  test_zuc_cipher_auth_test_case_1(void)
  {
@@ -7123,6 +7280,30 @@ test_zuc_auth_cipher_verify_test_case_1_oop_sgl(void)
                 &zuc_auth_cipher_test_case_1, OUT_OF_PLACE, 1);
  }
  
+static int
+test_zuc256_encryption_test_case_1(void)
+{
+       return test_zuc_encryption(&zuc256_test_case_cipher_1);
+}
+
+static int
+test_zuc256_encryption_test_case_2(void)
+{
+       return test_zuc_encryption(&zuc256_test_case_cipher_2);
+}
+
+static int
+test_zuc256_authentication_test_case_1(void)
+{
+       return test_zuc_authentication(&zuc256_test_case_auth_1);
+}
+
+static int
+test_zuc256_authentication_test_case_2(void)
+{
+       return test_zuc_authentication(&zuc256_test_case_auth_2);
+}
+
  static int
  test_mixed_check_if_unsupported(const struct mixed_cipher_auth_test_data *tdata)
  {
@@ -7224,19 +7405,19 @@ test_mixed_auth_cipher(const struct mixed_cipher_auth_test_data *tdata,
                 ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
                                 ciphertext_pad_len);
                 memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
-               if (op_mode == OUT_OF_PLACE)
-                       rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
                 debug_hexdump(stdout, "ciphertext:", ciphertext,
                                 ciphertext_len);
         } else {
+               /* make sure enough space to cover partial digest verify case */
                 plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-                               plaintext_pad_len);
+                               ciphertext_pad_len);
                 memcpy(plaintext, tdata->plaintext.data, plaintext_len);
-               if (op_mode == OUT_OF_PLACE)
-                       rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
                 debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
         }
  
+       if (op_mode == OUT_OF_PLACE)
+               rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+
         /* Create the operation */
         retval = create_wireless_algo_auth_cipher_operation(
                         tdata->digest_enc.data, tdata->digest_enc.len,
@@ -7308,27 +7489,30 @@ test_mixed_auth_cipher(const struct mixed_cipher_auth_test_data *tdata,
                                 tdata->digest_enc.len);
         }
  
-       /* Validate obuf */
-       if (verify) {
-               TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
-                               plaintext,
-                               tdata->plaintext.data,
-                               tdata->plaintext.len_bits >> 3,
-                               "Plaintext data not as expected");
-       } else {
-               TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
-                               ciphertext,
-                               tdata->ciphertext.data,
-                               tdata->validDataLen.len_bits,
-                               "Ciphertext data not as expected");
-
+       if (!verify) {
                 TEST_ASSERT_BUFFERS_ARE_EQUAL(
                                 ut_params->digest,
                                 tdata->digest_enc.data,
-                               DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
+                               tdata->digest_enc.len,
                                 "Generated auth tag not as expected");
         }
  
+       if (tdata->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
+               if (verify) {
+                       TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+                                       plaintext,
+                                       tdata->plaintext.data,
+                                       tdata->plaintext.len_bits >> 3,
+                                       "Plaintext data not as expected");
+               } else {
+                       TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+                                       ciphertext,
+                                       tdata->ciphertext.data,
+                                       tdata->validDataLen.len_bits,
+                                       "Ciphertext data not as expected");
+               }
+       }
+
         TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
                         "crypto op processing failed");
  
@@ -7525,19 +7709,7 @@ test_mixed_auth_cipher_sgl(const struct mixed_cipher_auth_test_data *tdata,
                                 tdata->digest_enc.data, tdata->digest_enc.len);
         }
  
-       /* Validate obuf */
-       if (verify) {
-               TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
-                               plaintext,
-                               tdata->plaintext.data,
-                               tdata->plaintext.len_bits >> 3,
-                               "Plaintext data not as expected");
-       } else {
-               TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
-                               ciphertext,
-                               tdata->ciphertext.data,
-                               tdata->validDataLen.len_bits,
-                               "Ciphertext data not as expected");
+       if (!verify) {
                 TEST_ASSERT_BUFFERS_ARE_EQUAL(
                                 digest,
                                 tdata->digest_enc.data,
@@ -7545,6 +7717,22 @@ test_mixed_auth_cipher_sgl(const struct mixed_cipher_auth_test_data *tdata,
                                 "Generated auth tag not as expected");
         }
  
+       if (tdata->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
+               if (verify) {
+                       TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+                                       plaintext,
+                                       tdata->plaintext.data,
+                                       tdata->plaintext.len_bits >> 3,
+                                       "Plaintext data not as expected");
+               } else {
+                       TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+                                       ciphertext,
+                                       tdata->ciphertext.data,
+                                       tdata->validDataLen.len_bits,
+                                       "Ciphertext data not as expected");
+               }
+       }
+
         TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
                         "crypto op processing failed");
  
@@ -7789,6 +7977,7 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
                 uint8_t iv_len)
  {
         uint8_t aead_key[key_len];
+       int status;
  
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7812,14 +8001,13 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
         /* Create Crypto session*/
         ut_params->sess = rte_cryptodev_sym_session_create(
                         ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
  
-       rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+       status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                         &ut_params->aead_xform,
                         ts_params->session_priv_mpool);
  
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-       return 0;
+       return status;
  }
  
  static int
@@ -8355,10 +8543,21 @@ test_pdcp_proto_SGL(int i, int oop,
         int to_trn_tbl[16];
         int segs = 1;
         unsigned int trn_data = 0;
+       struct rte_cryptodev_info dev_info;
+       uint64_t feat_flags;
         struct rte_security_ctx *ctx = (struct rte_security_ctx *)
                                 rte_cryptodev_get_sec_ctx(
                                 ts_params->valid_devs[0]);
+       struct rte_mbuf *temp_mbuf;
  
+       rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+       feat_flags = dev_info.feature_flags;
+
+       if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+                       (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+               printf("Device does not support RAW data-path APIs.\n");
+               return -ENOTSUP;
+       }
         /* Verify the capabilities */
         struct rte_security_capability_idx sec_cap_idx;
  
@@ -8542,8 +8741,23 @@ test_pdcp_proto_SGL(int i, int oop,
                 ut_params->op->sym->m_dst = ut_params->obuf;
  
