git.droids-corp.org / dpdk.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
cryptodev: reorganize asymmetric structs
[dpdk.git] / app / test / test_cryptodev.c
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 29e8675..a63c199 100644 (file)
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -3,6 +3,8 @@
  * Copyright 2020 NXP
  */
 
+#ifndef RTE_EXEC_ENV_WINDOWS
+
 #include <time.h>
 
 #include <rte_common.h>
@@ -209,6 +211,7 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
        int enqueue_status, dequeue_status;
        struct crypto_unittest_params *ut_params = &unittest_params;
        int is_sgl = sop->m_src->nb_segs > 1;
+       int is_oop = 0;
 
        ctx_service_size = rte_cryptodev_get_raw_dp_ctx_size(dev_id);
        if (ctx_service_size < 0) {
@@ -247,6 +250,9 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
 
        ofs.raw = 0;
 
+       if ((sop->m_dst != NULL) && (sop->m_dst != sop->m_src))
+               is_oop = 1;
+
        if (is_cipher && is_auth) {
                cipher_offset = sop->cipher.data.offset;
                cipher_len = sop->cipher.data.length;
@@ -277,6 +283,8 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
                if (is_sgl) {
                        uint32_t remaining_off = auth_offset + auth_len;
                        struct rte_mbuf *sgl_buf = sop->m_src;
+                       if (is_oop)
+                               sgl_buf = sop->m_dst;
 
                        while (remaining_off >= rte_pktmbuf_data_len(sgl_buf)
                                        && sgl_buf->next != NULL) {
@@ -293,7 +301,8 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
                /* Then check if digest-encrypted conditions are met */
                if ((auth_offset + auth_len < cipher_offset + cipher_len) &&
                                (digest.iova == auth_end_iova) && is_sgl)
-                       max_len = RTE_MAX(max_len, auth_offset + auth_len +
+                       max_len = RTE_MAX(max_len,
+                               auth_offset + auth_len +
                                ut_params->auth_xform.auth.digest_length);
 
        } else if (is_cipher) {
@@ -356,7 +365,7 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
 
        sgl.num = n;
        /* Out of place */
-       if (sop->m_dst != NULL) {
+       if (is_oop) {
                dest_sgl.vec = dest_data_vec;
                vec.dest_sgl = &dest_sgl;
                n = rte_crypto_mbuf_to_vec(sop->m_dst, 0, max_len,
@@ -835,6 +844,8 @@ ipsec_proto_testsuite_setup(void)
                ret = TEST_SKIPPED;
        }
 
+       test_ipsec_alg_list_populate();
+
        /*
         * Stop the device. Device would be started again by individual test
         * case setup routine.
@@ -1417,7 +1428,6 @@ ut_teardown(void)
 {
        struct crypto_testsuite_params *ts_params = &testsuite_params;
        struct crypto_unittest_params *ut_params = &unittest_params;
-       struct rte_cryptodev_stats stats;
 
        /* free crypto session structure */
 #ifdef RTE_LIB_SECURITY
@@ -1464,8 +1474,6 @@ ut_teardown(void)
                RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
                        rte_mempool_avail_count(ts_params->mbuf_pool));
 
-       rte_cryptodev_stats_get(ts_params->valid_devs[0], &stats);
-
        /* Stop the device */
        rte_cryptodev_stop(ts_params->valid_devs[0]);
 }
@@ -2138,6 +2146,7 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 {
        struct crypto_testsuite_params *ts_params = &testsuite_params;
        struct crypto_unittest_params *ut_params = &unittest_params;
+       int status;
 
        /* Verify the capabilities */
        struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -2184,12 +2193,17 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
 
        ut_params->sess = rte_cryptodev_sym_session_create(
                        ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
        /* Create crypto session*/
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                        ut_params->sess, &ut_params->cipher_xform,
                        ts_params->session_priv_mpool);
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
+
+       TEST_ASSERT_EQUAL(status, 0, "Session init failed");
 
        /* Generate crypto op data structure */
        ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -6867,7 +6881,7 @@ test_snow3g_decryption_with_digest_test_case_1(void)
        }
 
        /*
-        * Function prepare data for hash veryfication test case.
+        * Function prepare data for hash verification test case.
         * Digest is allocated in 4 last bytes in plaintext, pattern.
         */
        snow3g_hash_test_vector_setup(&snow3g_test_case_7, &snow3g_hash_data);
@@ -7972,6 +7986,7 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
                uint8_t iv_len)
 {
        uint8_t aead_key[key_len];
+       int status;
 
        struct crypto_testsuite_params *ts_params = &testsuite_params;
        struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7995,14 +8010,13 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
        /* Create Crypto session*/
        ut_params->sess = rte_cryptodev_sym_session_create(
                        ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-       rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+       status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                        &ut_params->aead_xform,
                        ts_params->session_priv_mpool);
 
