diff mbox series

[API-NEXT,v5,5/9] test: validation: add IPsec API testsuite

Message ID 1500908444-7531-6-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v5,1/9] linux-gen: pktio: loop: support IPsec outbound inline | expand

Commit Message

Github ODP bot July 24, 2017, 3 p.m. UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Add several basic tests for IPsec API.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 81 (lumag:ipsec-packet-impl-2)
 ** https://github.com/Linaro/odp/pull/81
 ** Patch: https://github.com/Linaro/odp/pull/81.patch
 ** Base sha: db7cc41aeb559dd296f3a6d8570aa10326a31d5e
 ** Merge commit sha: ba0b39db1fc90b24a3db1e85e00c2c485b235a47
 **/
 test/common_plat/validation/api/ipsec/Makefile.am  |  11 +-
 test/common_plat/validation/api/ipsec/ipsec.c      | 876 ++++++++++++++++++++-
 test/common_plat/validation/api/ipsec/ipsec.h      |  68 +-
 .../validation/api/ipsec/ipsec_test_in.c           | 831 +++++++++++++++++++
 .../validation/api/ipsec/ipsec_test_out.c          | 347 ++++++++
 .../validation/api/ipsec/test_vectors.h            | 728 +++++++++++++++++
 6 files changed, 2850 insertions(+), 11 deletions(-)
 create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_in.c
 create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_out.c
 create mode 100644 test/common_plat/validation/api/ipsec/test_vectors.h

Comments

Kevin Wang July 27, 2017, 2:17 a.m. UTC | #1
2017-07-24 23:00 GMT+08:00 Github ODP bot <odpbot@yandex.ru>:

> From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

>

> Add several basic tests for IPsec API.

>

> Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

> ---

> /** Email created from pull request 81 (lumag:ipsec-packet-impl-2)

>  ** https://github.com/Linaro/odp/pull/81

>  ** Patch: https://github.com/Linaro/odp/pull/81.patch

>  ** Base sha: db7cc41aeb559dd296f3a6d8570aa10326a31d5e

>  ** Merge commit sha: ba0b39db1fc90b24a3db1e85e00c2c485b235a47

>  **/

>  test/common_plat/validation/api/ipsec/Makefile.am  |  11 +-

>  test/common_plat/validation/api/ipsec/ipsec.c      | 876

> ++++++++++++++++++++-

>  test/common_plat/validation/api/ipsec/ipsec.h      |  68 +-

>  .../validation/api/ipsec/ipsec_test_in.c           | 831

> +++++++++++++++++++

>  .../validation/api/ipsec/ipsec_test_out.c          | 347 ++++++++

>  .../validation/api/ipsec/test_vectors.h            | 728

> +++++++++++++++++

>  6 files changed, 2850 insertions(+), 11 deletions(-)

>  create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_in.c

>  create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_out.c

>  create mode 100644 test/common_plat/validation/api/ipsec/test_vectors.h

>

> diff --git a/test/common_plat/validation/api/ipsec/Makefile.am

> b/test/common_plat/validation/api/ipsec/Makefile.am

> index 106b8dce..9dba31fd 100644

> --- a/test/common_plat/validation/api/ipsec/Makefile.am

> +++ b/test/common_plat/validation/api/ipsec/Makefile.am

> @@ -1,10 +1,15 @@

>  include ../Makefile.inc

>

> +AM_CPPFLAGS += -Wno-error=missing-field-initializers

> +

>  noinst_LTLIBRARIES = libtestipsec.la

> -libtestipsec_la_SOURCES = ipsec.c

> +libtestipsec_la_SOURCES = \

> +       test_vectors.h \

> +       ipsec_test_in.c \

> +       ipsec_test_out.c \

> +       ipsec.h \

> +       ipsec.c

>

>  test_PROGRAMS = ipsec_main$(EXEEXT)

>  dist_ipsec_main_SOURCES = ipsec_main.c

>  ipsec_main_LDADD = libtestipsec.la $(LIBCUNIT_COMMON) $(LIBODP)

> -

> -EXTRA_DIST = ipsec.h

> diff --git a/test/common_plat/validation/api/ipsec/ipsec.c

> b/test/common_plat/validation/api/ipsec/ipsec.c

> index 78348032..910901d6 100644

> --- a/test/common_plat/validation/api/ipsec/ipsec.c

> +++ b/test/common_plat/validation/api/ipsec/ipsec.c

> @@ -10,6 +10,629 @@

>

>  #include "ipsec.h"

>

> +#include "test_vectors.h"

> +

> +struct suite_context_s suite_context;

> +

> +#define PKT_POOL_NUM  64

> +#define PKT_POOL_LEN  (1 * 1024)

> +

> +static

> +odp_pktio_t pktio_create(odp_queue_type_t q_type, odp_pool_t pool)

> +{

> +       odp_pktio_t pktio;

> +       odp_pktio_param_t pktio_param;

> +       odp_pktin_queue_param_t pktin_param;

> +       odp_pktio_capability_t capa;

> +

> +       int ret;

> +

> +       if (pool == ODP_POOL_INVALID)

> +               return ODP_PKTIO_INVALID;

> +

> +       odp_pktio_param_init(&pktio_param);

> +       if (q_type == ODP_QUEUE_TYPE_PLAIN)

> +               pktio_param.in_mode = ODP_PKTIN_MODE_QUEUE;

> +       else

> +               pktio_param.in_mode = ODP_PKTIN_MODE_SCHED;

> +

> +       pktio = odp_pktio_open("loop", pool, &pktio_param);

> +       if (pktio == ODP_PKTIO_INVALID) {

> +               ret = odp_pool_destroy(pool);

> +               if (ret)

> +                       fprintf(stderr, "unable to destroy pool.\n");

> +               return ODP_PKTIO_INVALID;

> +       }

> +

> +       if (odp_pktio_capability(pktio, &capa)) {

> +               fprintf(stderr, "pktio capabilities failed.\n");

> +               return ODP_PKTIO_INVALID;

> +       }

> +

> +       odp_pktin_queue_param_init(&pktin_param);

> +       pktin_param.queue_param.sched.sync = ODP_SCHED_SYNC_ATOMIC;

> +

> +       if (odp_pktin_queue_config(pktio, &pktin_param)) {

> +               fprintf(stderr, "pktin queue config failed.\n");

> +               return ODP_PKTIO_INVALID;

> +       }

> +

> +       if (odp_pktout_queue_config(pktio, NULL)) {

> +               fprintf(stderr, "pktout queue config failed.\n");

> +               return ODP_PKTIO_INVALID;

> +       }

> +

> +       return pktio;

> +}

> +

> +static

> +int pktio_start(odp_bool_t in, odp_bool_t out)

> +{

> +       odp_pktio_t pktio;

> +       odp_pktio_capability_t capa;

> +       odp_pktio_config_t config;

> +

> +       pktio = odp_pktio_lookup("loop");

> +       if (ODP_PKTIO_INVALID == pktio)

> +               return -1;

> +       if (odp_pktio_capability(pktio, &capa))

> +               return -1;

> +       /* If inline is not supported, return here. Tests will be marked as

> +        * inactive when testing for IPsec capabilities. */

> +       if (in && !capa.config.inbound_ipsec)

> +               return 0;

> +       if (out && !capa.config.outbound_ipsec)

> +               return 0;

> +

> +       odp_pktio_config_init(&config);

> +       config.parser.layer = ODP_PKTIO_PARSER_LAYER_ALL;

> +       config.inbound_ipsec = in;

> +       config.outbound_ipsec = out;

> +

> +       if (odp_pktio_config(pktio, &config))

> +               return -1;

> +       if (odp_pktio_start(pktio))

> +               return -1;

> +

> +       suite_context.pktio = pktio;

> +

> +       return 1;

> +}

> +

> +static

> +void pktio_stop(odp_pktio_t pktio)

> +{

> +       if (odp_pktio_stop(pktio))

> +               fprintf(stderr, "IPsec pktio stop failed.\n");

> +

> +       while (1) {

> +               odp_event_t ev = odp_schedule(NULL, ODP_SCHED_NO_WAIT);

> +

> +               if (ev != ODP_EVENT_INVALID)

> +                       odp_event_free(ev);

> +               else

> +                       break;

> +       }

> +}

> +

> +int ipsec_check(odp_bool_t ah,

> +               odp_cipher_alg_t cipher,

> +               odp_auth_alg_t auth)

> +{

> +       odp_ipsec_capability_t capa;

> +       odp_crypto_cipher_capability_t cipher_capa;

> +       odp_crypto_auth_capability_t auth_capa;

> +

> +       if (odp_ipsec_capability(&capa) < 0)

> +               return ODP_TEST_INACTIVE;

> +

> +       if ((ODP_IPSEC_OP_MODE_SYNC == suite_context.inbound_op_mode &&

> +            ODP_SUPPORT_NO == capa.op_mode_sync) ||

> +           (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode &&

> +            ODP_SUPPORT_NO == capa.op_mode_sync) ||

> +           (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode &&

> +            ODP_SUPPORT_NO == capa.op_mode_async) ||

> +           (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode &&

> +            ODP_SUPPORT_NO == capa.op_mode_async) ||

> +           (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode &&

> +            ODP_SUPPORT_NO == capa.op_mode_inline_in) ||

> +           (ODP_IPSEC_OP_MODE_INLINE == suite_context.outbound_op_mode &&

> +            ODP_SUPPORT_NO == capa.op_mode_inline_out))

> +               return ODP_TEST_INACTIVE;

> +

> +       if (ah && (ODP_SUPPORT_NO == capa.proto_ah))

> +               return ODP_TEST_INACTIVE;

> +

> +       /* Cipher algorithms */

> +       switch (cipher) {

> +       case ODP_CIPHER_ALG_NULL:

> +               if (!capa.ciphers.bit.null)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       case ODP_CIPHER_ALG_DES:

> +               if (!capa.ciphers.bit.des)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       case ODP_CIPHER_ALG_3DES_CBC:

> +               if (!capa.ciphers.bit.trides_cbc)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       case ODP_CIPHER_ALG_AES_CBC:

> +               if (!capa.ciphers.bit.aes_cbc)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       case ODP_CIPHER_ALG_AES_GCM:

> +               if (!capa.ciphers.bit.aes_gcm)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       default:

> +               fprintf(stderr, "Unsupported cipher algorithm\n");

> +               return ODP_TEST_INACTIVE;