         /* Process crypto operation */
-       if (process_crypto_request(ts_params->valid_devs[0], ut_params->op)
-               == NULL) {
+       temp_mbuf = ut_params->op->sym->m_src;
+       if (global_api_test_type == CRYPTODEV_RAW_API_TEST) {
+               /* filling lengths */
+               while (temp_mbuf) {
+                       ut_params->op->sym->cipher.data.length
+                               += temp_mbuf->pkt_len;
+                       ut_params->op->sym->auth.data.length
+                               += temp_mbuf->pkt_len;
+                       temp_mbuf = temp_mbuf->next;
+               }
+               process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+                       ut_params->op, 1, 1, 0, 0);
+       } else {
+               ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+                                                       ut_params->op);
+       }
+       if (ut_params->op == NULL) {
                 printf("TestCase %s()-%d line %d failed %s: ",
                         __func__, i, __LINE__,
                         "failed to process sym crypto op");
@@ -8911,6 +9125,10 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
                          bool silent,
                          const struct ipsec_test_flags *flags)
  {
+       uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000,
+                               0x0000, 0x001a};
+       uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174,
+                               0xe82c, 0x4887};
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         struct crypto_unittest_params *ut_params = &unittest_params;
         struct rte_security_capability_idx sec_cap_idx;
@@ -8924,6 +9142,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
         int salt_len, i, ret = TEST_SUCCESS;
         struct rte_security_ctx *ctx;
         uint8_t *input_text;
+       uint32_t verify;
  
         ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
         gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
@@ -8933,10 +9152,30 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
         /* Copy IPsec xform */
         memcpy(&ipsec_xform, &td[0].ipsec_xform, sizeof(ipsec_xform));
  
-       memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
-       memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
-
         dir = ipsec_xform.direction;
+       verify = flags->tunnel_hdr_verify;
+
+       if ((dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && verify) {
+               if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR)
+                       src += 1;
+               else if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR)
+                       dst += 1;
+       }
+
+       if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+               if (td->ipsec_xform.tunnel.type ==
+                               RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+                       memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src,
+                              sizeof(src));
+                       memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
+                              sizeof(dst));
+               } else {
+                       memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+                              sizeof(v6_src));
+                       memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+                              sizeof(v6_dst));
+               }
+       }
  
         ctx = rte_cryptodev_get_sec_ctx(dev_id);
  
@@ -8970,23 +9209,59 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
                         return TEST_SKIPPED;
                 }
         } else {
-               /* Only AEAD supported now */
-               return TEST_SKIPPED;
-       }
+               memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher,
+                      sizeof(ut_params->cipher_xform));
+               memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth,
+                      sizeof(ut_params->auth_xform));
+               ut_params->cipher_xform.cipher.key.data = td[0].key.data;
+               ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+               ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
  
-       if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0)
-               return TEST_SKIPPED;
+               /* Verify crypto capabilities */
  
-       salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
-       memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
+               if (test_ipsec_crypto_caps_cipher_verify(
+                               sec_cap,
+                               &ut_params->cipher_xform) != 0) {
+                       if (!silent)
+                               RTE_LOG(INFO, USER1,
+                                       "Cipher crypto capabilities not supported\n");
+                       return TEST_SKIPPED;
+               }
+
+               if (test_ipsec_crypto_caps_auth_verify(
+                               sec_cap,
+                               &ut_params->auth_xform) != 0) {
+                       if (!silent)
+                               RTE_LOG(INFO, USER1,
+                                       "Auth crypto capabilities not supported\n");
+                       return TEST_SKIPPED;
+               }
+       }
+
+       if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0)
+               return TEST_SKIPPED;
  
         struct rte_security_session_conf sess_conf = {
                 .action_type = ut_params->type,
                 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
-               .ipsec = ipsec_xform,
-               .crypto_xform = &ut_params->aead_xform,
         };
  
+       if (td[0].aead) {
+               salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
+               memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
+               sess_conf.ipsec = ipsec_xform;
+               sess_conf.crypto_xform = &ut_params->aead_xform;
+       } else {
+               sess_conf.ipsec = ipsec_xform;
+               if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+                       sess_conf.crypto_xform = &ut_params->cipher_xform;
+                       ut_params->cipher_xform.next = &ut_params->auth_xform;
+               } else {
+                       sess_conf.crypto_xform = &ut_params->auth_xform;
+                       ut_params->auth_xform.next = &ut_params->cipher_xform;
+               }
+       }
+
         /* Create security session */
         ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
                                         ts_params->session_mpool,
@@ -9026,10 +9301,26 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
                 ut_params->op->sym->m_src = ut_params->ibuf;
                 ut_params->op->sym->m_dst = NULL;
  
+               /* Copy IV in crypto operation when IV generation is disabled */
+               if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+                   ipsec_xform.options.iv_gen_disable == 1) {
+                       uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op,
+                                                               uint8_t *,
+                                                               IV_OFFSET);
+                       int len;
+
+                       if (td[i].aead)
+                               len = td[i].xform.aead.aead.iv.length;
+                       else
+                               len = td[i].xform.chain.cipher.cipher.iv.length;
+
+                       memcpy(iv, td[i].iv.data, len);
+               }
+
                 /* Process crypto operation */
                 process_crypto_request(dev_id, ut_params->op);
  
-               ret = test_ipsec_status_check(ut_params->op, flags, dir);
+               ret = test_ipsec_status_check(ut_params->op, flags, dir, i + 1);
                 if (ret != TEST_SUCCESS)
                         goto crypto_op_free;
  
@@ -9063,18 +9354,55 @@ crypto_op_free:
  }
  
  static int
-test_ipsec_proto_known_vec_inb(const void *td_outb)
+test_ipsec_proto_known_vec(const void *test_data)
+{
+       struct ipsec_test_data td_outb;
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       memcpy(&td_outb, test_data, sizeof(td_outb));
+
+       /* Disable IV gen to be able to test with known vectors */
+       td_outb.ipsec_xform.options.iv_gen_disable = 1;
+
+       return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
+}
+
+static int
+test_ipsec_proto_known_vec_inb(const void *test_data)
  {
+       const struct ipsec_test_data *td = test_data;
         struct ipsec_test_flags flags;
         struct ipsec_test_data td_inb;
  
         memset(&flags, 0, sizeof(flags));
  