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-       return 0;
+       return status;
 }
 
 static int
@@ -9120,6 +9134,10 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
                         bool silent,
                         const struct ipsec_test_flags *flags)
 {
+       uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000,
+                               0x0000, 0x001a};
+       uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174,
+                               0xe82c, 0x4887};
        struct crypto_testsuite_params *ts_params = &testsuite_params;
        struct crypto_unittest_params *ut_params = &unittest_params;
        struct rte_security_capability_idx sec_cap_idx;
@@ -9153,8 +9171,27 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
                        dst += 1;
        }
 
-       memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
-       memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+       if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+               if (td->ipsec_xform.tunnel.type ==
+                               RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+                       memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src,
+                              sizeof(src));
+                       memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
+                              sizeof(dst));
+
+                       if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+                               ipsec_xform.tunnel.ipv4.df = 0;
+
+                       if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0)
+                               ipsec_xform.tunnel.ipv4.df = 1;
+
+               } else {
+                       memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+                              sizeof(v6_src));
+                       memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+                              sizeof(v6_dst));
+               }
+       }
 
        ctx = rte_cryptodev_get_sec_ctx(dev_id);
 
@@ -9188,23 +9225,59 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
                        return TEST_SKIPPED;
                }
        } else {
-               /* Only AEAD supported now */
-               return TEST_SKIPPED;
+               memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher,
+                      sizeof(ut_params->cipher_xform));
+               memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth,
+                      sizeof(ut_params->auth_xform));
+               ut_params->cipher_xform.cipher.key.data = td[0].key.data;
+               ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+               ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
+
+               /* Verify crypto capabilities */
+
+               if (test_ipsec_crypto_caps_cipher_verify(
+                               sec_cap,
+                               &ut_params->cipher_xform) != 0) {
+                       if (!silent)
+                               RTE_LOG(INFO, USER1,
+                                       "Cipher crypto capabilities not supported\n");
+                       return TEST_SKIPPED;
+               }
+
+               if (test_ipsec_crypto_caps_auth_verify(
+                               sec_cap,
+                               &ut_params->auth_xform) != 0) {
+                       if (!silent)
+                               RTE_LOG(INFO, USER1,
+                                       "Auth crypto capabilities not supported\n");
+                       return TEST_SKIPPED;
+               }
        }
 
        if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0)
                return TEST_SKIPPED;
 
-       salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
-       memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
-
        struct rte_security_session_conf sess_conf = {
                .action_type = ut_params->type,
                .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
-               .ipsec = ipsec_xform,
-               .crypto_xform = &ut_params->aead_xform,
        };
 
+       if (td[0].aead) {
+               salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
+               memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
+               sess_conf.ipsec = ipsec_xform;
+               sess_conf.crypto_xform = &ut_params->aead_xform;
+       } else {
+               sess_conf.ipsec = ipsec_xform;
+               if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+                       sess_conf.crypto_xform = &ut_params->cipher_xform;
+                       ut_params->cipher_xform.next = &ut_params->auth_xform;
+               } else {
+                       sess_conf.crypto_xform = &ut_params->auth_xform;
+                       ut_params->auth_xform.next = &ut_params->cipher_xform;
+               }
+       }
+
        /* Create security session */
        ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
                                        ts_params->session_mpool,
@@ -9225,6 +9298,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
                memcpy(input_text, td[i].input_text.data,
                       td[i].input_text.len);
 
+               if (test_ipsec_pkt_update(input_text, flags))
+                       return TEST_FAILED;
+
                /* Generate crypto op data structure */
                ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
                                        RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -9275,6 +9351,11 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
                if (ret != TEST_SUCCESS)
                        goto crypto_op_free;
 
+               ret = test_ipsec_stats_verify(ctx, ut_params->sec_session,
+                                             flags, dir);
+               if (ret != TEST_SUCCESS)
+                       goto crypto_op_free;
+
                rte_crypto_op_free(ut_params->op);
                ut_params->op = NULL;
 
@@ -9306,25 +9387,49 @@ test_ipsec_proto_known_vec(const void *test_data)
 
        memcpy(&td_outb, test_data, sizeof(td_outb));
 