> +       }

> +

> +       /* Authentication algorithms */

> +       switch (auth) {

> +       case ODP_AUTH_ALG_NULL:

> +               if (!capa.auths.bit.null)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       case ODP_AUTH_ALG_MD5_HMAC:

> +               if (!capa.auths.bit.md5_hmac)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       case ODP_AUTH_ALG_SHA1_HMAC:

> +               if (!capa.auths.bit.sha1_hmac)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       case ODP_AUTH_ALG_SHA256_HMAC:

> +               if (!capa.auths.bit.sha256_hmac)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       case ODP_AUTH_ALG_SHA512_HMAC:

> +               if (!capa.auths.bit.sha512_hmac)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       case ODP_AUTH_ALG_AES_GCM:

> +               if (!capa.auths.bit.aes_gcm)

> +                       return ODP_TEST_INACTIVE;

> +               break;

> +       default:

> +               fprintf(stderr, "Unsupported authentication algorithm\n");

> +               return ODP_TEST_INACTIVE;

> +       }

> +

> +       if (odp_ipsec_cipher_capability(cipher, &cipher_capa, 1) <= 0) {

> +               fprintf(stderr, "Wrong cipher capabilities\n");

> +               return ODP_TEST_INACTIVE;

> +       }

> +

> +       if (odp_ipsec_auth_capability(auth, &auth_capa, 1) <= 0) {

> +               fprintf(stderr, "Wrong auth capabilities\n");

> +               return ODP_TEST_INACTIVE;

> +       }

> +

> +       return ODP_TEST_ACTIVE;

> +}

> +

> +int ipsec_check_ah_sha256(void)

> +{

> +       return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC);

> +}

> +

> +int ipsec_check_esp_null_sha256(void)

> +{

> +       return  ipsec_check_esp(ODP_CIPHER_ALG_NULL,

> +                               ODP_AUTH_ALG_SHA256_HMAC);

> +}

> +

> +int ipsec_check_esp_aes_cbc_null(void)

> +{

> +       return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC,

> +                               ODP_AUTH_ALG_NULL);

> +}

> +

> +int ipsec_check_esp_aes_cbc_sha256(void)

> +{

> +       return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC,

> +                               ODP_AUTH_ALG_SHA256_HMAC);

> +}

> +

> +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,

> +                        odp_bool_t in,

> +                        odp_bool_t ah,

> +                        uint32_t spi,

> +                        odp_ipsec_tunnel_param_t *tun,

> +                        odp_cipher_alg_t cipher_alg,

> +                        const odp_crypto_key_t *cipher_key,

> +                        odp_auth_alg_t auth_alg,

> +                        const odp_crypto_key_t *auth_key)

> +{

> +       odp_ipsec_sa_param_init(param);

> +       param->dir = in ? ODP_IPSEC_DIR_INBOUND :

> +                         ODP_IPSEC_DIR_OUTBOUND;

> +       if (in)

> +               param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI;

> +

> +       param->proto = ah ? ODP_IPSEC_AH :

> +                           ODP_IPSEC_ESP;

> +

> +       if (tun) {

> +               param->mode = ODP_IPSEC_MODE_TUNNEL;

> +               if (!in)

> +                       param->outbound.tunnel = *tun;

> +       } else {

> +               param->mode = ODP_IPSEC_MODE_TRANSPORT;

> +       }

> +

> +       param->spi = spi;

> +

> +       param->dest_queue = suite_context.queue;

> +

> +       if (cipher_key) {

> +               param->crypto.cipher_alg = cipher_alg;

> +               param->crypto.cipher_key = *cipher_key;

> +       }

> +

> +       if (auth_key) {

> +               param->crypto.auth_alg = auth_alg;

> +               param->crypto.auth_key = *auth_key;

> +       }

> +}

> +

> +void ipsec_sa_destroy(odp_ipsec_sa_t sa)

> +{

> +       odp_event_t event;

> +       odp_ipsec_status_t status;

> +

> +       CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa));

> +

> +       if (ODP_QUEUE_INVALID != suite_context.queue) {

> +               do {

> +                       event = odp_queue_deq(suite_context.queue);

>

​For SCHED queue type,direct call odp_queue_deq() is not allowed.

> +               } while (event == ODP_EVENT_INVALID);

> +

> +               CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_STATUS,

> odp_event_type(event));

> +

> +               CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_status(&status,

> event));

> +

> +               CU_ASSERT_EQUAL(ODP_IPSEC_STATUS_SA_DISABLE, status.id);

> +               CU_ASSERT_EQUAL(sa, status.sa);

> +               CU_ASSERT_EQUAL(0, status.result);

> +               CU_ASSERT_EQUAL(0, status.warn.all);

> +

> +               odp_event_free(event);

> +       }

> +

> +       CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa));

> +}

> +

> +#define PACKET_USER_PTR        ((void *)0x1212fefe)

> +

> +odp_packet_t ipsec_packet(const ipsec_test_packet *itp)

> +{

> +       odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len);

> +

> +       CU_ASSERT_NOT_EQUAL(ODP_PACKET_INVALID, pkt);

> +       if (ODP_PACKET_INVALID == pkt)

> +               return pkt;

> +

> +       CU_ASSERT_EQUAL(0, odp_packet_copy_from_mem(pkt, 0, itp->len,

> +                                                   itp->data));

> +       if (itp->l2_offset != ODP_PACKET_OFFSET_INVALID)

> +               CU_ASSERT_EQUAL(0, odp_packet_l2_offset_set(pkt,

> +

>  itp->l2_offset));

> +       if (itp->l3_offset != ODP_PACKET_OFFSET_INVALID)

> +               CU_ASSERT_EQUAL(0, odp_packet_l3_offset_set(pkt,

> +

>  itp->l3_offset));

> +       if (itp->l4_offset != ODP_PACKET_OFFSET_INVALID)

> +               CU_ASSERT_EQUAL(0, odp_packet_l4_offset_set(pkt,

> +

>  itp->l4_offset));

> +

> +       odp_packet_user_ptr_set(pkt, PACKET_USER_PTR);

> +

> +       return pkt;

> +}

> +

> +/*

> + * Compare packages ignoring everything before L3 header

> + */

> +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t

> pkt)

> +{

> +       uint32_t len = (ODP_PACKET_INVALID == pkt) ? 1 :

> odp_packet_len(pkt);

> +       uint32_t l3, l4;

> +       uint8_t data[len];

> +

> +       if (!itp)

> +               return true;

> +

> +       if (ODP_PACKET_INVALID == pkt)

> +               return false;

> +

> +       CU_ASSERT_EQUAL(PACKET_USER_PTR, odp_packet_user_ptr(pkt));

> +

> +       l3 = odp_packet_l3_offset(pkt);

> +       l4 = odp_packet_l4_offset(pkt);

> +       odp_packet_copy_to_mem(pkt, 0, len, data);

> +

> +       if (len - l3 != itp->len - itp->l3_offset)

> +               return false;

> +

> +       if (l4 - l3 != itp->l4_offset - itp->l3_offset)

> +               return false;

> +

> +       return memcmp(data + l3,

> +                     itp->data + itp->l3_offset,

> +                     len - l3) ? false : true;

> +}

> +

> +static

> +int ipsec_send_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa,

> +                     odp_packet_t *pkto)

> +{

> +       odp_ipsec_in_param_t param;

> +       int num_out = part->out_pkt;

> +       odp_packet_t pkt;

> +       int i;

> +

> +       pkt = ipsec_packet(part->pkt_in);

> +

> +       memset(&param, 0, sizeof(param));

> +       if (!part->lookup) {

> +               param.num_sa = 1;

> +               param.sa = &sa;

> +       } else {

> +               param.num_sa = 0;

> +               param.sa = NULL;

> +       }

> +

> +       if (ODP_IPSEC_OP_MODE_SYNC == suite_context.inbound_op_mode) {

> +               CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_in(&pkt, 1,

> +                                                           pkto, &num_out,

> +                                                           &param));

> +               CU_ASSERT_EQUAL(num_out, part->out_pkt);

> +       } else if (ODP_IPSEC_OP_MODE_ASYNC ==

> suite_context.inbound_op_mode) {

> +               CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, &param));

> +

> +               for (i = 0; i < num_out; i++) {

> +                       odp_event_t event;

> +                       odp_event_subtype_t subtype;

> +

> +                       do {

> +                               event = odp_queue_deq(suite_context.

> queue);

> +                       } while (event == ODP_EVENT_INVALID);

> +

> +                       CU_ASSERT_EQUAL(ODP_EVENT_PACKET,

> +                                       odp_event_types(event, &subtype));

> +                       CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype);

> +                       pkto[i] = odp_ipsec_packet_from_event(event);

> +               }

> +       } else {

> +               odp_pktout_queue_t pktout;

> +

> +               CU_ASSERT_EQUAL_FATAL(1, odp_pktout_queue(suite_

> context.pktio,

> +                                                         &pktout, 1));

> +

> +               CU_ASSERT_EQUAL(1, odp_pktout_send(pktout, &pkt, 1));

> +

> +               for (i = 0; i < num_out;) {

> +                       odp_event_t ev;

> +                       odp_event_subtype_t subtype;

> +                       odp_queue_t queue;

> +

> +                       ev = odp_schedule(&queue, ODP_SCHED_WAIT);

> +                       CU_ASSERT_NOT_EQUAL(ODP_EVENT_INVALID, ev);

> +

> +                       if (ODP_EVENT_INVALID == ev)

> +                               continue;

> +

> +                       CU_ASSERT_EQUAL(ODP_EVENT_PACKET,

> +                                       odp_event_types(ev, &subtype));

> +                       if (queue == suite_context.queue) {

> +                               CU_ASSERT(!part->out[i].

> status.error.sa_lookup);

> +                               CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC,

> +                                               subtype);

> +                       } else {

> +                               CU_ASSERT(part->out[i].status.

