[PATCH 0/6] update autotest with new algorithms

[PATCH 0/6] update autotest with new algorithms

[Tejasree Kondoj]

This series updates autotest with DES, 3DES, MD5
and custom UDP ports support.

Tejasree Kondoj (2):
  test/crypto: check antireply capability only for ingress
  test/crypto: add unit test for custom UDP ports

Vidya Sagar Velumuri (4):
  test/security: add unit tests for DES and 3DES
  test/security: add unit tests for auth algo MD5
  test/security: update antireplay unit test for event mode
  test/crypto: add unit tests for DES and MD5

 app/test/test_cryptodev.c                     |   71 ++
 app/test/test_cryptodev_security_ipsec.c      |   83 +-
 app/test/test_cryptodev_security_ipsec.h      |   19 +
 ...st_cryptodev_security_ipsec_test_vectors.h | 1059 ++++++++++++++++-
 app/test/test_security_inline_proto.c         |  120 +-
 5 files changed, 1286 insertions(+), 66 deletions(-)

-- 
2.25.1

[PATCH 1/6] test/security: add unit tests for DES and 3DES

[Tejasree Kondoj]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test cases and test vecotrs for DES-CBC
and 3DES-CBC.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev_security_ipsec.h      |  12 +
 ...st_cryptodev_security_ipsec_test_vectors.h | 876 ++++++++++++++++++
 app/test/test_security_inline_proto.c         |  89 ++
 3 files changed, 977 insertions(+)

diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 67b783e637..95e86a05e0 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -150,6 +150,18 @@ static const struct crypto_param cipher_list[] = {
 		.key_length = 0,
 		.iv_length = 0,
 	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_DES_CBC,
+		.key_length = 8,
+		.iv_length = 8,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_3DES_CBC,
+		.key_length = 24,
+		.iv_length = 8,
+	},
 	{
 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index 5f775a241a..18ffceddce 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -955,6 +955,661 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha512 = {
 	},
 };
 