-       test_ipsec_td_in_from_out(td_outb, &td_inb);
+       if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+               test_ipsec_td_in_from_out(td, &td_inb);
+       else
+               memcpy(&td_inb, td, sizeof(td_inb));
  
         return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags);
  }
  
+static int
+test_ipsec_proto_known_vec_fragmented(const void *test_data)
+{
+       struct ipsec_test_data td_outb;
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+       flags.fragment = true;
+
+       memcpy(&td_outb, test_data, sizeof(td_outb));
+
+       /* Disable IV gen to be able to test with known vectors */
+       td_outb.ipsec_xform.options.iv_gen_disable = 1;
+
+       return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
+}
+
  static int
  test_ipsec_proto_all(const struct ipsec_test_flags *flags)
  {
@@ -9083,12 +9411,14 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
         unsigned int i, nb_pkts = 1, pass_cnt = 0;
         int ret;
  
-       if (flags->iv_gen)
+       if (flags->iv_gen ||
+           flags->sa_expiry_pkts_soft ||
+           flags->sa_expiry_pkts_hard)
                 nb_pkts = IPSEC_TEST_PACKETS_MAX;
  
-       for (i = 0; i < RTE_DIM(aead_list); i++) {
-               test_ipsec_td_prepare(&aead_list[i],
-                                     NULL,
+       for (i = 0; i < RTE_DIM(alg_list); i++) {
+               test_ipsec_td_prepare(alg_list[i].param1,
+                                     alg_list[i].param2,
                                       flags,
                                       td_outb,
                                       nb_pkts);
@@ -9112,7 +9442,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
                         return TEST_FAILED;
  
                 if (flags->display_alg)
-                       test_ipsec_display_alg(&aead_list[i], NULL);
+                       test_ipsec_display_alg(alg_list[i].param1,
+                                              alg_list[i].param2);
  
                 pass_cnt++;
         }
@@ -9147,6 +9478,30 @@ test_ipsec_proto_iv_gen(const void *data __rte_unused)
         return test_ipsec_proto_all(&flags);
  }
  
+static int
+test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.sa_expiry_pkts_soft = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_sa_exp_pkts_hard(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.sa_expiry_pkts_hard = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
  static int
  test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
  {
@@ -9171,6 +9526,132 @@ test_ipsec_proto_udp_encap(const void *data __rte_unused)
         return test_ipsec_proto_all(&flags);
  }
  
+static int
+test_ipsec_proto_tunnel_src_dst_addr_verify(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_dst_addr_verify(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_udp_ports_verify(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.udp_encap = true;
+       flags.udp_ports_verify = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_inner_ip_csum(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ip_csum = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_inner_l4_csum(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.l4_csum = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = false;
+       flags.tunnel_ipv6 = false;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = true;
+       flags.tunnel_ipv6 = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = false;
+       flags.tunnel_ipv6 = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = true;
+       flags.tunnel_ipv6 = false;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_transport_v4(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = false;
+       flags.transport = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
  static int
  test_PDCP_PROTO_all(void)
  {
@@ -9213,11 +9694,13 @@ test_PDCP_PROTO_all(void)
  }
  
  static int
-test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
+test_docsis_proto_uplink(const void *data)
  {
+       const struct docsis_test_data *d_td = data;
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         struct crypto_unittest_params *ut_params = &unittest_params;
-       uint8_t *plaintext, *ciphertext;
+       uint8_t *plaintext = NULL;
+       uint8_t *ciphertext = NULL;
         uint8_t *iv_ptr;
         int32_t cipher_len, crc_len;
         uint32_t crc_data_len;
@@ -9234,6 +9717,15 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
         const struct rte_cryptodev_symmetric_capability *sym_cap;
         int j = 0;
  
+       /* Set action type */
+       ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ?
+               RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL :
+               gbl_action_type;
+
+       if (security_proto_supported(ut_params->type,
+                       RTE_SECURITY_PROTOCOL_DOCSIS) < 0)
+               return TEST_SKIPPED;
+
         sec_cap_idx.action = ut_params->type;
         sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS;
         sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_UPLINK;
@@ -9296,8 +9788,8 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
                                         ts_params->session_priv_mpool);
  
         if (!ut_params->sec_session) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__, "failed to allocate session");
+               printf("Test function %s line %u: failed to allocate session\n",
+                       __func__, __LINE__);
                 ret = TEST_FAILED;
                 goto on_err;
         }
@@ -9306,9 +9798,8 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
         ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
                                 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
         if (!ut_params->op) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__,
-                       "failed to allocate symmetric crypto operation");
+               printf("Test function %s line %u: failed to allocate symmetric "
+                       "crypto operation\n", __func__, __LINE__);
                 ret = TEST_FAILED;
                 goto on_err;
         }
@@ -9347,16 +9838,15 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
         /* Process crypto operation */
         if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) ==
                         NULL) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__,
-                       "failed to process security crypto op");
+               printf("Test function %s line %u: failed to process security "
+                       "crypto op\n", __func__, __LINE__);
                 ret = TEST_FAILED;
                 goto on_err;
         }
  
         if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__, "crypto op processing failed");
+               printf("Test function %s line %u: failed to process crypto op\n",
+                       __func__, __LINE__);
                 ret = TEST_FAILED;
                 goto on_err;
         }
@@ -9366,8 +9856,8 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
  
         if (memcmp(plaintext, d_td->plaintext.data,
                         d_td->plaintext.len - crc_data_len)) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__, "plaintext not as expected\n");
+               printf("Test function %s line %u: plaintext not as expected\n",
+                       __func__, __LINE__);
                 rte_hexdump(stdout, "expected", d_td->plaintext.data,
                                 d_td->plaintext.len);
                 rte_hexdump(stdout, "actual", plaintext, d_td->plaintext.len);
@@ -9390,11 +9880,13 @@ on_err:
  }
  
  static int
-test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
+test_docsis_proto_downlink(const void *data)
  {
+       const struct docsis_test_data *d_td = data;
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         struct crypto_unittest_params *ut_params = &unittest_params;
-       uint8_t *plaintext, *ciphertext;
+       uint8_t *plaintext = NULL;
+       uint8_t *ciphertext = NULL;
         uint8_t *iv_ptr;
         int32_t cipher_len, crc_len;
         int ret = TEST_SUCCESS;
@@ -9410,6 +9902,15 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
         const struct rte_cryptodev_symmetric_capability *sym_cap;
         int j = 0;
  