> error.sa_lookup);

> +                               CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC,

> +                                               subtype);

> +                       }

> +                       pkto[i++] = odp_ipsec_packet_from_event(ev);

> +               }

> +       }

> +

> +       return num_out;

> +}

> +

> +static

> +int ipsec_send_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa,

> +                      odp_packet_t *pkto)

> +{

> +       odp_ipsec_out_param_t param;

> +       int num_out = part->out_pkt;

> +       odp_packet_t pkt;

> +       int i;

> +

> +       pkt = ipsec_packet(part->pkt_in);

> +

> +       memset(&param, 0, sizeof(param));

> +       param.num_sa = 1;

> +       param.sa = &sa;

> +       param.num_opt = 0;

> +       param.opt = NULL;

> +

> +       if (ODP_IPSEC_OP_MODE_SYNC == suite_context.outbound_op_mode) {

> +               CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&pkt, 1,

> +                                                            pkto,

> &num_out,

> +                                                            &param));

> +               CU_ASSERT_EQUAL(num_out, part->out_pkt);

> +       } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode)

> {

> +               CU_ASSERT_EQUAL(1, odp_ipsec_out_enq(&pkt, 1, &param));

> +

> +               for (i = 0; i < num_out; i++) {

> +                       odp_event_t event;

> +                       odp_event_subtype_t subtype;

> +

> +                       do {

> +                               event = odp_queue_deq(suite_context.

> queue);

> +                       } while (event == ODP_EVENT_INVALID);

> +

> +                       CU_ASSERT_EQUAL(ODP_EVENT_PACKET,

> +                                       odp_event_types(event, &subtype));

> +                       CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype);

> +                       pkto[i] = odp_ipsec_packet_from_event(event);

> +               }

> +       } else {

> +               struct odp_ipsec_out_inline_param_t inline_param;

> +

> +               inline_param.pktio = suite_context.pktio;

> +               inline_param.outer_hdr.ptr = part->out[0].pkt_out->data;

> +               inline_param.outer_hdr.len = part->out[0].pkt_out->l3_

> offset;

> +

> +               CU_ASSERT_EQUAL(1, odp_ipsec_out_inline(&pkt, 1, &param,

> +                                                       &inline_param));

> +

> +               for (i = 0; i < num_out;) {

> +                       odp_event_t ev;

> +                       odp_event_subtype_t subtype;

> +                       odp_queue_t queue;

> +

> +                       ev = odp_schedule(&queue, ODP_SCHED_WAIT);

> +                       CU_ASSERT_NOT_EQUAL(ODP_EVENT_INVALID, ev);

> +

> +                       if (ODP_EVENT_INVALID == ev)

> +                               continue;

> +

> +                       CU_ASSERT_EQUAL(ODP_EVENT_PACKET,

> +                                       odp_event_types(ev, &subtype));

> +                       if (queue == suite_context.queue) {

> +                               CU_ASSERT(part->out[i].status.error.all);

> +                               CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC,

> +                                               subtype);

> +                       } else {

> +                               CU_ASSERT(!part->out[i].status.error.all);

> +                               CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC,

> +                                               subtype);

> +                       }

> +                       pkto[i++] = odp_ipsec_packet_from_event(ev);

> +               }

> +       }

> +

> +       return num_out;

> +}

> +

> +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa)

> +{

> +       int num_out = part->out_pkt;

> +       odp_packet_t pkto[num_out];

> +       int i;

> +

> +       num_out = ipsec_send_in_one(part, sa, pkto);

> +

> +       for (i = 0; i < num_out; i++) {

> +               odp_ipsec_packet_result_t result;

> +

> +               if (ODP_PACKET_INVALID == pkto[i]) {

> +                       CU_FAIL("ODP_PACKET_INVALID received");

> +                       continue;

> +               }

> +

> +               if (ODP_EVENT_PACKET_IPSEC !=

> +                   odp_event_subtype(odp_packet_to_event(pkto[i]))) {

> +                       /* Inline packet went through loop */

> +                       CU_ASSERT_EQUAL(1, part->out[i].status.error.sa_

> lookup);

> +               } else {

> +                       CU_ASSERT_EQUAL(0, odp_ipsec_result(&result,

> pkto[i]));

> +                       CU_ASSERT_EQUAL(part->out[i].status.error.all,

> +                                       result.status.error.all);

> +                       CU_ASSERT_EQUAL(sa, result.sa);

> +               }

> +               CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out,

> +                                            pkto[i]));

> +               odp_packet_free(pkto[i]);

> +       }

> +}

> +

> +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa)

> +{

> +       int num_out = part->out_pkt;

> +       odp_packet_t pkto[num_out];

> +       int i;

> +

> +       num_out = ipsec_send_out_one(part, sa, pkto);

> +

> +       for (i = 0; i < num_out; i++) {

> +               odp_ipsec_packet_result_t result;

> +

> +               if (ODP_PACKET_INVALID == pkto[i]) {

> +                       CU_FAIL("ODP_PACKET_INVALID received");

> +                       continue;

> +               }

> +

> +               if (ODP_EVENT_PACKET_IPSEC !=

> +                   odp_event_subtype(odp_packet_to_event(pkto[i]))) {

> +                       /* Inline packet went through loop */

> +                       CU_ASSERT_EQUAL(0, part->out[i].status.error.all);

> +               } else {

> +                       /* IPsec packet */

> +                       CU_ASSERT_EQUAL(0, odp_ipsec_result(&result,

> pkto[i]));

> +                       CU_ASSERT_EQUAL(part->out[i].status.error.all,

> +                                       result.status.error.all);

> +                       CU_ASSERT_EQUAL(sa, result.sa);

> +               }

> +               CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out,

> +                                            pkto[i]));

> +               odp_packet_free(pkto[i]);

> +       }

> +}

> +

> +void ipsec_check_out_in_one(const ipsec_test_part *part,

> +                           odp_ipsec_sa_t sa,

> +                           odp_ipsec_sa_t sa_in)

> +{

> +       int num_out = part->out_pkt;

> +       odp_packet_t pkto[num_out];

> +       int i;

> +

> +       num_out = ipsec_send_out_one(part, sa, pkto);

> +

> +       for (i = 0; i < num_out; i++) {

> +               ipsec_test_part part_in = *part;

> +               ipsec_test_packet pkt_in;

> +               odp_ipsec_packet_result_t result;

> +

> +               if (ODP_PACKET_INVALID == pkto[i]) {

> +                       CU_FAIL("ODP_PACKET_INVALID received");

> +                       continue;

> +               }

> +

> +               if (ODP_EVENT_PACKET_IPSEC !=

> +                   odp_event_subtype(odp_packet_to_event(pkto[i]))) {

> +                       /* Inline packet went through loop */

> +                       CU_ASSERT_EQUAL(0, part->out[i].status.error.all);

> +               } else {

> +                       /* IPsec packet */

> +                       CU_ASSERT_EQUAL(0, odp_ipsec_result(&result,

> pkto[i]));

> +                       CU_ASSERT_EQUAL(part->out[i].status.error.all,

> +                                       result.status.error.all);

> +                       CU_ASSERT_EQUAL(sa, result.sa);

> +               }

> +               CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <=

> +                               sizeof(pkt_in.data));

> +

> +               pkt_in.len = odp_packet_len(pkto[i]);

> +               pkt_in.l2_offset = odp_packet_l2_offset(pkto[i]);

> +               pkt_in.l3_offset = odp_packet_l3_offset(pkto[i]);

> +               pkt_in.l4_offset = odp_packet_l4_offset(pkto[i]);

> +               odp_packet_copy_to_mem(pkto[i], 0,

> +                                      pkt_in.len,

> +                                      pkt_in.data);

> +               part_in.pkt_in = &pkt_in;

> +               ipsec_check_in_one(&part_in, sa_in);

> +               odp_packet_free(pkto[i]);

> +       }

> +}

> +

> +static

>  void ipsec_test_capability(void)

>  {

>         odp_ipsec_capability_t capa;

> @@ -22,11 +645,260 @@ odp_testinfo_t ipsec_suite[] = {

>         ODP_TEST_INFO_NULL

>  };

>

> +static

> +int ODP_UNUSED ipsec_sync_init(void)

> +{

> +       suite_context.pool = odp_pool_lookup("packet_pool");

> +       if (suite_context.pool == ODP_POOL_INVALID)

> +               return -1;

> +

> +       suite_context.queue = ODP_QUEUE_INVALID;

> +       suite_context.pktio = ODP_PKTIO_INVALID;

> +       suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_SYNC;

> +       suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_SYNC;

> +

> +       return 0;

> +}

> +

> +static

> +int ODP_UNUSED ipsec_async_init(void)

> +{

> +       suite_context.pool = odp_pool_lookup("packet_pool");

> +       if (suite_context.pool == ODP_POOL_INVALID)

> +               return -1;

> +       suite_context.queue = odp_queue_lookup("ipsec-out");

> +       if (suite_context.queue == ODP_QUEUE_INVALID)

> +               return -1;

> +

> +       suite_context.pktio = ODP_PKTIO_INVALID;

> +       suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC;

> +       suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC;

> +

> +       return 0;

> +}

> +

> +static

> +int ODP_UNUSED ipsec_in_inline_init(void)

> +{

> +       int rc;

> +

> +       suite_context.pool = odp_pool_lookup("packet_pool");

> +       if (suite_context.pool == ODP_POOL_INVALID)

> +               return -1;

> +       suite_context.queue = odp_queue_lookup("ipsec-out-sched");

> +       if (suite_context.queue == ODP_QUEUE_INVALID)

> +               return -1;

> +       rc = pktio_start(true, false);

> +       if (rc <= 0)

> +               return rc;

> +       if (suite_context.pktio == ODP_PKTIO_INVALID)

> +               return -1;

> +

> +       suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_INLINE;

> +       suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC;

> +

> +       return 0;

> +}

> +

> +static

> +int ODP_UNUSED ipsec_out_inline_init(void)

> +{

> +       int rc;

> +

> +       suite_context.pool = odp_pool_lookup("packet_pool");

> +       if (suite_context.pool == ODP_POOL_INVALID)

> +               return -1;

> +       suite_context.queue = odp_queue_lookup("ipsec-out");

> +       if (suite_context.queue == ODP_QUEUE_INVALID)

> +               return -1;

> +       rc = pktio_start(false, true);

> +       if (rc <= 0)

> +               return rc;

> +       if (suite_context.pktio == ODP_PKTIO_INVALID)

> +               return -1;

> +

> +       suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC;

> +       suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_INLINE;

> +

> +       return 0;

> +}

> +

> +static

> +int ipsec_suite_term(odp_testinfo_t *suite)

> +{

> +       int i;

> +       int first = 1;

> +

> +       if (suite_context.pktio != ODP_PKTIO_INVALID)

> +               pktio_stop(suite_context.pktio);

> +

> +       for (i = 0; suite[i].pName; i++) {

> +               if (suite[i].check_active &&

> +                   suite[i].check_active() == ODP_TEST_INACTIVE) {

> +                       if (first) {

> +                               first = 0;