+struct ipsec_test_data pkt_3des_cbc_hmac_sha256 = {
+	.key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+			0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+			0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+			0xc0, 0xa8, 0x01, 0x70,
+
+			/* UDP */
+			0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+			0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			/* IP - outer header */
+			0x45, 0x00, 0x00, 0x6c, 0x00, 0x01, 0x00, 0x00,
+			0x40, 0x32, 0xf7, 0x0b, 0xc0, 0xa8, 0x01, 0x02,
+			0xc0, 0xa8, 0x01, 0x01,
+
+			/* ESP */
+			0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+
+			/* IV */
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+			/* Data */
+			0x45, 0x2a, 0x7d, 0xe8, 0x96, 0x8b, 0x6e, 0x9f,
+			0x8e, 0xa8, 0x87, 0xf6, 0x12, 0x41, 0x61, 0x6e,
+			0x42, 0xae, 0xd4, 0x71, 0x2a, 0x7d, 0xde, 0x46,
+			0x24, 0xa7, 0xc8, 0xd1, 0x8a, 0x78, 0x5f, 0xb8,
+			0xb1, 0x43, 0xec, 0x3b, 0x95, 0x9c, 0x54, 0x7b,
+			0x0c, 0x47, 0x80, 0xfb, 0xff, 0x18, 0x54, 0x87,
+			0x16, 0x22, 0x88, 0x06, 0xcf, 0xfd, 0xf6, 0x01,
+			0x02, 0x58, 0x94, 0x34, 0xc9, 0xbc, 0xea, 0xb8,
+			0xc9, 0x75, 0xf6, 0xc4, 0x8b, 0x46, 0x69, 0x3c,
+			},
+		.len = 108,
+	},
+	.iv = {
+		.data = {
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 52,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+				.key.length = 24,
+				.iv.length = 8,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+				.key.length = 32,
+				.digest_length = 16,
+			},
+		},
+	},
+};
+
+struct ipsec_test_data pkt_3des_cbc_hmac_sha384 = {
+	.key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+			0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+			0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+			0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+			0xc0, 0xa8, 0x01, 0x70,
+
+			/* UDP */
+			0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+			0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			/* IP - outer header */
+			0x45, 0x00, 0x00, 0x74, 0x00, 0x01, 0x00, 0x00,
+			0x40, 0x32, 0xf7, 0x03, 0xc0, 0xa8, 0x01, 0x02,
+			0xc0, 0xa8, 0x01, 0x01,
+
+			/* ESP */
+			0x00, 0x00, 0x00, 0x34,	0x00, 0x00, 0x00, 0x01,
+
+			/* IV */
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+			/* Data */
+			0x45, 0x2a, 0x7d, 0xe8, 0x96, 0x8b, 0x6e, 0x9f,
+			0x8e, 0xa8, 0x87, 0xf6, 0x12, 0x41, 0x61, 0x6e,
+			0x42, 0xae, 0xd4, 0x71, 0x2a, 0x7d, 0xde, 0x46,
+			0x24, 0xa7, 0xc8, 0xd1, 0x8a, 0x78, 0x5f, 0xb8,
+			0xb1, 0x43, 0xec, 0x3b, 0x95, 0x9c, 0x54, 0x7b,
+			0x0c, 0x47, 0x80, 0xfb, 0xff, 0x18, 0x54, 0x87,
+			0x16, 0x22, 0x88, 0x06, 0xcf, 0xfd, 0xf6, 0x01,
+			0x27, 0x34, 0x80, 0xa0, 0xc0, 0xd8, 0x97, 0xa4,
+			0x67, 0xf5, 0x6b, 0xd4, 0x2c, 0x74, 0xc4, 0x51,
+			0xed, 0x0d, 0xae, 0x23, 0xbb, 0xfa, 0xfb, 0x91,
+		},
+		.len = 116,
+	},
+	.iv = {
+		.data = {
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 52,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+				.key.length = 24,
+				.iv.length = 8,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+				.key.length = 48,
+				.digest_length = 24,
+			},
+		},
+	},
+};
+
+struct ipsec_test_data pkt_3des_cbc_hmac_sha512 = {
+	.key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+			0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+			0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+			0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+			0xc0, 0xa8, 0x01, 0x70,
+
+			/* UDP */
+			0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+			0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			/* IP - outer header */
+			0x45, 0x00, 0x00, 0x7c, 0x00, 0x01, 0x00, 0x00,
+			0x40, 0x32, 0xf6, 0xfb, 0xc0, 0xa8, 0x01, 0x02,
+			0xc0, 0xa8, 0x01, 0x01,
+
+			/* ESP */
+			0x00, 0x00, 0x00, 0x34,	0x00, 0x00, 0x00, 0x01,
+
+			/* IV */
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+			/* Data */
+			0x45, 0x2a, 0x7d, 0xe8, 0x96, 0x8b, 0x6e, 0x9f,
+			0x8e, 0xa8, 0x87, 0xf6, 0x12, 0x41, 0x61, 0x6e,
+			0x42, 0xae, 0xd4, 0x71, 0x2a, 0x7d, 0xde, 0x46,
+			0x24, 0xa7, 0xc8, 0xd1, 0x8a, 0x78, 0x5f, 0xb8,
+			0xb1, 0x43, 0xec, 0x3b, 0x95, 0x9c, 0x54, 0x7b,
+			0x0c, 0x47, 0x80, 0xfb, 0xff, 0x18, 0x54, 0x87,
+			0x16, 0x22, 0x88, 0x06, 0xcf, 0xfd, 0xf6, 0x01,
+			0xe7, 0x32, 0x8b, 0x4c, 0x9f, 0xe4, 0x54, 0x0d,
+			0x37, 0xec, 0xaa, 0x4b, 0x2a, 0x32, 0xfc, 0x4c,
+			0x04, 0xeb, 0x26, 0x53, 0x24, 0x4c, 0xcc, 0xf7,
+			0xeb, 0x24, 0x76, 0x42, 0xb4, 0x0c, 0xbc, 0xd4,
+		},
+		.len = 124,
+	},
+	.iv = {
+		.data = {
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 52,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+				.key.length = 24,
+				.iv.length = 8,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
+				.key.length = 64,
+				.digest_length = 32,
+			},
+		},
+	},
+};
+
+struct ipsec_test_data pkt_des_cbc_hmac_sha256 = {
+	.key = {
+		.data = {