+       /* Set action type */
+       ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ?
+               RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL :
+               gbl_action_type;
+
+       if (security_proto_supported(ut_params->type,
+                       RTE_SECURITY_PROTOCOL_DOCSIS) < 0)
+               return TEST_SKIPPED;
+
         sec_cap_idx.action = ut_params->type;
         sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS;
         sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_DOWNLINK;
@@ -9472,8 +9973,8 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
                                         ts_params->session_priv_mpool);
  
         if (!ut_params->sec_session) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__, "failed to allocate session");
+               printf("Test function %s line %u: failed to allocate session\n",
+                       __func__, __LINE__);
                 ret = TEST_FAILED;
                 goto on_err;
         }
@@ -9482,9 +9983,8 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
         ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
                                 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
         if (!ut_params->op) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__,
-                       "failed to allocate security crypto operation");
+               printf("Test function %s line %u: failed to allocate symmetric "
+                       "crypto operation\n", __func__, __LINE__);
                 ret = TEST_FAILED;
                 goto on_err;
         }
@@ -9522,16 +10022,15 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
         /* Process crypto operation */
         if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) ==
                         NULL) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__,
-                       "failed to process security crypto op");
+               printf("Test function %s line %u: failed to process crypto op\n",
+                       __func__, __LINE__);
                 ret = TEST_FAILED;
                 goto on_err;
         }
  
         if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__, "crypto op processing failed");
+               printf("Test function %s line %u: crypto op processing failed\n",
+                       __func__, __LINE__);
                 ret = TEST_FAILED;
                 goto on_err;
         }
@@ -9540,8 +10039,8 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
         ciphertext = plaintext;
  
         if (memcmp(ciphertext, d_td->ciphertext.data, d_td->ciphertext.len)) {
-               printf("TestCase %s(%d) line %d: %s\n",
-                       __func__, i, __LINE__, "ciphertext not as expected\n");
+               printf("Test function %s line %u: plaintext not as expected\n",
+                       __func__, __LINE__);
                 rte_hexdump(stdout, "expected", d_td->ciphertext.data,
                                 d_td->ciphertext.len);
                 rte_hexdump(stdout, "actual", ciphertext, d_td->ciphertext.len);
@@ -9562,133 +10061,6 @@ on_err:
  
         return ret;
  }
-
-#define TEST_DOCSIS_COUNT(func) do {                   \
-       int ret = func;                                 \
-       if (ret == TEST_SUCCESS)  {                     \
-               printf("\t%2d)", n++);                  \
-               printf("+++++ PASSED:" #func"\n");      \
-               p++;                                    \
-       } else if (ret == TEST_SKIPPED) {               \
-               printf("\t%2d)", n++);                  \
-               printf("~~~~~ SKIPPED:" #func"\n");     \
-               s++;                                    \
-       } else {                                        \
-               printf("\t%2d)", n++);                  \
-               printf("----- FAILED:" #func"\n");      \
-               f++;                                    \
-       }                                               \
-} while (0)
-
-static int
-test_DOCSIS_PROTO_uplink_all(void)
-{
-       int p = 0, s = 0, f = 0, n = 0;
-
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(1, &docsis_test_case_1));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(2, &docsis_test_case_2));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(3, &docsis_test_case_3));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(4, &docsis_test_case_4));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(5, &docsis_test_case_5));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(6, &docsis_test_case_6));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(7, &docsis_test_case_7));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(8, &docsis_test_case_8));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(9, &docsis_test_case_9));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(10, &docsis_test_case_10));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(11, &docsis_test_case_11));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(12, &docsis_test_case_12));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(13, &docsis_test_case_13));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(14, &docsis_test_case_14));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(15, &docsis_test_case_15));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(16, &docsis_test_case_16));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(17, &docsis_test_case_17));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(18, &docsis_test_case_18));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(19, &docsis_test_case_19));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(20, &docsis_test_case_20));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(21, &docsis_test_case_21));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(22, &docsis_test_case_22));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(23, &docsis_test_case_23));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(24, &docsis_test_case_24));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(25, &docsis_test_case_25));
-       TEST_DOCSIS_COUNT(test_docsis_proto_uplink(26, &docsis_test_case_26));
-
-       if (f)
-               printf("## %s: %d passed out of %d (%d skipped)\n",
-                       __func__, p, n, s);
-
-       return f;
-};
-
-static int
-test_DOCSIS_PROTO_downlink_all(void)
-{
-       int p = 0, s = 0, f = 0, n = 0;
-
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(1, &docsis_test_case_1));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(2, &docsis_test_case_2));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(3, &docsis_test_case_3));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(4, &docsis_test_case_4));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(5, &docsis_test_case_5));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(6, &docsis_test_case_6));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(7, &docsis_test_case_7));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(8, &docsis_test_case_8));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(9, &docsis_test_case_9));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(10, &docsis_test_case_10));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(11, &docsis_test_case_11));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(12, &docsis_test_case_12));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(13, &docsis_test_case_13));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(14, &docsis_test_case_14));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(15, &docsis_test_case_15));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(16, &docsis_test_case_16));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(17, &docsis_test_case_17));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(18, &docsis_test_case_18));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(19, &docsis_test_case_19));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(20, &docsis_test_case_20));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(21, &docsis_test_case_21));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(22, &docsis_test_case_22));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(23, &docsis_test_case_23));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(24, &docsis_test_case_24));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(25, &docsis_test_case_25));
-       TEST_DOCSIS_COUNT(test_docsis_proto_downlink(26, &docsis_test_case_26));
-
-       if (f)
-               printf("## %s: %d passed out of %d (%d skipped)\n",
-                       __func__, p, n, s);
-
-       return f;
-};
-
-static int
-test_DOCSIS_PROTO_all(void)
-{
-       struct crypto_testsuite_params *ts_params = &testsuite_params;
-       struct crypto_unittest_params *ut_params = &unittest_params;
-       struct rte_cryptodev_info dev_info;
-       int status;
-
-       rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
-       uint64_t feat_flags = dev_info.feature_flags;
-
-       if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY))
-               return TEST_SKIPPED;
-
-       /* Set action type */
-       ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ?
-               RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL :
-               gbl_action_type;
-
-       if (security_proto_supported(ut_params->type,
-                       RTE_SECURITY_PROTOCOL_DOCSIS) < 0)
-               return TEST_SKIPPED;
-
-       status = test_DOCSIS_PROTO_uplink_all();
-       status += test_DOCSIS_PROTO_downlink_all();
-
-       if (status)
-               return TEST_FAILED;
-       else
-               return TEST_SUCCESS;
-}
  #endif
  
  static int
@@ -10296,6 +10668,7 @@ test_authenticated_encryption_oop(const struct aead_test_data *tdata)
         int retval;
         uint8_t *ciphertext, *auth_tag;
         uint16_t plaintext_pad_len;
+       struct rte_cryptodev_info dev_info;
  