> +                               printf("\n\n  Inactive tests:\n");

> +                       }

> +                       printf("    %s\n", suite[i].pName);

> +               }

> +       }

> +

> +       return 0;

> +}

> +

> +static

> +int ipsec_in_term(void)

> +{

> +       return ipsec_suite_term(ipsec_in_suite);

> +}

> +

> +static

> +int ipsec_out_term(void)

> +{

> +       return ipsec_suite_term(ipsec_out_suite);

> +}

> +

>  odp_suiteinfo_t ipsec_suites[] = {

>         {"IPsec", NULL, NULL, ipsec_suite},

> +       {"IPsec-sync-in", ipsec_sync_init, ipsec_in_term, ipsec_in_suite},

> +       {"IPsec-sync-out", ipsec_sync_init, ipsec_out_term,

> ipsec_out_suite},

> +       {"IPsec-async-in", ipsec_async_init, ipsec_in_term,

> ipsec_in_suite},

> +       {"IPsec-async-out", ipsec_async_init, ipsec_out_term,

> ipsec_out_suite},

> +       {"IPsec-inline-in", ipsec_in_inline_init, ipsec_in_term,

> +        ipsec_in_suite},

> +       {"IPsec-inline-out", ipsec_out_inline_init, ipsec_out_term,

> +        ipsec_out_suite},

>         ODP_SUITE_INFO_NULL,

>  };

>

> +static

> +int ipsec_init(odp_instance_t *inst)

> +{

> +       odp_pool_param_t params;

> +       odp_pool_t pool;

> +       odp_queue_param_t queue_param;

> +       odp_queue_t out_queue;

> +       odp_pool_capability_t pool_capa;

> +       odp_pktio_t pktio;

> +

> +       if (0 != odp_init_global(inst, NULL, NULL)) {

> +               fprintf(stderr, "error: odp_init_global() failed.\n");

> +               return -1;

> +       }

> +

> +       if (0 != odp_init_local(*inst, ODP_THREAD_CONTROL)) {

> +               fprintf(stderr, "error: odp_init_local() failed.\n");

> +               return -1;

> +       }

> +

> +       if (odp_pool_capability(&pool_capa) < 0) {

> +               fprintf(stderr, "error: odp_pool_capability() failed.\n");

> +               return -1;

> +       }

> +

> +       odp_pool_param_init(&params);

> +       params.pkt.seg_len = PKT_POOL_LEN;

> +       params.pkt.len     = PKT_POOL_LEN;

> +       params.pkt.num     = PKT_POOL_NUM;

> +       params.type        = ODP_POOL_PACKET;

> +

> +       if (pool_capa.pkt.max_seg_len &&

> +           PKT_POOL_LEN > pool_capa.pkt.max_seg_len) {

> +               fprintf(stderr, "Warning: small packet segment length\n");

> +               params.pkt.seg_len = pool_capa.pkt.max_seg_len;

> +       }

> +

> +       if (pool_capa.pkt.max_len &&

> +           PKT_POOL_LEN > pool_capa.pkt.max_len) {

> +               fprintf(stderr, "Pool max packet length too small\n");

> +               return -1;

> +       }

> +

> +       pool = odp_pool_create("packet_pool", &params);

> +

> +       if (ODP_POOL_INVALID == pool) {

> +               fprintf(stderr, "Packet pool creation failed.\n");

> +               return -1;

> +       }

> +       out_queue = odp_queue_create("ipsec-out", NULL);

> +       if (ODP_QUEUE_INVALID == out_queue) {

> +               fprintf(stderr, "IPsec outq creation failed.\n");

> +               return -1;

> +       }

> +

> +       odp_queue_param_init(&queue_param);

> +       queue_param.type = ODP_QUEUE_TYPE_SCHED;

> +       queue_param.sched.sync  = ODP_SCHED_SYNC_PARALLEL;

> +       queue_param.sched.prio  = ODP_SCHED_PRIO_HIGHEST;

> +       queue_param.sched.group = ODP_SCHED_GROUP_ALL;

> +

> +       out_queue = odp_queue_create("ipsec-out-sched", &queue_param);

> +       if (ODP_QUEUE_INVALID == out_queue) {

> +               fprintf(stderr, "IPsec sched outq creation failed.\n");

> +               return -1;

> +       }

> +

> +       pktio = pktio_create(ODP_QUEUE_TYPE_SCHED, pool);

> +       if (ODP_PKTIO_INVALID == pktio) {

> +               fprintf(stderr, "IPsec pktio creation failed.\n");

> +               return -1;

> +       }

> +

> +       return 0;

> +}

> +

> +static

> +int ipsec_term(odp_instance_t inst)

> +{

> +       odp_pool_t pool;

> +       odp_queue_t out_queue;

> +       odp_pktio_t pktio;

> +

> +       pktio = odp_pktio_lookup("loop");

> +       if (ODP_PKTIO_INVALID != pktio) {

> +               if (odp_pktio_close(pktio))

> +                       fprintf(stderr, "IPsec pktio close failed.\n");

> +       } else {

> +               fprintf(stderr, "IPsec pktio not found.\n");

> +       }

> +

> +       out_queue = odp_queue_lookup("ipsec-out-sched");

> +       if (ODP_QUEUE_INVALID != out_queue) {

> +               if (odp_queue_destroy(out_queue))

> +                       fprintf(stderr, "IPsec sched outq destroy

> failed.\n");

> +       } else {

> +               fprintf(stderr, "IPsec sched outq not found.\n");

> +       }

> +

> +       out_queue = odp_queue_lookup("ipsec-out");

> +       if (ODP_QUEUE_INVALID != out_queue) {

> +               if (odp_queue_destroy(out_queue))

> +                       fprintf(stderr, "IPsec outq destroy failed.\n");

> +       } else {

> +               fprintf(stderr, "IPsec outq not found.\n");

> +       }

> +

> +       pool = odp_pool_lookup("packet_pool");

> +       if (ODP_POOL_INVALID != pool) {

> +               if (odp_pool_destroy(pool))

> +                       fprintf(stderr, "Packet pool destroy failed.\n");

> +       } else {

> +               fprintf(stderr, "Packet pool not found.\n");

> +       }

> +

> +       if (0 != odp_term_local()) {

> +               fprintf(stderr, "error: odp_term_local() failed.\n");

> +               return -1;

> +       }

> +

> +       if (0 != odp_term_global(inst)) {

> +               fprintf(stderr, "error: odp_term_global() failed.\n");

> +               return -1;

> +       }

> +

> +       return 0;

> +}

> +

>  int ipsec_main(int argc, char *argv[])

>  {

>         int ret;

> @@ -35,8 +907,10 @@ int ipsec_main(int argc, char *argv[])

>         if (odp_cunit_parse_options(argc, argv))

>                 return -1;

>

> -       ret = odp_cunit_register(ipsec_suites);

> +       odp_cunit_register_global_init(ipsec_init);

> +       odp_cunit_register_global_term(ipsec_term);

>

> +       ret = odp_cunit_register(ipsec_suites);

>         if (ret == 0)

>                 ret = odp_cunit_run();

>

> diff --git a/test/common_plat/validation/api/ipsec/ipsec.h

> b/test/common_plat/validation/api/ipsec/ipsec.h

> index 290a186f..8ffe9f31 100644

> --- a/test/common_plat/validation/api/ipsec/ipsec.h

> +++ b/test/common_plat/validation/api/ipsec/ipsec.h

> @@ -9,16 +9,70 @@

>

>  #include <odp_cunit_common.h>

>

> -/* test functions: */

> -void ipsec_test_capability(void);

> -

>  /* test arrays: */

> -extern odp_testinfo_t ipsec_suite[];

> -

> -/* test registry: */

> -extern odp_suiteinfo_t ipsec_suites[];

> +extern odp_testinfo_t ipsec_in_suite[];

> +extern odp_testinfo_t ipsec_out_suite[];

>

>  /* main test program: */

>  int ipsec_main(int argc, char *argv[]);

>

> +struct suite_context_s {

> +       odp_ipsec_op_mode_t inbound_op_mode;

> +       odp_ipsec_op_mode_t outbound_op_mode;

> +       odp_pool_t pool;

> +       odp_queue_t queue;

> +       odp_pktio_t pktio;

> +};

> +

> +extern struct suite_context_s suite_context;

> +

> +typedef struct {

> +       uint32_t len;

> +       uint32_t l2_offset;

> +       uint32_t l3_offset;

> +       uint32_t l4_offset;

> +       uint8_t data[256];

> +} ipsec_test_packet;

> +

> +typedef struct {

> +       const ipsec_test_packet *pkt_in;

> +       odp_bool_t lookup;

> +       int out_pkt;

> +       struct {

> +               odp_ipsec_op_status_t status;

> +               const ipsec_test_packet *pkt_out;

> +       } out[1];

> +} ipsec_test_part;

> +

> +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,

> +                        odp_bool_t in,

> +                        odp_bool_t ah,

> +                        uint32_t spi,

> +                        odp_ipsec_tunnel_param_t *tun,

> +                        odp_cipher_alg_t cipher_alg,

> +                        const odp_crypto_key_t *cipher_key,

> +                        odp_auth_alg_t auth_alg,

> +                        const odp_crypto_key_t *auth_key);

> +

> +void ipsec_sa_destroy(odp_ipsec_sa_t sa);

> +odp_packet_t ipsec_packet(const ipsec_test_packet *itp);

> +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t

> pkt);

> +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa);

> +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa);

> +void ipsec_check_out_in_one(const ipsec_test_part *part,

> +                           odp_ipsec_sa_t sa,

> +                           odp_ipsec_sa_t sa_in);

> +

> +int ipsec_check(odp_bool_t ah,

> +               odp_cipher_alg_t cipher,

> +               odp_auth_alg_t auth);

> +#define ipsec_check_ah(auth) \

> +       ipsec_check(true, ODP_CIPHER_ALG_NULL, auth)

> +#define ipsec_check_esp(cipher, auth) \

> +       ipsec_check(false, cipher, auth)

> +int ipsec_check_ah_sha256(void);

> +int ipsec_check_esp_null_sha256(void);

> +int ipsec_check_esp_aes_cbc_null(void);

> +int ipsec_check_esp_aes_cbc_sha256(void);

> +

>  #endif

> diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_in.c

> b/test/common_plat/validation/api/ipsec/ipsec_test_in.c

> new file mode 100644

> index 00000000..bd9a47f1

> --- /dev/null

> +++ b/test/common_plat/validation/api/ipsec/ipsec_test_in.c

> @@ -0,0 +1,831 @@

> +/* Copyright (c) 2017, Linaro Limited

> + * All rights reserved.