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+			0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+			0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+			0xc0, 0xa8, 0x01, 0x70,
+
+			/* UDP */
+			0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+			0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			/* IP - outer header */
+			0x45, 0x00, 0x00, 0x6c, 0x00, 0x01, 0x00, 0x00,
+			0x40, 0x32, 0xf7, 0x0b, 0xc0, 0xa8, 0x01, 0x02,
+			0xc0, 0xa8, 0x01, 0x01,
+
+			/* ESP */
+			0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x01,
+
+			/* IV */
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+			/* Data */
+			0xdd, 0x13, 0x10, 0x3c, 0xe4, 0xb9, 0xce, 0x12,
+			0x73, 0x4c, 0x97, 0x00, 0x28, 0xf7, 0xa4, 0x5e,
+			0x02, 0x17, 0xe1, 0xc6, 0x09, 0x20, 0x90, 0xe3,
+			0xb6, 0x9c, 0x25, 0x6d, 0x62, 0x06, 0x60, 0x90,
+			0x91, 0x76, 0x94, 0xd8, 0x57, 0x56, 0xcb, 0xdd,
+			0x62, 0x99, 0x99, 0x98, 0xd0, 0x3a, 0x99, 0x71,
+			0x64, 0xcb, 0x79, 0x0c, 0x89, 0xa2, 0xf6, 0x12,
+			0x1f, 0x09, 0xf8, 0x36, 0x8f, 0x5e, 0x31, 0x93,
+			0x0a, 0xa0, 0x48, 0xee, 0x61, 0x21, 0xb5, 0x3d,
+			},
+		.len = 108,
+	},
+	.iv = {
+		.data = {
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 58,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_DES_CBC,
+				.key.length = 8,
+				.iv.length = 8,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+				.key.length = 32,
+				.digest_length = 16,
+			},
+		},
+	},
+};
+
+struct ipsec_test_data pkt_des_cbc_hmac_sha384 = {
+	.key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+			0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+			0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+			0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+			0xc0, 0xa8, 0x01, 0x70,
+
+			/* UDP */
+			0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+			0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			/* IP - outer header */
+			0x45, 0x00, 0x00, 0x74, 0x00, 0x01, 0x00, 0x00,
+			0x40, 0x32, 0xf7, 0x03, 0xc0, 0xa8, 0x01, 0x02,
+			0xc0, 0xa8, 0x01, 0x01,
+
+			/* ESP */
+			0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x01,
+
+			/* IV */
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+			/* Data */
+			0x80, 0x6a, 0xcd, 0x35, 0x95, 0x6c, 0x04, 0x66,
+			0x4c, 0x04, 0xeb, 0xdb, 0x85, 0xc8, 0xf9, 0x56,
+			0xe7, 0x01, 0x17, 0x97, 0xc4, 0xa5, 0xa4, 0xfe,
+			0xa0, 0x81, 0x62, 0xda, 0xb2, 0xc0, 0xcf, 0x21,
+			0x54, 0x0c, 0x38, 0xcf, 0xca, 0x41, 0x20, 0x5f,
+			0xed, 0xc3, 0xe3, 0x59, 0xc4, 0x2f, 0x5e, 0xf7,
+			0xdd, 0x16, 0x15, 0xd2, 0x00, 0xe8, 0x60, 0xc6,
+			0xd8, 0x73, 0xf0, 0xb1, 0x89, 0xc4, 0xb2, 0x65,
+			0xe2, 0xbf, 0xeb, 0xd8, 0x1d, 0x0a, 0xae, 0x2c,
+			0x4d, 0xd3, 0x59, 0x30, 0x5e, 0x47, 0xb9, 0xcc,
+		},
+		.len = 116,
+	},
+	.iv = {
+		.data = {
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 58,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_DES_CBC,
+				.key.length = 8,
+				.iv.length = 8,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+				.key.length = 48,
+				.digest_length = 24,
+			},
+		},
+	},
+};
+
+struct ipsec_test_data pkt_des_cbc_hmac_sha512 = {
+	.key = {
+		.data = {
+			0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+			0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+			0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+			0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+			0xc0, 0xa8, 0x01, 0x70,
+
+			/* UDP */
+			0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+			0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			/* IP - outer header */
+			0x45, 0x00, 0x00, 0x7c, 0x00, 0x01, 0x00, 0x00,
+			0x40, 0x32, 0xf6, 0xfb, 0xc0, 0xa8, 0x01, 0x02,
+			0xc0, 0xa8, 0x01, 0x01,
+
+			/* ESP */
+			0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+
+			/* IV */
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+			/* Data */
+			0x54, 0xe6, 0xf3, 0xd4, 0x25, 0x1c, 0x57, 0xd0,
+			0x55, 0x7d, 0x52, 0xd3, 0xcb, 0x65, 0x57, 0x37,
+			0xd9, 0x83, 0x37, 0x69, 0x95, 0xa7, 0x2b, 0xc2,
+			0x65, 0x9e, 0xf6, 0xc8, 0xca, 0x6a, 0x9d, 0x51,
+			0xde, 0xbe, 0x45, 0x58, 0x72, 0x58, 0x92, 0x49,
+			0x15, 0x02, 0xae, 0x38, 0xb5, 0xf7, 0xcc, 0x6d,
+			0xe5, 0x95, 0x21, 0xf1, 0xda, 0x69, 0x93, 0x76,
+			0x6c, 0x85, 0x42, 0xef, 0xb1, 0xd4, 0xae, 0x32,
+			0x88, 0x73, 0x1a, 0x59, 0xf9, 0xe5, 0x4b, 0x1c,
+			0xc0, 0x32, 0x07, 0x78, 0xaf, 0x09, 0xfd, 0x15,
+			0x3e, 0xad, 0x9d, 0x8a, 0xa5, 0x0f, 0xd4, 0x66,
+
+		},
+		.len = 124,
+	},
+	.iv = {
+		.data = {
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 52,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_DES_CBC,
+				.key.length = 8,
+				.iv.length = 8,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
+				.key.length = 64,
+				.digest_length = 32,
+			},
+		},
+	},
+};
+
 struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6 = {
 	.key = {
 		.data = {
@@ -1060,6 +1715,227 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6 = {
 	},
 };
 