-       /* Disable IV gen to be able to test with known vectors */
-       td_outb.ipsec_xform.options.iv_gen_disable = 1;
+       if (td_outb.aead ||
+           td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL) {
+               /* Disable IV gen to be able to test with known vectors */
+               td_outb.ipsec_xform.options.iv_gen_disable = 1;
+       }
 
        return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
 }
 
 static int
-test_ipsec_proto_known_vec_inb(const void *td_outb)
+test_ipsec_proto_known_vec_inb(const void *test_data)
 {
+       const struct ipsec_test_data *td = test_data;
        struct ipsec_test_flags flags;
        struct ipsec_test_data td_inb;
 
        memset(&flags, 0, sizeof(flags));
 
-       test_ipsec_td_in_from_out(td_outb, &td_inb);
+       if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+               test_ipsec_td_in_from_out(td, &td_inb);
+       else
+               memcpy(&td_inb, td, sizeof(td_inb));
 
        return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags);
 }
 
+static int
+test_ipsec_proto_known_vec_fragmented(const void *test_data)
+{
+       struct ipsec_test_data td_outb;
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+       flags.fragment = true;
+
+       memcpy(&td_outb, test_data, sizeof(td_outb));
+
+       /* Disable IV gen to be able to test with known vectors */
+       td_outb.ipsec_xform.options.iv_gen_disable = 1;
+
+       return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
+}
+
 static int
 test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 {
@@ -9338,13 +9443,31 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
            flags->sa_expiry_pkts_hard)
                nb_pkts = IPSEC_TEST_PACKETS_MAX;
 
-       for (i = 0; i < RTE_DIM(aead_list); i++) {
-               test_ipsec_td_prepare(&aead_list[i],
-                                     NULL,
+       for (i = 0; i < RTE_DIM(alg_list); i++) {
+               test_ipsec_td_prepare(alg_list[i].param1,
+                                     alg_list[i].param2,
                                      flags,
                                      td_outb,
                                      nb_pkts);
 
+               if (!td_outb->aead) {
+                       enum rte_crypto_cipher_algorithm cipher_alg;
+                       enum rte_crypto_auth_algorithm auth_alg;
+
+                       cipher_alg = td_outb->xform.chain.cipher.cipher.algo;
+                       auth_alg = td_outb->xform.chain.auth.auth.algo;
+
+                       /* ICV is not applicable for NULL auth */
+                       if (flags->icv_corrupt &&
+                           auth_alg == RTE_CRYPTO_AUTH_NULL)
+                               continue;
+
+                       /* IV is not applicable for NULL cipher */
+                       if (flags->iv_gen &&
+                           cipher_alg == RTE_CRYPTO_CIPHER_NULL)
+                               continue;
+               }
+
                ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
                                               flags);
                if (ret == TEST_SKIPPED)
@@ -9364,7 +9487,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
                        return TEST_FAILED;
 
                if (flags->display_alg)
-                       test_ipsec_display_alg(&aead_list[i], NULL);
+                       test_ipsec_display_alg(alg_list[i].param1,
+                                              alg_list[i].param2);
 
                pass_cnt++;
        }
@@ -9508,6 +9632,144 @@ test_ipsec_proto_inner_l4_csum(const void *data __rte_unused)
        return test_ipsec_proto_all(&flags);
 }
 
+static int
+test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = false;
+       flags.tunnel_ipv6 = false;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = true;
+       flags.tunnel_ipv6 = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = false;
+       flags.tunnel_ipv6 = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = true;
+       flags.tunnel_ipv6 = false;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_transport_v4(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.ipv6 = false;
+       flags.transport = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_stats(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.stats_success = true;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_pkt_fragment(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.fragment = true;
+
+       return test_ipsec_proto_all(&flags);
+
+}
+
+static int
+test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.df = TEST_IPSEC_COPY_DF_INNER_0;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.df = TEST_IPSEC_COPY_DF_INNER_1;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.df = TEST_IPSEC_SET_DF_0_INNER_1;
+
+       return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused)
+{
+       struct ipsec_test_flags flags;
+
+       memset(&flags, 0, sizeof(flags));
+
+       flags.df = TEST_IPSEC_SET_DF_1_INNER_0;
+
+       return test_ipsec_proto_all(&flags);
+}
+
 static int
 test_PDCP_PROTO_all(void)
 {
@@ -11103,6 +11365,7 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
                                   const struct HMAC_MD5_vector *test_case)
 {
        uint8_t key[64];
+       int status;
 
        memcpy(key, test_case->key.data, test_case->key.len);
 