         /* Verify the capabilities */
         struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -10305,7 +10678,11 @@ test_authenticated_encryption_oop(const struct aead_test_data *tdata)
                         &cap_idx) == NULL)
                 return TEST_SKIPPED;
  
-       if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+       rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+       uint64_t feat_flags = dev_info.feature_flags;
+
+       if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+                       (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP)))
                 return TEST_SKIPPED;
  
         /* not supported with CPU crypto */
@@ -10342,7 +10719,11 @@ test_authenticated_encryption_oop(const struct aead_test_data *tdata)
         ut_params->op->sym->m_dst = ut_params->obuf;
  
         /* Process crypto operation */
-       TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
+       if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+               process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+                       ut_params->op, 0, 0, 0, 0);
+       else
+               TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
                         ut_params->op), "failed to process sym crypto op");
  
         TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
@@ -10388,6 +10769,10 @@ test_authenticated_decryption_oop(const struct aead_test_data *tdata)
  
         int retval;
         uint8_t *plaintext;
+       struct rte_cryptodev_info dev_info;
+
+       rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+       uint64_t feat_flags = dev_info.feature_flags;
  
         /* Verify the capabilities */
         struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -10402,6 +10787,12 @@ test_authenticated_decryption_oop(const struct aead_test_data *tdata)
                         global_api_test_type == CRYPTODEV_RAW_API_TEST)
                 return TEST_SKIPPED;
  
+       if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+                       (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+               printf("Device does not support RAW data-path APIs.\n");
+               return TEST_SKIPPED;
+       }
+
         /* Create AEAD session */
         retval = create_aead_session(ts_params->valid_devs[0],
                         tdata->algo,
@@ -10432,7 +10823,11 @@ test_authenticated_decryption_oop(const struct aead_test_data *tdata)
         ut_params->op->sym->m_dst = ut_params->obuf;
  
         /* Process crypto operation */
-       TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
+       if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+               process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+                               ut_params->op, 0, 0, 0, 0);
+       else
+               TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
                         ut_params->op), "failed to process sym crypto op");
  
         TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
@@ -10852,6 +11247,7 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
                                    const struct HMAC_MD5_vector *test_case)
  {
         uint8_t key[64];
+       int status;
  
         memcpy(key, test_case->key.data, test_case->key.len);
  
@@ -10867,13 +11263,15 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
  
         ut_params->sess = rte_cryptodev_sym_session_create(
                         ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+       if (ut_params->sess == NULL)
+               return TEST_FAILED;
  
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                         ut_params->sess, &ut_params->auth_xform,
                         ts_params->session_priv_mpool);
-
-       if (ut_params->sess == NULL)
-               return TEST_FAILED;
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
  
         ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
  
@@ -11086,6 +11484,7 @@ test_multi_session(void)
         struct rte_cryptodev_sym_session **sessions;
  
         uint16_t i;
+       int status;
  
         /* Verify the capabilities */
         struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -11115,14 +11514,17 @@ test_multi_session(void)
  
                 sessions[i] = rte_cryptodev_sym_session_create(
                                 ts_params->session_mpool);
-
-               rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-                               sessions[i], &ut_params->auth_xform,
-                               ts_params->session_priv_mpool);
                 TEST_ASSERT_NOT_NULL(sessions[i],
                                 "Session creation failed at session number %u",
                                 i);
  
+               status = rte_cryptodev_sym_session_init(
+                               ts_params->valid_devs[0],
+                               sessions[i], &ut_params->auth_xform,
+                               ts_params->session_priv_mpool);
+               if (status == -ENOTSUP)
+                       return TEST_SKIPPED;
+
                 /* Attempt to send a request on each session */
                 TEST_ASSERT_SUCCESS( test_AES_CBC_HMAC_SHA512_decrypt_perform(
                         sessions[i],
@@ -11215,6 +11617,7 @@ test_multi_session_random_usage(void)
                 },
  
         };
+       int status;
  
         /* Verify the capabilities */
         struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -11238,6 +11641,9 @@ test_multi_session_random_usage(void)
         for (i = 0; i < MB_SESSION_NUMBER; i++) {
                 sessions[i] = rte_cryptodev_sym_session_create(
                                 ts_params->session_mpool);
+               TEST_ASSERT_NOT_NULL(sessions[i],
+                               "Session creation failed at session number %u",
+                               i);
  
                 rte_memcpy(&ut_paramz[i].ut_params, &unittest_params,
                                 sizeof(struct crypto_unittest_params));
@@ -11247,16 +11653,16 @@ test_multi_session_random_usage(void)
                                 ut_paramz[i].cipher_key, ut_paramz[i].hmac_key);
  
                 /* Create multiple crypto sessions*/
-               rte_cryptodev_sym_session_init(
+               status = rte_cryptodev_sym_session_init(
                                 ts_params->valid_devs[0],
                                 sessions[i],
                                 &ut_paramz[i].ut_params.auth_xform,
                                 ts_params->session_priv_mpool);
  
-               TEST_ASSERT_NOT_NULL(sessions[i],
-                               "Session creation failed at session number %u",
-                               i);
+               if (status == -ENOTSUP)
+                       return TEST_SKIPPED;
  
+               TEST_ASSERT_EQUAL(status, 0, "Session init failed");
         }
  
         srand(time(NULL));
@@ -11368,6 +11774,7 @@ test_null_burst_operation(void)
  {
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         struct crypto_unittest_params *ut_params = &unittest_params;
+       int status;
  
         unsigned i, burst_len = NULL_BURST_LENGTH;
  