+struct ipsec_test_data pkt_3des_cbc_hmac_sha256_v6 = {
+	.key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+			0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38,
+			0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
+			0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad,
+			0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87,
+			0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c,
+			0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6,
+			0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a,
+			0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07,
+		},
+		.len = 72,
+	},
+	.output_text = {
+		.data = {
+			/* IP - outer header */
+			0x60, 0x00, 0x00, 0x00, 0x00, 0x70, 0x32, 0x40,
+			0x0c, 0x03, 0x40, 0x0c, 0xf8, 0xb0, 0x26, 0x07,
+			0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0xde, 0xad, 0xe5, 0xbf, 0x04, 0x70, 0x20, 0x01,
+			0x48, 0x87, 0xe8, 0x2c, 0x21, 0x74, 0x49, 0x57,
+
+			/* ESP */
+			0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+
+			/* IV */
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+			/* Data */
+			0xf9, 0x99, 0x5b, 0x32, 0xfc, 0x7d, 0x0f, 0xcb,
+			0x25, 0x0c, 0x9f, 0x11, 0xc5, 0xc7, 0x5e, 0x46,
+			0x1d, 0x01, 0x2f, 0xd5, 0xb3, 0x6b, 0x02, 0x30,
+			0x8a, 0x0c, 0x85, 0xa9, 0xca, 0x87, 0x6f, 0x17,
+			0x3f, 0xb0, 0x03, 0x6c, 0xa5, 0x16, 0x1d, 0x1e,
+			0x67, 0x5e, 0x70, 0x1a, 0x76, 0xe7, 0x12, 0x0e,
+			0x19, 0x2b, 0x5d, 0xe3, 0x4c, 0x51, 0xb3, 0x3a,
+			0x1b, 0x7e, 0xd0, 0x21, 0x76, 0x44, 0xcd, 0xb0,
+			0xe8, 0x6d, 0xe3, 0x92, 0xad, 0xa1, 0xad, 0x26,
+			0x9c, 0xec, 0x2a, 0x65, 0x51, 0xd4, 0xa4, 0xa9,
+			0x97, 0x5b, 0x1e, 0xdd, 0x24, 0x47, 0x16, 0x3a,
+			0x2d, 0xf3, 0x80, 0x50, 0xd5, 0xbd, 0x4a, 0x98,
+		},
+		.len = 152,
+	},
+	.iv = {
+		.data = {
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 52,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+				.key.length = 24,
+				.iv.length = 8,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+				.key.length = 32,
+				.digest_length = 16,
+			},
+		},
+	},
+};
+
+struct ipsec_test_data pkt_des_cbc_hmac_sha256_v6 = {
+	.key = {
+		.data = {
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+			0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38,
+			0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
+			0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad,
+			0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87,
+			0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c,
+			0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6,
+			0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a,
+			0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07,
+		},
+		.len = 72,
+	},
+	.output_text = {
+		.data = {
+			/* IP - outer header */
+			0x60, 0x00, 0x00, 0x00, 0x00, 0x70, 0x32, 0x40,
+			0x0c, 0x03, 0x40, 0x0c, 0xf8, 0xb0, 0x26, 0x07,
+			0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0xde, 0xad, 0xe5, 0xbf, 0x04, 0x70, 0x20, 0x01,
+			0x48, 0x87, 0xe8, 0x2c, 0x21, 0x74, 0x49, 0x57,
+
+			/* ESP */
+			0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x01,
+
+			/* IV */
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+			/* Data */
+			0x6e, 0xf8, 0x1e, 0x91, 0x77, 0x7f, 0x61, 0x77,
+			0xcd, 0x1a, 0x9d, 0xb4, 0x4c, 0xf8, 0x9a, 0x89,
+			0xa7, 0x7a, 0xf8, 0x2a, 0x2e, 0x54, 0xa5, 0x0a,
+			0xe3, 0x60, 0xb9, 0x21, 0xe1, 0xc6, 0x7f, 0x56,
+			0x92, 0x76, 0xc3, 0x33, 0x95, 0x93, 0x0d, 0xb8,
+			0xce, 0xb9, 0x0e, 0x32, 0xe6, 0xf1, 0x86, 0x81,
+			0x73, 0xc9, 0x62, 0x2e, 0x5d, 0x9b, 0xb4, 0xd5,
+			0x68, 0xda, 0xb1, 0x87, 0x78, 0x22, 0xc0, 0x9a,
+			0x1c, 0xa1, 0x53, 0x1b, 0x67, 0xea, 0x6d, 0x58,
+			0x1a, 0xd8, 0xc3, 0x95, 0xa0, 0xc3, 0x7a, 0xb6,
+			0xfe, 0xb1, 0x49, 0xa8, 0xad, 0x1a, 0x21, 0xc2,
+			0x01, 0x42, 0xa6, 0xf2, 0x3d, 0x7f, 0xb0, 0x6d,
+
+		},
+		.len = 152,
+	},
+	.iv = {
+		.data = {
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 58,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_DES_CBC,
+				.key.length = 8,
+				.iv.length = 8,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+				.key.length = 32,
+				.digest_length = 16,
+			},
+		},
+	},
+};
+
 struct ipsec_test_data pkt_aes_128_gcm_frag = {
 	.key = {
 		.data = {
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 19297d3628..289778d9be 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -63,6 +63,14 @@ extern struct ipsec_test_data pkt_aes_128_cbc_null;
 extern struct ipsec_test_data pkt_null_aes_xcbc;
 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha384;
 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha512;
+extern struct ipsec_test_data pkt_3des_cbc_hmac_sha256;
+extern struct ipsec_test_data pkt_3des_cbc_hmac_sha384;
+extern struct ipsec_test_data pkt_3des_cbc_hmac_sha512;
+extern struct ipsec_test_data pkt_3des_cbc_hmac_sha256_v6;
+extern struct ipsec_test_data pkt_des_cbc_hmac_sha256;
+extern struct ipsec_test_data pkt_des_cbc_hmac_sha384;
+extern struct ipsec_test_data pkt_des_cbc_hmac_sha512;
+extern struct ipsec_test_data pkt_des_cbc_hmac_sha256_v6;
 