> + *

> + * SPDX-License-Identifier:     BSD-3-Clause

> + */

> +

> +#include "ipsec.h"

> +

> +#include "test_vectors.h"

> +

> +static

> +void test_in_ah_sha256(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, true, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_ah_sha256_1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_ah_sha256_tun(void)

> +{

> +       odp_ipsec_tunnel_param_t tunnel = {};

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, true, 123, &tunnel,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_ah_tun_sha256_1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_ah_sha256_tun_notun(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, true, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_ah_tun_sha256_1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0_ipip },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_esp_null_sha256(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_esp_null_sha256_1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_esp_aes_cbc_null(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_a5_128,

> +                           ODP_AUTH_ALG_NULL, NULL);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_esp_aes_cbc_sha256(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_a5_128,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_lookup_ah_sha256(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, true, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_ah_sha256_1,

> +               .lookup = 1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_lookup_esp_null_sha256(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_esp_null_sha256_1,

> +               .lookup = 1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_esp_null_sha256_tun(void)

> +{

> +       odp_ipsec_tunnel_param_t tunnel = {};

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, &tunnel,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_esp_tun_null_sha256_1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_ah_esp_pkt(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       /* This test will not work properly inbound inline mode.

> +        * test_in_lookup_ah_esp_pkt will be used instead. */

> +       if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE)

> +               return;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, true, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_esp_null_sha256_1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.proto = 1,

> +                         .pkt_out =  NULL },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_esp_ah_pkt(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       /* This test will not work properly inbound inline mode.

> +        * test_in_lookup_esp_ah_pkt will be used instead. */

> +       if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE)

> +               return;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_ah_sha256_1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.proto = 1,

> +                         .pkt_out = NULL },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_lookup_ah_esp_pkt(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, true, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_esp_null_sha256_1,

> +               .lookup = 1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.sa_lookup = 1,

> +                         .pkt_out =  NULL },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_lookup_esp_ah_pkt(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_ah_sha256_1,

> +               .lookup = 1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.sa_lookup = 1,

> +                         .pkt_out = NULL },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_ah_sha256_bad1(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, true, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_ah_sha256_1_bad1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.auth = 1,

> +                         .pkt_out = NULL },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_ah_sha256_bad2(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, true, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_ah_sha256_1_bad2,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.auth = 1,

> +                         .pkt_out = NULL },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_esp_null_sha256_bad1(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.auth = 1,

> +                         .pkt_out = NULL },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_rfc3602_5_esp(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 0x4321, NULL,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_rfc3602,

> +                           ODP_AUTH_ALG_NULL, NULL);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_rfc3602_5_esp,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_rfc3602_5 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_rfc3602_6_esp(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 0x4321, NULL,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_rfc3602,

> +                           ODP_AUTH_ALG_NULL, NULL);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_rfc3602_6_esp,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_rfc3602_6 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_rfc3602_7_esp(void)

> +{

> +       odp_ipsec_tunnel_param_t tunnel = {};

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 0x8765, &tunnel,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_rfc3602_2,

> +                           ODP_AUTH_ALG_NULL, NULL);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_rfc3602_7_esp,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_rfc3602_7 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_in_rfc3602_8_esp(void)

> +{

> +       odp_ipsec_tunnel_param_t tunnel = {};

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 0x8765, &tunnel,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_rfc3602_2,

> +                           ODP_AUTH_ALG_NULL, NULL);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_rfc3602_8_esp,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_rfc3602_8 },

> +               },

> +       };

> +

> +       ipsec_check_in_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +odp_testinfo_t ipsec_in_suite[] = {

> +       ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_5_esp,

> +                                 ipsec_check_esp_aes_cbc_null),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_6_esp,

> +                                 ipsec_check_esp_aes_cbc_null),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_7_esp,

> +                                 ipsec_check_esp_aes_cbc_null),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_8_esp,

> +                                 ipsec_check_esp_aes_cbc_null),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun_notun,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256,

> +                                 ipsec_check_esp_null_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null,

> +                                 ipsec_check_esp_aes_cbc_null),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256,

> +                                 ipsec_check_esp_aes_cbc_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256,

> +                                 ipsec_check_esp_null_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun,

> +                                 ipsec_check_esp_null_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt,

> +                                 ipsec_check_esp_null_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_esp_pkt,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_ah_pkt,

> +                                 ipsec_check_esp_null_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1,

> +                                 ipsec_check_esp_null_sha256),

> +       ODP_TEST_INFO_NULL,

> +};

> diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_out.c

> b/test/common_plat/validation/api/ipsec/ipsec_test_out.c

> new file mode 100644

> index 00000000..a62f2549

> --- /dev/null

> +++ b/test/common_plat/validation/api/ipsec/ipsec_test_out.c

> @@ -0,0 +1,347 @@

> +/* Copyright (c) 2017, Linaro Limited

> + * All rights reserved.

> + *

> + * SPDX-License-Identifier:     BSD-3-Clause

> + */

> +

> +#include "ipsec.h"

> +

> +#include "test_vectors.h"

> +

> +static

> +void test_out_ah_sha256(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           false, true, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0_ah_sha256_1 },

> +               },

> +       };

> +

> +       ipsec_check_out_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +#define IPV4ADDR(a, b, c, d) odp_cpu_to_be_32((a << 24) | \

> +                                             (b << 16) | \

> +                                             (c << 8) | \

> +                                             (d << 0))

> +

> +static

> +void test_out_ah_sha256_tun(void)

> +{

> +       uint32_t src = IPV4ADDR(10, 0, 111, 2);

> +       uint32_t dst = IPV4ADDR(10, 0, 222, 2);

> +       odp_ipsec_tunnel_param_t tunnel = {

> +               .type = ODP_IPSEC_TUNNEL_IPV4,

> +               .ipv4.src_addr = &src,

> +               .ipv4.dst_addr = &dst,

> +               .ipv4.ttl = 64,

> +       };

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           false, true, 123, &tunnel,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0_ah_tun_sha256_1 },

> +               },

> +       };

> +

> +       ipsec_check_out_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_out_esp_null_sha256_out(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           false, false, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0_esp_null_sha256_1 },

> +               },

> +       };

> +

> +       ipsec_check_out_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_out_esp_null_sha256_tun_out(void)

> +{

> +       uint32_t src = IPV4ADDR(10, 0, 111, 2);

> +       uint32_t dst = IPV4ADDR(10, 0, 222, 2);

> +       odp_ipsec_tunnel_param_t tunnel = {

> +               .type = ODP_IPSEC_TUNNEL_IPV4,

> +               .ipv4.src_addr = &src,

> +               .ipv4.dst_addr = &dst,

> +               .ipv4.ttl = 64,

> +       };

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           false, false, 123, &tunnel,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0_esp_tun_null_sha256_1 },

> +               },

> +       };

> +

> +       ipsec_check_out_one(&test, sa);

> +

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_out_esp_null_sha256(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +       odp_ipsec_sa_t sa2;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           false, false, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_NULL, NULL,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa2 = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_out_in_one(&test, sa, sa2);

> +

> +       ipsec_sa_destroy(sa2);

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_out_esp_aes_cbc_null(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +       odp_ipsec_sa_t sa2;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           false, false, 123, NULL,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_a5_128,

> +                           ODP_AUTH_ALG_NULL, NULL);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_a5_128,

> +                           ODP_AUTH_ALG_NULL, NULL);

> +

> +       sa2 = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_out_in_one(&test, sa, sa2);

> +

> +       ipsec_sa_destroy(sa2);

> +       ipsec_sa_destroy(sa);

> +}

> +

> +static

> +void test_out_esp_aes_cbc_sha256(void)

> +{

> +       odp_ipsec_config_t ipsec_config;

> +       odp_ipsec_sa_param_t param;

> +       odp_ipsec_sa_t sa;

> +       odp_ipsec_sa_t sa2;

> +

> +       odp_ipsec_config_init(&ipsec_config);

> +       ipsec_config.inbound_mode = suite_context.inbound_op_mode;

> +       ipsec_config.outbound_mode = suite_context.outbound_op_mode;

> +       ipsec_config.inbound.default_queue = suite_context.queue;

> +

> +       CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_

> config));

> +

> +       ipsec_sa_param_fill(&param,

> +                           false, false, 123, NULL,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_a5_128,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);

> +

> +       ipsec_sa_param_fill(&param,

> +                           true, false, 123, NULL,

> +                           ODP_CIPHER_ALG_AES_CBC, &key_a5_128,

> +                           ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);

> +

> +       sa2 = odp_ipsec_sa_create(&param);

> +

> +       CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);

> +

> +       ipsec_test_part test = {

> +               .pkt_in = &pkt_icmp_0,

> +               .out_pkt = 1,

> +               .out = {

> +                       { .status.warn.all = 0,

> +                         .status.error.all = 0,

> +                         .pkt_out = &pkt_icmp_0 },

> +               },

> +       };

> +

> +       ipsec_check_out_in_one(&test, sa, sa2);

> +

> +       ipsec_sa_destroy(sa2);

> +       ipsec_sa_destroy(sa);

> +}

> +

> +odp_testinfo_t ipsec_out_suite[] = {

> +       ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256_tun,

> +                                 ipsec_check_ah_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_out,

> +                                 ipsec_check_esp_null_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_tun_out,

> +                                 ipsec_check_esp_null_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256,

> +                                 ipsec_check_esp_null_sha256),

> +       ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_null,

> +                                 ipsec_check_esp_aes_cbc_null),

> +       ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256,

> +                                 ipsec_check_esp_aes_cbc_sha256),

> +       ODP_TEST_INFO_NULL,

> +};

> diff --git a/test/common_plat/validation/api/ipsec/test_vectors.h

> b/test/common_plat/validation/api/ipsec/test_vectors.h

> new file mode 100644

> index 00000000..facd0636

> --- /dev/null

> +++ b/test/common_plat/validation/api/ipsec/test_vectors.h

> @@ -0,0 +1,728 @@

> +/* Copyright (c) 2017, Linaro Limited

> + * All rights reserved.