@@ -11395,12 +11802,17 @@ test_null_burst_operation(void)
  
         ut_params->sess = rte_cryptodev_sym_session_create(
                         ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
  
         /* Create Crypto session*/
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                         ut_params->sess, &ut_params->cipher_xform,
                         ts_params->session_priv_mpool);
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
+
+       TEST_ASSERT_EQUAL(status, 0, "Session init failed");
  
         TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
                         RTE_CRYPTO_OP_TYPE_SYMMETRIC, burst, burst_len),
@@ -11798,6 +12210,7 @@ static int create_gmac_session(uint8_t dev_id,
                 enum rte_crypto_auth_operation auth_op)
  {
         uint8_t auth_key[tdata->key.len];
+       int status;
  
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         struct crypto_unittest_params *ut_params = &unittest_params;
@@ -11818,14 +12231,13 @@ static int create_gmac_session(uint8_t dev_id,
  
         ut_params->sess = rte_cryptodev_sym_session_create(
                         ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
  
-       rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+       status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                         &ut_params->auth_xform,
                         ts_params->session_priv_mpool);
  
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-       return 0;
+       return status;
  }
  
  static int
@@ -11863,6 +12275,8 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
         retval = create_gmac_session(ts_params->valid_devs[0],
                         tdata, RTE_CRYPTO_AUTH_OP_GENERATE);
  
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
         if (retval < 0)
                 return retval;
  
@@ -11992,6 +12406,8 @@ test_AES_GMAC_authentication_verify(const struct gmac_test_data *tdata)
         retval = create_gmac_session(ts_params->valid_devs[0],
                         tdata, RTE_CRYPTO_AUTH_OP_VERIFY);
  
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
         if (retval < 0)
                 return retval;
  
@@ -12119,6 +12535,8 @@ test_AES_GMAC_authentication_SGL(const struct gmac_test_data *tdata,
         retval = create_gmac_session(ts_params->valid_devs[0],
                         tdata, RTE_CRYPTO_AUTH_OP_GENERATE);
  
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
         if (retval < 0)
                 return retval;
  
@@ -12448,6 +12866,7 @@ create_auth_session(struct crypto_unittest_params *ut_params,
  {
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         uint8_t auth_key[reference->auth_key.len + 1];
+       int status;
  
         memcpy(auth_key, reference->auth_key.data, reference->auth_key.len);
  
@@ -12463,14 +12882,13 @@ create_auth_session(struct crypto_unittest_params *ut_params,
         /* Create Crypto session*/
         ut_params->sess = rte_cryptodev_sym_session_create(
                         ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
  
-       rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+       status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                                 &ut_params->auth_xform,
                                 ts_params->session_priv_mpool);
  
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-       return 0;
+       return status;
  }
  
  static int
@@ -12483,6 +12901,7 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
         struct crypto_testsuite_params *ts_params = &testsuite_params;
         uint8_t cipher_key[reference->cipher_key.len + 1];
         uint8_t auth_key[reference->auth_key.len + 1];
+       int status;
  
         memcpy(cipher_key, reference->cipher_key.data,
                         reference->cipher_key.len);
@@ -12516,14 +12935,13 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
         /* Create Crypto session*/
         ut_params->sess = rte_cryptodev_sym_session_create(
                         ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
  
-       rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+       status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                                 &ut_params->auth_xform,
                                 ts_params->session_priv_mpool);
  
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-       return 0;
+       return status;
  }
  
  static int
@@ -12739,6 +13157,9 @@ test_authentication_verify_fail_when_data_corruption(
                         ts_params->valid_devs[0],
                         reference,
                         RTE_CRYPTO_AUTH_OP_VERIFY);
+
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
         if (retval < 0)
                 return retval;
  
@@ -12781,10 +13202,13 @@ test_authentication_verify_fail_when_data_corruption(
         else {
                 ut_params->op = process_crypto_request(ts_params->valid_devs[0],
                         ut_params->op);
-               TEST_ASSERT_NULL(ut_params->op, "authentication not failed");
         }
+       if (ut_params->op == NULL)
+               return 0;
+       else if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
+               return 0;
  
-       return 0;
+       return -1;
  }
  
  static int
@@ -12911,6 +13335,9 @@ test_authenticated_decryption_fail_when_corruption(
                         reference,
                         RTE_CRYPTO_AUTH_OP_VERIFY,
                         RTE_CRYPTO_CIPHER_OP_DECRYPT);
+
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
         if (retval < 0)
                 return retval;
  
@@ -12972,6 +13399,7 @@ test_authenticated_encrypt_with_esn(
         uint8_t cipher_key[reference->cipher_key.len + 1];
         uint8_t auth_key[reference->auth_key.len + 1];
         struct rte_cryptodev_info dev_info;
+       int status;
  
         rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
         uint64_t feat_flags = dev_info.feature_flags;
@@ -13023,13 +13451,17 @@ test_authenticated_encrypt_with_esn(
         /* Create Crypto session*/
         ut_params->sess = rte_cryptodev_sym_session_create(
                         ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
  
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                                 ut_params->sess,
                                 &ut_params->cipher_xform,
                                 ts_params->session_priv_mpool);
  
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
+
+       TEST_ASSERT_EQUAL(status, 0, "Session init failed");
  
         ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
         TEST_ASSERT_NOT_NULL(ut_params->ibuf,
@@ -13155,13 +13587,17 @@ test_authenticated_decrypt_with_esn(
         /* Create Crypto session*/
         ut_params->sess = rte_cryptodev_sym_session_create(
                         ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
  
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       retval = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                                 ut_params->sess,
                                 &ut_params->auth_xform,
                                 ts_params->session_priv_mpool);
  
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
+
+       TEST_ASSERT_EQUAL(retval, 0, "Session init failed");
  
         ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
         TEST_ASSERT_NOT_NULL(ut_params->ibuf,
@@ -13774,6 +14210,14 @@ test_chacha20_poly1305_decrypt_test_case_rfc8439(void)
         return test_authenticated_decryption(&chacha20_poly1305_case_rfc8439);
  }
  