 static struct rte_mempool *mbufpool;
 static struct rte_mempool *sess_pool;
@@ -2584,6 +2592,21 @@ static struct unit_test_suite inline_ipsec_testsuite  = {
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
 			test_ipsec_inline_proto_known_vec,
 			&pkt_aes_128_cbc_hmac_sha512),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec,
+			&pkt_3des_cbc_hmac_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA384 [24B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec,
+			&pkt_3des_cbc_hmac_sha384),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA512 [32B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec,
+			&pkt_3des_cbc_hmac_sha512),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
@@ -2593,11 +2616,36 @@ static struct unit_test_suite inline_ipsec_testsuite  = {
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
 			test_ipsec_inline_proto_known_vec,
 			&pkt_aes_128_cbc_hmac_sha256_v6),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv6 3DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec,
+			&pkt_3des_cbc_hmac_sha256_v6),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Outbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
 			test_ipsec_inline_proto_known_vec,
 			&pkt_null_aes_xcbc),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec,
+			&pkt_des_cbc_hmac_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec,
+			&pkt_des_cbc_hmac_sha384),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec,
+			&pkt_des_cbc_hmac_sha512),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec,
+			&pkt_des_cbc_hmac_sha256_v6),
 
 		TEST_CASE_NAMED_WITH_DATA(
 			"Outbound fragmented packet",
@@ -2636,6 +2684,21 @@ static struct unit_test_suite inline_ipsec_testsuite  = {
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
 			test_ipsec_inline_proto_known_vec_inb,
 			&pkt_aes_128_cbc_hmac_sha512),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec_inb,
+			&pkt_3des_cbc_hmac_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA384 [24B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec_inb,
+			&pkt_3des_cbc_hmac_sha384),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA512 [32B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec_inb,
+			&pkt_3des_cbc_hmac_sha512),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
@@ -2645,11 +2708,37 @@ static struct unit_test_suite inline_ipsec_testsuite  = {
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
 			test_ipsec_inline_proto_known_vec_inb,
 			&pkt_aes_128_cbc_hmac_sha256_v6),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv6 3DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec_inb,
+			&pkt_3des_cbc_hmac_sha256_v6),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Inbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
 			test_ipsec_inline_proto_known_vec_inb,
 			&pkt_null_aes_xcbc),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec_inb,
+			&pkt_des_cbc_hmac_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec_inb,
+			&pkt_des_cbc_hmac_sha384),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec_inb,
+			&pkt_des_cbc_hmac_sha512),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec_inb,
+			&pkt_des_cbc_hmac_sha256_v6),
+
 
 		TEST_CASE_NAMED_ST(
 			"Combined test alg list",
-- 
2.25.1

[PATCH 2/6] test/security: add unit tests for auth algo MD5

[Tejasree Kondoj]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test cases for MD5 auth algo.
Add the test vectors for MD5 auth algo.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev_security_ipsec.h      |   6 +
 ...st_cryptodev_security_ipsec_test_vectors.h | 107 ++++++++++++++++++
 app/test/test_security_inline_proto.c         |  11 ++
 3 files changed, 124 insertions(+)

diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 95e86a05e0..9147d1c0d6 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -193,6 +193,12 @@ static const struct crypto_param auth_list[] = {
 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
 		.alg.auth =  RTE_CRYPTO_AUTH_NULL,
 	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_MD5_HMAC,
+		.key_length = 12,
+		.digest_length = 12,
+	},
 	{
 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
 		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index 18ffceddce..2686bbeb62 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -633,6 +633,113 @@ struct ipsec_test_data pkt_aes_256_gcm_v6 = {
 	},
 };
 