@@ -11118,13 +11381,15 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params,
 
        ut_params->sess = rte_cryptodev_sym_session_create(
                        ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+       if (ut_params->sess == NULL)
+               return TEST_FAILED;
 
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                        ut_params->sess, &ut_params->auth_xform,
                        ts_params->session_priv_mpool);
-
-       if (ut_params->sess == NULL)
-               return TEST_FAILED;
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
 
        ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
@@ -11337,6 +11602,7 @@ test_multi_session(void)
        struct rte_cryptodev_sym_session **sessions;
 
        uint16_t i;
+       int status;
 
        /* Verify the capabilities */
        struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -11366,14 +11632,17 @@ test_multi_session(void)
 
                sessions[i] = rte_cryptodev_sym_session_create(
                                ts_params->session_mpool);
-
-               rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
-                               sessions[i], &ut_params->auth_xform,
-                               ts_params->session_priv_mpool);
                TEST_ASSERT_NOT_NULL(sessions[i],
                                "Session creation failed at session number %u",
                                i);
 
+               status = rte_cryptodev_sym_session_init(
+                               ts_params->valid_devs[0],
+                               sessions[i], &ut_params->auth_xform,
+                               ts_params->session_priv_mpool);
+               if (status == -ENOTSUP)
+                       return TEST_SKIPPED;
+
                /* Attempt to send a request on each session */
                TEST_ASSERT_SUCCESS( test_AES_CBC_HMAC_SHA512_decrypt_perform(
                        sessions[i],
@@ -11466,6 +11735,7 @@ test_multi_session_random_usage(void)
                },
 
        };
+       int status;
 
        /* Verify the capabilities */
        struct rte_cryptodev_sym_capability_idx cap_idx;
@@ -11489,6 +11759,9 @@ test_multi_session_random_usage(void)
        for (i = 0; i < MB_SESSION_NUMBER; i++) {
                sessions[i] = rte_cryptodev_sym_session_create(
                                ts_params->session_mpool);
+               TEST_ASSERT_NOT_NULL(sessions[i],
+                               "Session creation failed at session number %u",
+                               i);
 
                rte_memcpy(&ut_paramz[i].ut_params, &unittest_params,
                                sizeof(struct crypto_unittest_params));
@@ -11498,16 +11771,16 @@ test_multi_session_random_usage(void)
                                ut_paramz[i].cipher_key, ut_paramz[i].hmac_key);
 
                /* Create multiple crypto sessions*/
-               rte_cryptodev_sym_session_init(
+               status = rte_cryptodev_sym_session_init(
                                ts_params->valid_devs[0],
                                sessions[i],
                                &ut_paramz[i].ut_params.auth_xform,
                                ts_params->session_priv_mpool);
 
-               TEST_ASSERT_NOT_NULL(sessions[i],
-                               "Session creation failed at session number %u",
-                               i);
+               if (status == -ENOTSUP)
+                       return TEST_SKIPPED;
 
+               TEST_ASSERT_EQUAL(status, 0, "Session init failed");
        }
 
        srand(time(NULL));
@@ -11619,6 +11892,7 @@ test_null_burst_operation(void)
 {
        struct crypto_testsuite_params *ts_params = &testsuite_params;
        struct crypto_unittest_params *ut_params = &unittest_params;
+       int status;
 
        unsigned i, burst_len = NULL_BURST_LENGTH;
 
@@ -11646,12 +11920,17 @@ test_null_burst_operation(void)
 
        ut_params->sess = rte_cryptodev_sym_session_create(
                        ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
        /* Create Crypto session*/
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                        ut_params->sess, &ut_params->cipher_xform,
                        ts_params->session_priv_mpool);
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
+
+       TEST_ASSERT_EQUAL(status, 0, "Session init failed");
 
        TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
                        RTE_CRYPTO_OP_TYPE_SYMMETRIC, burst, burst_len),
@@ -12049,6 +12328,7 @@ static int create_gmac_session(uint8_t dev_id,
                enum rte_crypto_auth_operation auth_op)
 {
        uint8_t auth_key[tdata->key.len];
+       int status;
 
        struct crypto_testsuite_params *ts_params = &testsuite_params;
        struct crypto_unittest_params *ut_params = &unittest_params;
@@ -12069,14 +12349,13 @@ static int create_gmac_session(uint8_t dev_id,
 
        ut_params->sess = rte_cryptodev_sym_session_create(
                        ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-       rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+       status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                        &ut_params->auth_xform,
                        ts_params->session_priv_mpool);
 