> + *

> + * SPDX-License-Identifier:     BSD-3-Clause

> + */

> +

> +#ifndef _ODP_TEST_IPSEC_VECTORS_H_

> +#define _ODP_TEST_IPSEC_VECTORS_H_

> +

> +#define KEY(name, ...)                                 \

> +       static uint8_t name ## _data[] = { __VA_ARGS__ };       \

> +       static const ODP_UNUSED odp_crypto_key_t name = {       \

> +               .data = name ## _data,                  \

> +               .length = sizeof(name ## _data),        \

> +       }

> +

> +KEY(key_a5_128, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,

> +               0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5);

> +KEY(key_5a_128, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,

> +               0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a);

> +KEY(key_a5_256, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,

> +               0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,

> +               0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,

> +               0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5);

> +KEY(key_5a_256, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,

> +               0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,

> +               0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,

> +               0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a);

> +

> +KEY(key_rfc3602, 0x90, 0xd3, 0x82, 0xb4, 0x10, 0xee, 0xba, 0x7a,

> +                0xd9, 0x38, 0xc4, 0x6c, 0xec, 0x1a, 0x82, 0xbf);

> +KEY(key_rfc3602_2, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

> +                  0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef);

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = {

> +       .len = 142,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,

> +               0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,

> +               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +               0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,

> +               0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

> +               0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,

> +               0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,

> +               0x58, 0x59, 0x5a, 0x5b,

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = {

> +       .len = 162,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x04, 0x19, 0x62, 0x0a, 0x00, 0x6f, 0x02,

> +               0x0a, 0x00, 0xde, 0x02,

> +

> +               /* Inner IP */

> +               0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,

> +               0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,

> +               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +               0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,

> +               0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

> +               0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,

> +               0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,

> +               0x58, 0x59, 0x5a, 0x5b

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = {

> +       .len = 170,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* AH */

> +               0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,

> +               0x00, 0x00, 0x00, 0x01,

> +               0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3,

> +               0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,

> +               0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,

> +               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +               0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,

> +               0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

> +               0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,

> +               0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,

> +               0x58, 0x59, 0x5a, 0x5b,

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = {

> +       .len = 190,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x33, 0x19, 0x17, 0x0a, 0x00, 0x6f, 0x02,

> +               0x0a, 0x00, 0xde, 0x02,

> +

> +               /* AH */

> +               0x04, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,

> +               0x00, 0x00, 0x00, 0x01,

> +               0xd5, 0x35, 0x9b, 0x21, 0xe6, 0x14, 0x9b, 0x42,

> +               0x1f, 0x00, 0xfa, 0x36, 0x73, 0x4c, 0x53, 0xcf,

> +

> +               /* Inner IP */

> +               0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,

> +               0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,

> +               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +               0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,

> +               0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

> +               0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,

> +               0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,

> +               0x58, 0x59, 0x5a, 0x5b,

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = {

> +       .len = 168,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* AH */

> +               0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,

> +               0x00, 0x00, 0x00, 0x01,

> +               0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3,

> +               0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,

> +               0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,

> +               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +               0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,

> +               0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

> +               0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,

> +               0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,

> +               0x58, 0x59,

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = {

> +       .len = 170,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* AH */

> +               0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,

> +               0x00, 0x00, 0x00, 0x01,

> +               0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3,

> +               0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,

> +               0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,

> +               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +               0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,

> +               0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

> +               0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,

> +               0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,

> +               0x58, 0x59, 0x5a, 0x5d,

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = {

> +       .len = 170,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* ESP */

> +               0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,

> +               0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,

> +               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +               0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,

> +               0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

> +               0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,

> +               0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,

> +               0x58, 0x59, 0x5a, 0x5b,

> +

> +               /* ESP TRL */

> +               0x01, 0x02, 0x02, 0x01,

> +

> +               /* ICV */

> +               0xe9, 0x81, 0xcd, 0x65, 0x9b, 0x25, 0x0b, 0x33,

> +               0xe2, 0xf3, 0x83, 0xf1, 0x6d, 0x14, 0xb4, 0x1f,

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1

> = {

> +       .len = 190,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x32, 0x19, 0x18, 0x0a, 0x00, 0x6f, 0x02,

> +               0x0a, 0x00, 0xde, 0x02,

> +

> +               /* ESP */

> +               0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,

> +

> +               /* Inner IP */

> +               0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,

> +               0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,

> +               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +               0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,

> +               0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

> +               0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,

> +               0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,

> +               0x58, 0x59, 0x5a, 0x5b,

> +

> +               /* ESP TRL */

> +               0x01, 0x02, 0x02, 0x04,

> +

> +               /* ICV */

> +               0x73, 0x8d, 0xf6, 0x9a, 0x26, 0x06, 0x4d, 0xa1,

> +               0x88, 0x37, 0x65, 0xab, 0x0d, 0xe9, 0x95, 0x3b,

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1

> = {

> +       .len = 170,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* ESP */

> +               0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,

> +               0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,

> +               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +               0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,

> +               0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,

> +               0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,

> +               0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,

> +               0x58, 0x59, 0x5a, 0x5b,

> +

> +               /* ESP TRL */

> +               0x01, 0x02, 0x02, 0x01,

> +

> +               /* ICV */

> +               0x18, 0x00, 0x14, 0x3a, 0x54, 0x72, 0x98, 0xe8,

> +               0xc7, 0x2d, 0xfa, 0xeb, 0x70, 0xe0, 0x24, 0xdf,

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 =

> {

> +       .len = 170,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* ESP */

> +               0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,

> +

> +               /* IV */

> +               0x96, 0xfa, 0x74, 0x56, 0x78, 0xe4, 0xbb, 0x0c,

> +               0x9e, 0x6e, 0x4a, 0xeb, 0x44, 0xd9, 0xf2, 0xe6,

> +

> +               /* data */

> +               0x2f, 0xb3, 0xa6, 0xfe, 0x2c, 0x2e, 0xce, 0x65,

> +               0x3a, 0x57, 0xe3, 0x09, 0x5d, 0x66, 0x36, 0x32,

> +               0xb1, 0xc2, 0x59, 0x58, 0xb6, 0xe5, 0x9e, 0xa2,

> +               0x07, 0xf8, 0x26, 0x4a, 0x64, 0xf5, 0x16, 0x01,

> +               0x51, 0x8e, 0xe5, 0x4b, 0x07, 0x2c, 0x4b, 0x23,

> +               0xfa, 0x4e, 0x6e, 0xdb, 0x35, 0xc7, 0x1d, 0x30,

> +               0x42, 0xd9, 0x0f, 0xba, 0x8a, 0x69, 0x7e, 0x29,

> +               0xe7, 0xbd, 0x15, 0xe9, 0x35, 0x9e, 0x81, 0xe7,

> +               0x9e, 0xc9, 0x7d, 0x66, 0x99, 0x58, 0xec, 0x45,

> +               0x29, 0xd0, 0xa4, 0xfd, 0xf1, 0xe7, 0x5b, 0x3e,

> +               0x2a, 0x77, 0x1d, 0x8f, 0x2b, 0x73, 0xba, 0xf8,

> +               0x72, 0xd2, 0xa0, 0x0b, 0x90, 0xb9, 0x73, 0x9c,

> +               0xde, 0x3c, 0xc3, 0xb8, 0x91, 0x97, 0xc4, 0x28,

> +               0xfa, 0x6d, 0xa8, 0x41, 0xb6, 0x83, 0xc8, 0xaa,

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1

> = {

> +       .len = 186,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x00,

> +               0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02,

> +               0xc0, 0xa8, 0xde, 0x02,

> +

> +               /* ESP */

> +               0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,

> +

> +               /* IV */

> +               0x96, 0xfa, 0x74, 0x56, 0x78, 0xe4, 0xbb, 0x0c,

> +               0x9e, 0x6e, 0x4a, 0xeb, 0x44, 0xd9, 0xf2, 0xe6,

> +

> +               /* data */

> +               0x2f, 0xb3, 0xa6, 0xfe, 0x2c, 0x2e, 0xce, 0x65,

> +               0x3a, 0x57, 0xe3, 0x09, 0x5d, 0x66, 0x36, 0x32,

> +               0xb1, 0xc2, 0x59, 0x58, 0xb6, 0xe5, 0x9e, 0xa2,

> +               0x07, 0xf8, 0x26, 0x4a, 0x64, 0xf5, 0x16, 0x01,

> +               0x51, 0x8e, 0xe5, 0x4b, 0x07, 0x2c, 0x4b, 0x23,

> +               0xfa, 0x4e, 0x6e, 0xdb, 0x35, 0xc7, 0x1d, 0x30,

> +               0x42, 0xd9, 0x0f, 0xba, 0x8a, 0x69, 0x7e, 0x29,

> +               0xe7, 0xbd, 0x15, 0xe9, 0x35, 0x9e, 0x81, 0xe7,

> +               0x9e, 0xc9, 0x7d, 0x66, 0x99, 0x58, 0xec, 0x45,

> +               0x29, 0xd0, 0xa4, 0xfd, 0xf1, 0xe7, 0x5b, 0x3e,

> +               0x2a, 0x77, 0x1d, 0x8f, 0x2b, 0x73, 0xba, 0xf8,

> +               0x72, 0xd2, 0xa0, 0x0b, 0x90, 0xb9, 0x73, 0x9c,

> +               0xde, 0x3c, 0xc3, 0xb8, 0x91, 0x97, 0xc4, 0x28,

> +               0xfa, 0x6d, 0xa8, 0x41, 0xb6, 0x83, 0xc8, 0xaa,

> +

> +               /* IV */

> +               0x8a, 0x39, 0x10, 0x07, 0x02, 0x97, 0xbb, 0x1c,

> +               0x59, 0xb7, 0x70, 0x33, 0xa4, 0x26, 0xa2, 0xb8

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = {

> +       .len = 98,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH - not a part of RFC, added for simplicity */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x54, 0x08, 0xf2, 0x00, 0x00,

> +               0x40, 0x01, 0xf9, 0xfe, 0xc0, 0xa8, 0x7b, 0x03,

> +               0xc0, 0xa8, 0x7b, 0x64,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0x0e, 0xbd, 0xa7, 0x0a, 0x00, 0x00,

> +               0x8e, 0x9c, 0x08, 0x3d, 0xb9, 0x5b, 0x07, 0x00,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +

> +       },

> +};

> +

> +static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5_esp = {

> +       .len = 138,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH - not a part of RFC, added for simplicity */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x7c, 0x08, 0xf2, 0x00, 0x00,