+struct ipsec_test_data pkt_aes_128_cbc_md5 = {
+	.key = {
+		.data = {
+			0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x0a, 0x0b, 0x0c, 0x0f, 0x00, 0x00,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+			0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+			0xc0, 0xa8, 0x01, 0x70,
+
+			/* UDP */
+			0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+			0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			/* IP - outer header */
+			0x45, 0x00, 0x00, 0x78, 0x00, 0x01, 0x00, 0x00,
+			0x40, 0x32, 0x52, 0x51, 0x14, 0x00, 0x00, 0x01,
+			0x14, 0x00, 0x00, 0x02,
+
+			/* ESP */
+			0x00, 0x00, 0x00, 0x3c, 0x00, 0x00, 0x00, 0x01,
+
+			/* IV */
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+			0x20, 0xbf, 0xe8, 0x39, 0x00, 0x00, 0x00, 0x00,
+
+			/* Data */
+			0x67, 0xb5, 0x46, 0x6e, 0x78, 0x17, 0xd3, 0x5a,
+			0xac, 0x62, 0x62, 0x62, 0xb0, 0x57, 0x9b, 0x09,
+			0x19, 0x4f, 0x06, 0x59, 0xc8, 0xb0, 0x30, 0x65,
+			0x1f, 0x45, 0x57, 0x41, 0x72, 0x17, 0x28, 0xe9,
+			0xad, 0x50, 0xbe, 0x44, 0x1d, 0x2d, 0x9a, 0xd0,
+			0x48, 0x75, 0x0d, 0x1c, 0x8d, 0x24, 0xa8, 0x6f,
+			0x6b, 0x24, 0xb6, 0x5d, 0x43, 0x1e, 0x55, 0xf0,
+			0xf7, 0x14, 0x1f, 0xf2, 0x61, 0xd4, 0xe0, 0x30,
+			0xff, 0xd7, 0x3f, 0xb4, 0x7c, 0x30, 0xdb, 0xeb,
+			0xf3, 0x95, 0xbf, 0xcd,
+		},
+		.len = 120,
+	},
+	.iv = {
+		.data = {
+			0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+			0x20, 0xbf, 0xe8, 0x39, 0x00, 0x00, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 60,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+				.key.length = 16,
+				.iv.length = 16,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
+				.key.length = 16,
+				.digest_length = 12,
+			},
+		},
+	},
+};
+
 struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
 	.key = {
 		.data = {
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 289778d9be..feef54f538 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -71,6 +71,7 @@ extern struct ipsec_test_data pkt_des_cbc_hmac_sha256;
 extern struct ipsec_test_data pkt_des_cbc_hmac_sha384;
 extern struct ipsec_test_data pkt_des_cbc_hmac_sha512;
 extern struct ipsec_test_data pkt_des_cbc_hmac_sha256_v6;
+extern struct ipsec_test_data pkt_aes_128_cbc_md5;
 
 static struct rte_mempool *mbufpool;
 static struct rte_mempool *sess_pool;
@@ -2577,6 +2578,11 @@ static struct unit_test_suite inline_ipsec_testsuite  = {
 			"Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
 			test_ipsec_inline_proto_known_vec, &pkt_aes_256_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec,
+			&pkt_aes_128_cbc_md5),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
@@ -2669,6 +2675,11 @@ static struct unit_test_suite inline_ipsec_testsuite  = {
 			"Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)",
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
 			test_ipsec_inline_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])",
+			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+			test_ipsec_inline_proto_known_vec_inb,
+			&pkt_aes_128_cbc_md5),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
 			ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
-- 
2.25.1

[PATCH 3/6] test/security: update antireplay unit test for event mode

[Tejasree Kondoj]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

With event mode is enabled, send and receive packets via event dev

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_security_inline_proto.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index feef54f538..700ed3844b 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -1378,8 +1378,13 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
 						tx_pkt, NULL);
 			tx_pkt->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD;
 		}
+
 		/* Send packet to ethdev for inline IPsec processing. */
-		nb_sent = rte_eth_tx_burst(port_id, 0, &tx_pkt, 1);
+		if (event_mode_enabled)
+			nb_sent = event_tx_burst(&tx_pkt, 1);
+		else
+			nb_sent = rte_eth_tx_burst(port_id, 0, &tx_pkt, 1);
+
 		if (nb_sent != 1) {
 			printf("\nUnable to TX packets");
 			rte_pktmbuf_free(tx_pkt);
@@ -1390,11 +1395,14 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
 		rte_pause();
 