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-       return 0;
+       return status;
 }
 
 static int
@@ -12114,6 +12393,8 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata)
        retval = create_gmac_session(ts_params->valid_devs[0],
                        tdata, RTE_CRYPTO_AUTH_OP_GENERATE);
 
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
        if (retval < 0)
                return retval;
 
@@ -12243,6 +12524,8 @@ test_AES_GMAC_authentication_verify(const struct gmac_test_data *tdata)
        retval = create_gmac_session(ts_params->valid_devs[0],
                        tdata, RTE_CRYPTO_AUTH_OP_VERIFY);
 
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
        if (retval < 0)
                return retval;
 
@@ -12370,6 +12653,8 @@ test_AES_GMAC_authentication_SGL(const struct gmac_test_data *tdata,
        retval = create_gmac_session(ts_params->valid_devs[0],
                        tdata, RTE_CRYPTO_AUTH_OP_GENERATE);
 
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
        if (retval < 0)
                return retval;
 
@@ -12699,6 +12984,7 @@ create_auth_session(struct crypto_unittest_params *ut_params,
 {
        struct crypto_testsuite_params *ts_params = &testsuite_params;
        uint8_t auth_key[reference->auth_key.len + 1];
+       int status;
 
        memcpy(auth_key, reference->auth_key.data, reference->auth_key.len);
 
@@ -12714,14 +13000,13 @@ create_auth_session(struct crypto_unittest_params *ut_params,
        /* Create Crypto session*/
        ut_params->sess = rte_cryptodev_sym_session_create(
                        ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-       rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+       status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                                &ut_params->auth_xform,
                                ts_params->session_priv_mpool);
 
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-       return 0;
+       return status;
 }
 
 static int
@@ -12734,6 +13019,7 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
        struct crypto_testsuite_params *ts_params = &testsuite_params;
        uint8_t cipher_key[reference->cipher_key.len + 1];
        uint8_t auth_key[reference->auth_key.len + 1];
+       int status;
 
        memcpy(cipher_key, reference->cipher_key.data,
                        reference->cipher_key.len);
@@ -12767,14 +13053,13 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params,
        /* Create Crypto session*/
        ut_params->sess = rte_cryptodev_sym_session_create(
                        ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-       rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+       status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
                                &ut_params->auth_xform,
                                ts_params->session_priv_mpool);
 
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
-       return 0;
+       return status;
 }
 
 static int
@@ -12990,6 +13275,9 @@ test_authentication_verify_fail_when_data_corruption(
                        ts_params->valid_devs[0],
                        reference,
                        RTE_CRYPTO_AUTH_OP_VERIFY);
+
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
        if (retval < 0)
                return retval;
 
@@ -13165,6 +13453,9 @@ test_authenticated_decryption_fail_when_corruption(
                        reference,
                        RTE_CRYPTO_AUTH_OP_VERIFY,
                        RTE_CRYPTO_CIPHER_OP_DECRYPT);
+
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
        if (retval < 0)
                return retval;
 
@@ -13226,6 +13517,7 @@ test_authenticated_encrypt_with_esn(
        uint8_t cipher_key[reference->cipher_key.len + 1];
        uint8_t auth_key[reference->auth_key.len + 1];
        struct rte_cryptodev_info dev_info;
+       int status;
 
        rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
        uint64_t feat_flags = dev_info.feature_flags;
@@ -13277,13 +13569,17 @@ test_authenticated_encrypt_with_esn(
        /* Create Crypto session*/
        ut_params->sess = rte_cryptodev_sym_session_create(
                        ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                                ut_params->sess,
                                &ut_params->cipher_xform,
                                ts_params->session_priv_mpool);
 
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+       if (status == -ENOTSUP)
+               return TEST_SKIPPED;
+
+       TEST_ASSERT_EQUAL(status, 0, "Session init failed");
 
        ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
        TEST_ASSERT_NOT_NULL(ut_params->ibuf,
@@ -13409,13 +13705,17 @@ test_authenticated_decrypt_with_esn(
        /* Create Crypto session*/
        ut_params->sess = rte_cryptodev_sym_session_create(
                        ts_params->session_mpool);
+       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
 
-       rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+       retval = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
                                ut_params->sess,
                                &ut_params->auth_xform,
                                ts_params->session_priv_mpool);
 