+static int
+test_chacha20_poly1305_encrypt_SGL_out_of_place(void)
+{
+       return test_authenticated_encryption_SGL(
+               &chacha20_poly1305_case_2, OUT_OF_PLACE, 32,
+               chacha20_poly1305_case_2.plaintext.len);
+}
+
  #ifdef RTE_CRYPTO_SCHEDULER
  
  /* global AESNI worker IDs for the scheduler test */
@@ -14067,6 +14511,47 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
         .suite_name = "IPsec Proto Unit Test Suite",
         .setup = ipsec_proto_testsuite_setup,
         .unit_test_cases = {
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec, &pkt_aes_128_gcm),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec, &pkt_aes_192_gcm),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec, &pkt_aes_256_gcm),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec,
+                       &pkt_aes_128_cbc_hmac_sha256),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec,
+                       &pkt_aes_128_cbc_hmac_sha384),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec,
+                       &pkt_aes_128_cbc_hmac_sha512),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec,
+                       &pkt_aes_128_cbc_hmac_sha256_v6),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound fragmented packet",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_fragmented,
+                       &pkt_aes_128_gcm_frag),
                 TEST_CASE_NAMED_WITH_DATA(
                         "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
                         ut_setup_security, ut_teardown,
@@ -14079,6 +14564,34 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
                         "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
                         ut_setup_security, ut_teardown,
                         test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb,
+                       &pkt_aes_128_cbc_hmac_sha256),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb,
+                       &pkt_aes_128_cbc_hmac_sha384),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb,
+                       &pkt_aes_128_cbc_hmac_sha512),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb,
+                       &pkt_aes_128_cbc_hmac_sha256_v6),
                 TEST_CASE_NAMED_ST(
                         "Combined test alg list",
                         ut_setup_security, ut_teardown,
@@ -14091,10 +14604,58 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
                         "UDP encapsulation",
                         ut_setup_security, ut_teardown,
                         test_ipsec_proto_udp_encap),
+               TEST_CASE_NAMED_ST(
+                       "UDP encapsulation ports verification test",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_udp_ports_verify),
+               TEST_CASE_NAMED_ST(
+                       "SA expiry packets soft",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_sa_exp_pkts_soft),
+               TEST_CASE_NAMED_ST(
+                       "SA expiry packets hard",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_sa_exp_pkts_hard),
                 TEST_CASE_NAMED_ST(
                         "Negative test: ICV corruption",
                         ut_setup_security, ut_teardown,
                         test_ipsec_proto_err_icv_corrupt),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel dst addr verification",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_dst_addr_verify),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel src and dst addr verification",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_src_dst_addr_verify),
+               TEST_CASE_NAMED_ST(
+                       "Inner IP checksum",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_inner_ip_csum),
+               TEST_CASE_NAMED_ST(
+                       "Inner L4 checksum",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_inner_l4_csum),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel IPv4 in IPv4",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_v4_in_v4),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel IPv6 in IPv6",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_v6_in_v6),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel IPv4 in IPv6",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_v4_in_v6),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel IPv6 in IPv4",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_v6_in_v4),
+               TEST_CASE_NAMED_ST(
+                       "Transport IPv4",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_transport_v4),
                 TEST_CASES_END() /**< NULL terminate unit test array */
         }
  };
@@ -14109,12 +14670,72 @@ static struct unit_test_suite pdcp_proto_testsuite  = {
         }
  };
  
+#define ADD_UPLINK_TESTCASE(data)                                              \
+       TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security,    \
+       ut_teardown, test_docsis_proto_uplink, (const void *) &data),           \
+
+#define ADD_DOWNLINK_TESTCASE(data)                                            \
+       TEST_CASE_NAMED_WITH_DATA(data.test_descr_downlink, ut_setup_security,  \
+       ut_teardown, test_docsis_proto_downlink, (const void *) &data),         \
+
  static struct unit_test_suite docsis_proto_testsuite  = {
-       .suite_name = "Docsis Proto Unit Test Suite",
+       .suite_name = "DOCSIS Proto Unit Test Suite",
         .setup = docsis_proto_testsuite_setup,
         .unit_test_cases = {
-               TEST_CASE_ST(ut_setup_security, ut_teardown,
-                       test_DOCSIS_PROTO_all),
+               /* Uplink */
+               ADD_UPLINK_TESTCASE(docsis_test_case_1)
+               ADD_UPLINK_TESTCASE(docsis_test_case_2)
+               ADD_UPLINK_TESTCASE(docsis_test_case_3)
+               ADD_UPLINK_TESTCASE(docsis_test_case_4)
+               ADD_UPLINK_TESTCASE(docsis_test_case_5)
+               ADD_UPLINK_TESTCASE(docsis_test_case_6)
+               ADD_UPLINK_TESTCASE(docsis_test_case_7)
+               ADD_UPLINK_TESTCASE(docsis_test_case_8)
+               ADD_UPLINK_TESTCASE(docsis_test_case_9)
+               ADD_UPLINK_TESTCASE(docsis_test_case_10)
+               ADD_UPLINK_TESTCASE(docsis_test_case_11)
+               ADD_UPLINK_TESTCASE(docsis_test_case_12)
+               ADD_UPLINK_TESTCASE(docsis_test_case_13)
+               ADD_UPLINK_TESTCASE(docsis_test_case_14)
+               ADD_UPLINK_TESTCASE(docsis_test_case_15)
+               ADD_UPLINK_TESTCASE(docsis_test_case_16)
+               ADD_UPLINK_TESTCASE(docsis_test_case_17)
+               ADD_UPLINK_TESTCASE(docsis_test_case_18)
+               ADD_UPLINK_TESTCASE(docsis_test_case_19)
+               ADD_UPLINK_TESTCASE(docsis_test_case_20)
+               ADD_UPLINK_TESTCASE(docsis_test_case_21)
+               ADD_UPLINK_TESTCASE(docsis_test_case_22)
+               ADD_UPLINK_TESTCASE(docsis_test_case_23)
+               ADD_UPLINK_TESTCASE(docsis_test_case_24)
+               ADD_UPLINK_TESTCASE(docsis_test_case_25)
+               ADD_UPLINK_TESTCASE(docsis_test_case_26)
+               /* Downlink */
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_1)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_2)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_3)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_4)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_5)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_6)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_7)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_8)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_9)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_10)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_11)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_12)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_13)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_14)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_15)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_16)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_17)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_18)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_19)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_20)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_21)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_22)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_23)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_24)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_25)
+               ADD_DOWNLINK_TESTCASE(docsis_test_case_26)
                 TEST_CASES_END() /**< NULL terminate unit test array */
         }
  };
@@ -14418,6 +15039,8 @@ static struct unit_test_suite cryptodev_chacha20_poly1305_testsuite  = {
                         test_chacha20_poly1305_encrypt_test_case_rfc8439),
                 TEST_CASE_ST(ut_setup, ut_teardown,
                         test_chacha20_poly1305_decrypt_test_case_rfc8439),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_chacha20_poly1305_encrypt_SGL_out_of_place),
                 TEST_CASES_END()
         }
  };
@@ -14571,6 +15194,13 @@ static struct unit_test_suite cryptodev_zuc_testsuite  = {
                         test_zuc_hash_generate_test_case_7),
                 TEST_CASE_ST(ut_setup, ut_teardown,
                         test_zuc_hash_generate_test_case_8),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_zuc_hash_generate_test_case_9),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_zuc_hash_generate_test_case_10),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_zuc_hash_generate_test_case_11),
+
  