> +               0x40, 0x32, 0xf9, 0xa5, 0xc0, 0xa8, 0x7b, 0x03,

> +               0xc0, 0xa8, 0x7b, 0x64,

> +

> +               /* ESP */

> +               0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x01,

> +

> +               /* IV */

> +               0xe9, 0x6e, 0x8c, 0x08, 0xab, 0x46, 0x57, 0x63,

> +               0xfd, 0x09, 0x8d, 0x45, 0xdd, 0x3f, 0xf8, 0x93,

> +

> +               /* data */

> +               0xf6, 0x63, 0xc2, 0x5d, 0x32, 0x5c, 0x18, 0xc6,

> +               0xa9, 0x45, 0x3e, 0x19, 0x4e, 0x12, 0x08, 0x49,

> +               0xa4, 0x87, 0x0b, 0x66, 0xcc, 0x6b, 0x99, 0x65,

> +               0x33, 0x00, 0x13, 0xb4, 0x89, 0x8d, 0xc8, 0x56,

> +               0xa4, 0x69, 0x9e, 0x52, 0x3a, 0x55, 0xdb, 0x08,

> +               0x0b, 0x59, 0xec, 0x3a, 0x8e, 0x4b, 0x7e, 0x52,

> +               0x77, 0x5b, 0x07, 0xd1, 0xdb, 0x34, 0xed, 0x9c,

> +               0x53, 0x8a, 0xb5, 0x0c, 0x55, 0x1b, 0x87, 0x4a,

> +               0xa2, 0x69, 0xad, 0xd0, 0x47, 0xad, 0x2d, 0x59,

> +               0x13, 0xac, 0x19, 0xb7, 0xcf, 0xba, 0xd4, 0xa6,

> +       },

> +};

> +

> +static const ipsec_test_packet pkt_rfc3602_6 = {

> +       .len = 62,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH - not a part of RFC, added for simplicity */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x30, 0x08, 0xfe, 0x00, 0x00,

> +               0x40, 0x01, 0xfa, 0x16, 0xc0, 0xa8, 0x7b, 0x03,

> +               0xc0, 0xa8, 0x7b, 0x64,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xb5, 0xe8, 0xa8, 0x0a, 0x05, 0x00,

> +               0xa6, 0x9c, 0x08, 0x3d, 0x0b, 0x66, 0x0e, 0x00,

> +               0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,

> +               0x77, 0x77, 0x77, 0x77,

> +       },

> +};

> +

> +static const ipsec_test_packet pkt_rfc3602_6_esp = {

> +       .len = 90,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH - not a part of RFC, added for simplicity */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x4c, 0x08, 0xfe, 0x00, 0x00,

> +               0x40, 0x32, 0xf9, 0xc9, 0xc0, 0xa8, 0x7b, 0x03,

> +               0xc0, 0xa8, 0x7b, 0x64,

> +

> +               /* ESP */

> +               0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x08,

> +

> +               /* IV */

> +               0x69, 0xd0, 0x8d, 0xf7, 0xd2, 0x03, 0x32, 0x9d,

> +               0xb0, 0x93, 0xfc, 0x49, 0x24, 0xe5, 0xbd, 0x80,

> +

> +               /* data */

> +               0xf5, 0x19, 0x95, 0x88, 0x1e, 0xc4, 0xe0, 0xc4,

> +               0x48, 0x89, 0x87, 0xce, 0x74, 0x2e, 0x81, 0x09,

> +               0x68, 0x9b, 0xb3, 0x79, 0xd2, 0xd7, 0x50, 0xc0,

> +               0xd9, 0x15, 0xdc, 0xa3, 0x46, 0xa8, 0x9f, 0x75,

> +       },

> +};

> +

> +static const ipsec_test_packet pkt_rfc3602_7 = {

> +       .len = 98,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH - not a part of RFC, added for simplicity */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x54, 0x09, 0x04, 0x00, 0x00,

> +               0x40, 0x01, 0xf9, 0x88, 0xc0, 0xa8, 0x7b, 0x03,

> +               0xc0, 0xa8, 0x7b, 0xc8,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0x9f, 0x76, 0xa9, 0x0a, 0x01, 0x00,

> +               0xb4, 0x9c, 0x08, 0x3d, 0x02, 0xa2, 0x04, 0x00,

> +               0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

> +               0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

> +               0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,

> +               0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,

> +               0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,

> +               0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,

> +       },

> +};

> +

> +static const ipsec_test_packet pkt_rfc3602_7_esp = {

> +       .len = 154,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH - not a part of RFC, added for simplicity */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x8c, 0x09, 0x05, 0x00, 0x00,

> +               0x40, 0x32, 0xf9, 0x1e, 0xc0, 0xa8, 0x7b, 0x03,

> +               0xc0, 0xa8, 0x7b, 0xc8,

> +

> +               /* ESP */

> +               0x00, 0x00, 0x87, 0x65, 0x00, 0x00, 0x00, 0x02,

> +

> +               /* IV */

> +               0xf4, 0xe7, 0x65, 0x24, 0x4f, 0x64, 0x07, 0xad,

> +               0xf1, 0x3d, 0xc1, 0x38, 0x0f, 0x67, 0x3f, 0x37,

> +

> +               /* data */

> +               0x77, 0x3b, 0x52, 0x41, 0xa4, 0xc4, 0x49, 0x22,

> +               0x5e, 0x4f, 0x3c, 0xe5, 0xed, 0x61, 0x1b, 0x0c,

> +               0x23, 0x7c, 0xa9, 0x6c, 0xf7, 0x4a, 0x93, 0x01,

> +               0x3c, 0x1b, 0x0e, 0xa1, 0xa0, 0xcf, 0x70, 0xf8,

> +               0xe4, 0xec, 0xae, 0xc7, 0x8a, 0xc5, 0x3a, 0xad,

> +               0x7a, 0x0f, 0x02, 0x2b, 0x85, 0x92, 0x43, 0xc6,

> +               0x47, 0x75, 0x2e, 0x94, 0xa8, 0x59, 0x35, 0x2b,

> +               0x8a, 0x4d, 0x4d, 0x2d, 0xec, 0xd1, 0x36, 0xe5,

> +               0xc1, 0x77, 0xf1, 0x32, 0xad, 0x3f, 0xbf, 0xb2,

> +               0x20, 0x1a, 0xc9, 0x90, 0x4c, 0x74, 0xee, 0x0a,

> +               0x10, 0x9e, 0x0c, 0xa1, 0xe4, 0xdf, 0xe9, 0xd5,

> +               0xa1, 0x00, 0xb8, 0x42, 0xf1, 0xc2, 0x2f, 0x0d,

> +       },

> +};

> +

> +static const ipsec_test_packet pkt_rfc3602_8 = {

> +       .len = 82,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH - not a part of RFC, added for simplicity */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x44, 0x09, 0x0c, 0x00, 0x00,

> +               0x40, 0x01, 0xf9, 0x90, 0xc0, 0xa8, 0x7b, 0x03,

> +               0xc0, 0xa8, 0x7b, 0xc8,

> +

> +               /* ICMP */

> +               0x08, 0x00, 0xd6, 0x3c, 0xaa, 0x0a, 0x02, 0x00,

> +               0xc6, 0x9c, 0x08, 0x3d, 0xa3, 0xde, 0x03, 0x00,

> +               0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

> +               0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

> +               0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

> +               0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

> +       },

> +};

> +

> +static const ipsec_test_packet pkt_rfc3602_8_esp = {

> +       .len = 138,

> +       .l2_offset = 0,

> +       .l3_offset = 14,

> +       .l4_offset = 34,

> +       .data = {

> +               /* ETH - not a part of RFC, added for simplicity */

> +               0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,

> +               0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,

> +

> +               /* IP */

> +               0x45, 0x00, 0x00, 0x7c, 0x09, 0x0d, 0x00, 0x00,

> +               0x40, 0x32, 0xf9, 0x26, 0xc0, 0xa8, 0x7b, 0x03,

> +               0xc0, 0xa8, 0x7b, 0xc8,

> +

> +               /* ESP */

> +               0x00, 0x00, 0x87, 0x65, 0x00, 0x00, 0x00, 0x05,

> +

> +               /* IV */

> +               0x85, 0xd4, 0x72, 0x24, 0xb5, 0xf3, 0xdd, 0x5d,

> +               0x21, 0x01, 0xd4, 0xea, 0x8d, 0xff, 0xab, 0x22,

> +

> +               /* data */

> +               0x15, 0xb9, 0x26, 0x83, 0x81, 0x95, 0x96, 0xa8,

> +               0x04, 0x72, 0x32, 0xcc, 0x00, 0xf7, 0x04, 0x8f,

> +               0xe4, 0x53, 0x18, 0xe1, 0x1f, 0x8a, 0x0f, 0x62,

> +               0xed, 0xe3, 0xc3, 0xfc, 0x61, 0x20, 0x3b, 0xb5,

> +               0x0f, 0x98, 0x0a, 0x08, 0xc9, 0x84, 0x3f, 0xd3,

> +               0xa1, 0xb0, 0x6d, 0x5c, 0x07, 0xff, 0x96, 0x39,

> +               0xb7, 0xeb, 0x7d, 0xfb, 0x35, 0x12, 0xe5, 0xde,

> +               0x43, 0x5e, 0x72, 0x07, 0xed, 0x97, 0x1e, 0xf3,

> +               0xd2, 0x72, 0x6d, 0x9b, 0x5e, 0xf6, 0xaf, 0xfc,

> +               0x6d, 0x17, 0xa0, 0xde, 0xcb, 0xb1, 0x38, 0x92,

> +       },

> +};

> +

> +#endif

>

>



-- 
Thanks,
Kevin
diff mbox series

Patch

diff --git a/test/common_plat/validation/api/ipsec/Makefile.am b/test/common_plat/validation/api/ipsec/Makefile.am
index 106b8dce..9dba31fd 100644
--- a/test/common_plat/validation/api/ipsec/Makefile.am
+++ b/test/common_plat/validation/api/ipsec/Makefile.am
@@ -1,10 +1,15 @@ 
 include ../Makefile.inc
 