-       TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+       if (retval == -ENOTSUP)
+               return TEST_SKIPPED;
+
+       TEST_ASSERT_EQUAL(retval, 0, "Session init failed");
 
        ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
        TEST_ASSERT_NOT_NULL(ut_params->ibuf,
@@ -14341,6 +14641,40 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
                        "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
                        ut_setup_security, ut_teardown,
                        test_ipsec_proto_known_vec, &pkt_aes_256_gcm),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec,
+                       &pkt_aes_128_cbc_hmac_sha256),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec,
+                       &pkt_aes_128_cbc_hmac_sha384),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec,
+                       &pkt_aes_128_cbc_hmac_sha512),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec,
+                       &pkt_aes_128_cbc_hmac_sha256_v6),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec,
+                       &pkt_null_aes_xcbc),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Outbound fragmented packet",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_fragmented,
+                       &pkt_aes_128_gcm_frag),
                TEST_CASE_NAMED_WITH_DATA(
                        "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
                        ut_setup_security, ut_teardown,
@@ -14353,6 +14687,39 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
                        "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
                        ut_setup_security, ut_teardown,
                        test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb,
+                       &pkt_aes_128_cbc_hmac_sha256),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb,
+                       &pkt_aes_128_cbc_hmac_sha384),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb,
+                       &pkt_aes_128_cbc_hmac_sha512),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb,
+                       &pkt_aes_128_cbc_hmac_sha256_v6),
+               TEST_CASE_NAMED_WITH_DATA(
+                       "Inbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_known_vec_inb,
+                       &pkt_null_aes_xcbc),
                TEST_CASE_NAMED_ST(
                        "Combined test alg list",
                        ut_setup_security, ut_teardown,
@@ -14397,6 +14764,50 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
                        "Inner L4 checksum",
                        ut_setup_security, ut_teardown,
                        test_ipsec_proto_inner_l4_csum),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel IPv4 in IPv4",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_v4_in_v4),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel IPv6 in IPv6",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_v6_in_v6),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel IPv4 in IPv6",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_v4_in_v6),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel IPv6 in IPv4",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_tunnel_v6_in_v4),
+               TEST_CASE_NAMED_ST(
+                       "Transport IPv4",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_transport_v4),
+               TEST_CASE_NAMED_ST(
+                       "Statistics: success",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_stats),
+               TEST_CASE_NAMED_ST(
+                       "Fragmented packet",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_pkt_fragment),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel header copy DF (inner 0)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_copy_df_inner_0),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel header copy DF (inner 1)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_copy_df_inner_1),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel header set DF 0 (inner 1)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_set_df_0_inner_1),
+               TEST_CASE_NAMED_ST(
+                       "Tunnel header set DF 1 (inner 0)",
+                       ut_setup_security, ut_teardown,
+                       test_ipsec_proto_set_df_1_inner_0),
                TEST_CASES_END() /**< NULL terminate unit test array */
        }
 };
@@ -15574,12 +15985,6 @@ test_cryptodev_octeontx(void)
        return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX_SYM_PMD));
 }
 
-static int
-test_cryptodev_octeontx2(void)
-{
-       return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX2_PMD));
-}
-
 static int
 test_cryptodev_caam_jr(void)
 {
@@ -15692,9 +16097,10 @@ REGISTER_TEST_COMMAND(cryptodev_dpaa_sec_autotest, test_cryptodev_dpaa_sec);
 REGISTER_TEST_COMMAND(cryptodev_ccp_autotest, test_cryptodev_ccp);
 REGISTER_TEST_COMMAND(cryptodev_virtio_autotest, test_cryptodev_virtio);
 REGISTER_TEST_COMMAND(cryptodev_octeontx_autotest, test_cryptodev_octeontx);
-REGISTER_TEST_COMMAND(cryptodev_octeontx2_autotest, test_cryptodev_octeontx2);
 REGISTER_TEST_COMMAND(cryptodev_caam_jr_autotest, test_cryptodev_caam_jr);
 REGISTER_TEST_COMMAND(cryptodev_nitrox_autotest, test_cryptodev_nitrox);
 REGISTER_TEST_COMMAND(cryptodev_bcmfs_autotest, test_cryptodev_bcmfs);
 REGISTER_TEST_COMMAND(cryptodev_cn9k_autotest, test_cryptodev_cn9k);
 REGISTER_TEST_COMMAND(cryptodev_cn10k_autotest, test_cryptodev_cn10k);
+
+#endif /* !RTE_EXEC_ENV_WINDOWS */
DPDK repo used for reviews