                 /** ZUC alg-chain (EEA3/EIA3) */
                 TEST_CASE_ST(ut_setup, ut_teardown,
@@ -14597,6 +15227,19 @@ static struct unit_test_suite cryptodev_zuc_testsuite  = {
                         test_zuc_auth_cipher_verify_test_case_1_sgl),
                 TEST_CASE_ST(ut_setup, ut_teardown,
                         test_zuc_auth_cipher_verify_test_case_1_oop_sgl),
+
+               /** ZUC-256 encrypt only **/
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_zuc256_encryption_test_case_1),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_zuc256_encryption_test_case_2),
+
+               /** ZUC-256 authentication only **/
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_zuc256_authentication_test_case_1),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_zuc256_authentication_test_case_2),
+
                 TEST_CASES_END()
         }
  };
@@ -14980,6 +15623,17 @@ test_cryptodev_cpu_aesni_mb(void)
         return rc;
  }
  
+static int
+test_cryptodev_chacha_poly_mb(void)
+{
+       int32_t rc;
+       enum rte_security_session_action_type at = gbl_action_type;
+       rc = run_cryptodev_testsuite(
+                       RTE_STR(CRYPTODEV_NAME_CHACHA20_POLY1305_PMD));
+       gbl_action_type = at;
+       return rc;
+}
+
  static int
  test_cryptodev_openssl(void)
  {
@@ -15179,12 +15833,6 @@ test_cryptodev_octeontx(void)
         return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX_SYM_PMD));
  }
  
-static int
-test_cryptodev_octeontx2(void)
-{
-       return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX2_PMD));
-}
-
  static int
  test_cryptodev_caam_jr(void)
  {
@@ -15233,12 +15881,54 @@ test_cryptodev_cn10k(void)
         return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_CN10K_PMD));
  }
  
+static int
+test_cryptodev_dpaa2_sec_raw_api(void)
+{
+       static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD);
+       int ret;
+
+       ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP,
+                       "RAW API");
+       if (ret)
+               return ret;
+
+       global_api_test_type = CRYPTODEV_RAW_API_TEST;
+       ret = run_cryptodev_testsuite(pmd_name);
+       global_api_test_type = CRYPTODEV_API_TEST;
+
+       return ret;
+}
+
+static int
+test_cryptodev_dpaa_sec_raw_api(void)
+{
+       static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD);
+       int ret;
+
+       ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP,
+                       "RAW API");
+       if (ret)
+               return ret;
+
+       global_api_test_type = CRYPTODEV_RAW_API_TEST;
+       ret = run_cryptodev_testsuite(pmd_name);
+       global_api_test_type = CRYPTODEV_API_TEST;
+
+       return ret;
+}
+
+REGISTER_TEST_COMMAND(cryptodev_dpaa2_sec_raw_api_autotest,
+               test_cryptodev_dpaa2_sec_raw_api);
+REGISTER_TEST_COMMAND(cryptodev_dpaa_sec_raw_api_autotest,
+               test_cryptodev_dpaa_sec_raw_api);
  REGISTER_TEST_COMMAND(cryptodev_qat_raw_api_autotest,
                 test_cryptodev_qat_raw_api);
  REGISTER_TEST_COMMAND(cryptodev_qat_autotest, test_cryptodev_qat);
  REGISTER_TEST_COMMAND(cryptodev_aesni_mb_autotest, test_cryptodev_aesni_mb);
  REGISTER_TEST_COMMAND(cryptodev_cpu_aesni_mb_autotest,
         test_cryptodev_cpu_aesni_mb);
+REGISTER_TEST_COMMAND(cryptodev_chacha_poly_mb_autotest,
+       test_cryptodev_chacha_poly_mb);
  REGISTER_TEST_COMMAND(cryptodev_openssl_autotest, test_cryptodev_openssl);
  REGISTER_TEST_COMMAND(cryptodev_aesni_gcm_autotest, test_cryptodev_aesni_gcm);
  REGISTER_TEST_COMMAND(cryptodev_cpu_aesni_gcm_autotest,
@@ -15255,7 +15945,6 @@ REGISTER_TEST_COMMAND(cryptodev_dpaa_sec_autotest, test_cryptodev_dpaa_sec);
  REGISTER_TEST_COMMAND(cryptodev_ccp_autotest, test_cryptodev_ccp);
  REGISTER_TEST_COMMAND(cryptodev_virtio_autotest, test_cryptodev_virtio);
  REGISTER_TEST_COMMAND(cryptodev_octeontx_autotest, test_cryptodev_octeontx);
-REGISTER_TEST_COMMAND(cryptodev_octeontx2_autotest, test_cryptodev_octeontx2);
  REGISTER_TEST_COMMAND(cryptodev_caam_jr_autotest, test_cryptodev_caam_jr);
  REGISTER_TEST_COMMAND(cryptodev_nitrox_autotest, test_cryptodev_nitrox);
  REGISTER_TEST_COMMAND(cryptodev_bcmfs_autotest, test_cryptodev_bcmfs);