 		/* Receive back packet on loopback interface. */
-		do {
-			rte_delay_ms(1);
-			nb_rx = rte_eth_rx_burst(port_id, 0, &rx_pkt, 1);
-		} while (nb_rx == 0);
-
+		if (event_mode_enabled)
+			nb_rx = event_rx_burst(&rx_pkt, nb_sent);
+		else {
+			do {
+				rte_delay_ms(1);
+				nb_rx = rte_eth_rx_burst(port_id, 0, &rx_pkt, 1);
+			} while (nb_rx == 0);
+		}
 		rte_pktmbuf_adj(rx_pkt, RTE_ETHER_HDR_LEN);
 
 		if (res_d != NULL)
-- 
2.25.1

[PATCH 4/6] test/crypto: check antireply capability only for ingress

[Tejasree Kondoj]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Antireplay is supported only for ingress. Check this
capability only for ingress.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev_security_ipsec.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index cb77b39dbb..3219b41e39 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -202,11 +202,13 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 		return -ENOTSUP;
 	}
 
-	if (ipsec_xform->replay_win_sz > sec_cap->ipsec.replay_win_sz_max) {
-		if (!silent)
-			RTE_LOG(INFO, USER1,
-				"Replay window size is not supported\n");
-		return -ENOTSUP;
+	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+		if (ipsec_xform->replay_win_sz > sec_cap->ipsec.replay_win_sz_max) {
+			if (!silent)
+				RTE_LOG(INFO, USER1,
+					"Replay window size is not supported\n");
+			return -ENOTSUP;
+		}
 	}
 
 	return 0;
-- 
2.25.1

[PATCH 5/6] test/crypto: add unit tests for DES and MD5

[Tejasree Kondoj]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test cases for auth algo MD5.
Add unit test cases for cipher DES-CBC.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                | 50 ++++++++++++++++++++++++
 app/test/test_cryptodev_security_ipsec.h |  2 +-
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index c2b33686ed..96941dd55c 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -15179,6 +15179,11 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Outbound known vector (ESP tunnel mode IPv4 AES-CCM 256)",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec, &pkt_aes_256_ccm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec,
+			&pkt_aes_128_cbc_md5),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
 			ut_setup_security, ut_teardown,
@@ -15208,6 +15213,26 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec,
 			&pkt_null_aes_xcbc),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec,
+			&pkt_des_cbc_hmac_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec,
+			&pkt_des_cbc_hmac_sha384),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec,
+			&pkt_des_cbc_hmac_sha512),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec,
+			&pkt_des_cbc_hmac_sha256_v6),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Outbound known vector (AH tunnel mode IPv4 HMAC-SHA256)",
 			ut_setup_security, ut_teardown,
@@ -15248,6 +15273,11 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb,
+			&pkt_aes_128_cbc_md5),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
 			ut_setup_security, ut_teardown,
@@ -15277,6 +15307,26 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec_inb,
 			&pkt_null_aes_xcbc),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb,
+			&pkt_des_cbc_hmac_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb,
+			&pkt_des_cbc_hmac_sha384),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb,
+			&pkt_des_cbc_hmac_sha512),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb,
+			&pkt_des_cbc_hmac_sha256_v6),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Inbound known vector (AH tunnel mode IPv4 HMAC-SHA256)",
 			ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 9147d1c0d6..b98f4741b2 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -196,7 +196,7 @@ static const struct crypto_param auth_list[] = {
 	{
 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
 		.alg.auth =  RTE_CRYPTO_AUTH_MD5_HMAC,
-		.key_length = 12,
+		.key_length = 16,
 		.digest_length = 12,
 	},
 	{
-- 
2.25.1

[PATCH 6/6] test/crypto: add unit test for custom UDP ports

[Tejasree Kondoj]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test for custom UDP ports with UDP encapsulation.
Verify UDP header in egress path for all unit tests.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                | 21 +++++++
 app/test/test_cryptodev_security_ipsec.c | 71 ++++++++++++++++++------
 app/test/test_cryptodev_security_ipsec.h |  1 +
 3 files changed, 76 insertions(+), 17 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 96941dd55c..43fcef7e73 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9892,6 +9892,23 @@ test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
 	return test_ipsec_proto_all(&flags);
 }
 
+static int
+test_ipsec_proto_udp_encap_custom_ports(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	if (gbl_driver_id == rte_cryptodev_driver_id_get(
+			RTE_STR(CRYPTODEV_NAME_CN10K_PMD)))
+		return TEST_SKIPPED;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.udp_encap = true;
+	flags.udp_encap_custom_ports = true;
+
+	return test_ipsec_proto_all(&flags);
+}
+
 static int
 test_ipsec_proto_udp_encap(const void *data __rte_unused)
 {
@@ -15358,6 +15375,10 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			"UDP encapsulation",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_udp_encap),
+		TEST_CASE_NAMED_ST(
+			"UDP encapsulation with custom ports",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_udp_encap_custom_ports),
 		TEST_CASE_NAMED_ST(
 			"UDP encapsulation ports verification test",
 			ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 3219b41e39..d64e07f226 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -14,6 +14,8 @@
 #include "test_cryptodev_security_ipsec.h"
 
 #define IV_LEN_MAX 16
+#define UDP_CUSTOM_SPORT 4650
+#define UDP_CUSTOM_DPORT 4660
 
 #ifndef IPVERSION
 #define IPVERSION 4
@@ -508,6 +510,11 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 
 		if (flags->dec_ttl_or_hop_limit)
 			td->ipsec_xform.options.dec_ttl = 1;
+
+		if (flags->udp_encap && flags->udp_encap_custom_ports) {
+			td->ipsec_xform.udp.sport = UDP_CUSTOM_SPORT;
+			td->ipsec_xform.udp.dport = UDP_CUSTOM_DPORT;
+		}
 	}
 }
 
@@ -765,23 +772,6 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 
 	if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
 	   flags->udp_encap) {
-		const struct rte_ipv4_hdr *iph4;
-		const struct rte_ipv6_hdr *iph6;
-
-		if (td->ipsec_xform.tunnel.type ==
-				RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
-			iph4 = (const struct rte_ipv4_hdr *)output_text;
-			if (iph4->next_proto_id != IPPROTO_UDP) {
-				printf("UDP header is not found\n");
-				return TEST_FAILED;
-			}
-		} else {
-			iph6 = (const struct rte_ipv6_hdr *)output_text;
-			if (iph6->proto != IPPROTO_UDP) {
-				printf("UDP header is not found\n");
-				return TEST_FAILED;
-			}
-		}
 
 		len -= sizeof(struct rte_udp_hdr);
 		output_text += sizeof(struct rte_udp_hdr);
@@ -1043,6 +1033,53 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		}
 	}
 
+	if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+	   flags->udp_encap) {
+		const struct rte_ipv4_hdr *iph4;
+		const struct rte_ipv6_hdr *iph6;
+
+		if (td->ipsec_xform.tunnel.type ==
+				RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+			iph4 = (const struct rte_ipv4_hdr *)output_text;
+
+			if (iph4->next_proto_id != IPPROTO_UDP) {
+				printf("UDP header is not found\n");
+				return TEST_FAILED;
+			}
+
+			if (flags->udp_encap_custom_ports) {
+				const struct rte_udp_hdr *udph;
+
+				udph = (const struct rte_udp_hdr *)(output_text +
+					sizeof(struct rte_ipv4_hdr));
+				if ((rte_be_to_cpu_16(udph->src_port) != UDP_CUSTOM_SPORT) ||
+				    (rte_be_to_cpu_16(udph->dst_port) != UDP_CUSTOM_DPORT)) {
+					printf("UDP custom ports not matching.\n");
+					return TEST_FAILED;
+				}
+			}
+		} else {
+			iph6 = (const struct rte_ipv6_hdr *)output_text;
+
+			if (iph6->proto != IPPROTO_UDP) {
+				printf("UDP header is not found\n");
+				return TEST_FAILED;
+			}
+
+			if (flags->udp_encap_custom_ports) {
+				const struct rte_udp_hdr *udph;
+
+				udph = (const struct rte_udp_hdr *)(output_text +
+					sizeof(struct rte_ipv6_hdr));
+				if ((rte_be_to_cpu_16(udph->src_port) != UDP_CUSTOM_SPORT) ||
+				    (rte_be_to_cpu_16(udph->dst_port) != UDP_CUSTOM_DPORT)) {
+					printf("UDP custom ports not matching.\n");
+					return TEST_FAILED;
+				}
+			}
+		}
+	}
+
 	/*
 	 * In case of known vector tests & all inbound tests, res_d provided
 	 * would be NULL and output data need to be validated against expected.
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index b98f4741b2..008b17c290 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -93,6 +93,7 @@ struct ipsec_test_flags {
 	uint32_t tunnel_hdr_verify;
 	bool udp_encap;
 	bool udp_ports_verify;
+	bool udp_encap_custom_ports;
 	bool ip_csum;
 	bool l4_csum;
 	bool ipv6;
-- 
2.25.1

RE: [PATCH 5/6] test/crypto: add unit tests for DES and MD5

[Akhil Goyal]

> diff --git a/app/test/test_cryptodev_security_ipsec.h
> b/app/test/test_cryptodev_security_ipsec.h
> index 9147d1c0d6..b98f4741b2 100644
> --- a/app/test/test_cryptodev_security_ipsec.h
> +++ b/app/test/test_cryptodev_security_ipsec.h
> @@ -196,7 +196,7 @@ static const struct crypto_param auth_list[] = {
>  	{
>  		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
>  		.alg.auth =  RTE_CRYPTO_AUTH_MD5_HMAC,
> -		.key_length = 12,
> +		.key_length = 16,
>  		.digest_length = 12,
>  	},
Above change should not be part of this patch.
Squash with 2/6 patch.