+AM_CPPFLAGS += -Wno-error=missing-field-initializers
+
 noinst_LTLIBRARIES = libtestipsec.la
-libtestipsec_la_SOURCES = ipsec.c
+libtestipsec_la_SOURCES = \
+	test_vectors.h \
+	ipsec_test_in.c \
+	ipsec_test_out.c \
+	ipsec.h \
+	ipsec.c
 
 test_PROGRAMS = ipsec_main$(EXEEXT)
 dist_ipsec_main_SOURCES = ipsec_main.c
 ipsec_main_LDADD = libtestipsec.la $(LIBCUNIT_COMMON) $(LIBODP)
-
-EXTRA_DIST = ipsec.h
diff --git a/test/common_plat/validation/api/ipsec/ipsec.c b/test/common_plat/validation/api/ipsec/ipsec.c
index 78348032..910901d6 100644
--- a/test/common_plat/validation/api/ipsec/ipsec.c
+++ b/test/common_plat/validation/api/ipsec/ipsec.c
@@ -10,6 +10,629 @@ 
 
 #include "ipsec.h"
 
+#include "test_vectors.h"
+
+struct suite_context_s suite_context;
+
+#define PKT_POOL_NUM  64
+#define PKT_POOL_LEN  (1 * 1024)
+
+static
+odp_pktio_t pktio_create(odp_queue_type_t q_type, odp_pool_t pool)
+{
+	odp_pktio_t pktio;
+	odp_pktio_param_t pktio_param;
+	odp_pktin_queue_param_t pktin_param;
+	odp_pktio_capability_t capa;
+
+	int ret;
+
+	if (pool == ODP_POOL_INVALID)
+		return ODP_PKTIO_INVALID;
+
+	odp_pktio_param_init(&pktio_param);
+	if (q_type == ODP_QUEUE_TYPE_PLAIN)
+		pktio_param.in_mode = ODP_PKTIN_MODE_QUEUE;
+	else
+		pktio_param.in_mode = ODP_PKTIN_MODE_SCHED;
+
+	pktio = odp_pktio_open("loop", pool, &pktio_param);
+	if (pktio == ODP_PKTIO_INVALID) {
+		ret = odp_pool_destroy(pool);
+		if (ret)
+			fprintf(stderr, "unable to destroy pool.\n");
+		return ODP_PKTIO_INVALID;
+	}
+
+	if (odp_pktio_capability(pktio, &capa)) {
+		fprintf(stderr, "pktio capabilities failed.\n");
+		return ODP_PKTIO_INVALID;
+	}
+
+	odp_pktin_queue_param_init(&pktin_param);
+	pktin_param.queue_param.sched.sync = ODP_SCHED_SYNC_ATOMIC;
+
+	if (odp_pktin_queue_config(pktio, &pktin_param)) {
+		fprintf(stderr, "pktin queue config failed.\n");
+		return ODP_PKTIO_INVALID;
+	}
+
+	if (odp_pktout_queue_config(pktio, NULL)) {
+		fprintf(stderr, "pktout queue config failed.\n");
+		return ODP_PKTIO_INVALID;
+	}
+
+	return pktio;
+}
+
+static
+int pktio_start(odp_bool_t in, odp_bool_t out)
+{
+	odp_pktio_t pktio;
+	odp_pktio_capability_t capa;
+	odp_pktio_config_t config;
+
+	pktio = odp_pktio_lookup("loop");
+	if (ODP_PKTIO_INVALID == pktio)
+		return -1;
+	if (odp_pktio_capability(pktio, &capa))
+		return -1;
+	/* If inline is not supported, return here. Tests will be marked as
+	 * inactive when testing for IPsec capabilities. */
+	if (in && !capa.config.inbound_ipsec)
+		return 0;
+	if (out && !capa.config.outbound_ipsec)
+		return 0;
+
+	odp_pktio_config_init(&config);
+	config.parser.layer = ODP_PKTIO_PARSER_LAYER_ALL;
+	config.inbound_ipsec = in;
+	config.outbound_ipsec = out;
+
+	if (odp_pktio_config(pktio, &config))
+		return -1;
+	if (odp_pktio_start(pktio))
+		return -1;
+
+	suite_context.pktio = pktio;
+
+	return 1;
+}
+
+static
+void pktio_stop(odp_pktio_t pktio)
+{
+	if (odp_pktio_stop(pktio))
+		fprintf(stderr, "IPsec pktio stop failed.\n");
+
+	while (1) {
+		odp_event_t ev = odp_schedule(NULL, ODP_SCHED_NO_WAIT);
+
+		if (ev != ODP_EVENT_INVALID)
+			odp_event_free(ev);
+		else
+			break;
+	}
+}
+
+int ipsec_check(odp_bool_t ah,
+		odp_cipher_alg_t cipher,
+		odp_auth_alg_t auth)
+{
+	odp_ipsec_capability_t capa;
+	odp_crypto_cipher_capability_t cipher_capa;
+	odp_crypto_auth_capability_t auth_capa;
+
+	if (odp_ipsec_capability(&capa) < 0)
+		return ODP_TEST_INACTIVE;
+
+	if ((ODP_IPSEC_OP_MODE_SYNC == suite_context.inbound_op_mode &&
+	     ODP_SUPPORT_NO == capa.op_mode_sync) ||
+	    (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode &&
+	     ODP_SUPPORT_NO == capa.op_mode_sync) ||
+	    (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode &&
+	     ODP_SUPPORT_NO == capa.op_mode_async) ||
+	    (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode &&
+	     ODP_SUPPORT_NO == capa.op_mode_async) ||
+	    (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode &&
+	     ODP_SUPPORT_NO == capa.op_mode_inline_in) ||
+	    (ODP_IPSEC_OP_MODE_INLINE == suite_context.outbound_op_mode &&
+	     ODP_SUPPORT_NO == capa.op_mode_inline_out))
+		return ODP_TEST_INACTIVE;
+
+	if (ah && (ODP_SUPPORT_NO == capa.proto_ah))
+		return ODP_TEST_INACTIVE;
+
+	/* Cipher algorithms */
+	switch (cipher) {
+	case ODP_CIPHER_ALG_NULL:
+		if (!capa.ciphers.bit.null)
+			return ODP_TEST_INACTIVE;
+		break;
+	case ODP_CIPHER_ALG_DES:
+		if (!capa.ciphers.bit.des)
+			return ODP_TEST_INACTIVE;
+		break;
+	case ODP_CIPHER_ALG_3DES_CBC:
+		if (!capa.ciphers.bit.trides_cbc)
+			return ODP_TEST_INACTIVE;
+		break;
+	case ODP_CIPHER_ALG_AES_CBC:
+		if (!capa.ciphers.bit.aes_cbc)
+			return ODP_TEST_INACTIVE;
+		break;
+	case ODP_CIPHER_ALG_AES_GCM:
+		if (!capa.ciphers.bit.aes_gcm)
+			return ODP_TEST_INACTIVE;
+		break;
+	default:
+		fprintf(stderr, "Unsupported cipher algorithm\n");
+		return ODP_TEST_INACTIVE;
+	}
+
+	/* Authentication algorithms */
+	switch (auth) {
+	case ODP_AUTH_ALG_NULL:
+		if (!capa.auths.bit.null)
+			return ODP_TEST_INACTIVE;
+		break;
+	case ODP_AUTH_ALG_MD5_HMAC:
+		if (!capa.auths.bit.md5_hmac)
+			return ODP_TEST_INACTIVE;
+		break;
+	case ODP_AUTH_ALG_SHA1_HMAC:
+		if (!capa.auths.bit.sha1_hmac)
+			return ODP_TEST_INACTIVE;
+		break;
+	case ODP_AUTH_ALG_SHA256_HMAC:
+		if (!capa.auths.bit.sha256_hmac)
+			return ODP_TEST_INACTIVE;
+		break;
+	case ODP_AUTH_ALG_SHA512_HMAC:
+		if (!capa.auths.bit.sha512_hmac)
+			return ODP_TEST_INACTIVE;
+		break;
+	case ODP_AUTH_ALG_AES_GCM:
+		if (!capa.auths.bit.aes_gcm)
+			return ODP_TEST_INACTIVE;
+		break;
+	default:
+		fprintf(stderr, "Unsupported authentication algorithm\n");
+		return ODP_TEST_INACTIVE;
+	}
+
+	if (odp_ipsec_cipher_capability(cipher, &cipher_capa, 1) <= 0) {
+		fprintf(stderr, "Wrong cipher capabilities\n");
+		return ODP_TEST_INACTIVE;
+	}
+
+	if (odp_ipsec_auth_capability(auth, &auth_capa, 1) <= 0) {
+		fprintf(stderr, "Wrong auth capabilities\n");
+		return ODP_TEST_INACTIVE;
+	}
+
+	return ODP_TEST_ACTIVE;
+}
+
+int ipsec_check_ah_sha256(void)
+{
+	return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC);
+}
+
+int ipsec_check_esp_null_sha256(void)
+{
+	return  ipsec_check_esp(ODP_CIPHER_ALG_NULL,
+				ODP_AUTH_ALG_SHA256_HMAC);
+}
+
+int ipsec_check_esp_aes_cbc_null(void)
+{
+	return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC,
+				ODP_AUTH_ALG_NULL);
+}
+
+int ipsec_check_esp_aes_cbc_sha256(void)
+{
+	return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC,
+				ODP_AUTH_ALG_SHA256_HMAC);
+}
+
+void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
+			 odp_bool_t in,
+			 odp_bool_t ah,
+			 uint32_t spi,
+			 odp_ipsec_tunnel_param_t *tun,
+			 odp_cipher_alg_t cipher_alg,
+			 const odp_crypto_key_t *cipher_key,
+			 odp_auth_alg_t auth_alg,
+			 const odp_crypto_key_t *auth_key)
+{
+	odp_ipsec_sa_param_init(param);
+	param->dir = in ? ODP_IPSEC_DIR_INBOUND :
+			  ODP_IPSEC_DIR_OUTBOUND;
+	if (in)
+		param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI;
+
+	param->proto = ah ? ODP_IPSEC_AH :
+			    ODP_IPSEC_ESP;
+
+	if (tun) {
+		param->mode = ODP_IPSEC_MODE_TUNNEL;
+		if (!in)
+			param->outbound.tunnel = *tun;
+	} else {
+		param->mode = ODP_IPSEC_MODE_TRANSPORT;
+	}
+
+	param->spi = spi;
+
+	param->dest_queue = suite_context.queue;
+
+	if (cipher_key) {
+		param->crypto.cipher_alg = cipher_alg;
+		param->crypto.cipher_key = *cipher_key;
+	}
+
+	if (auth_key) {
+		param->crypto.auth_alg = auth_alg;
+		param->crypto.auth_key = *auth_key;
+	}
+}
+
+void ipsec_sa_destroy(odp_ipsec_sa_t sa)
+{
+	odp_event_t event;
+	odp_ipsec_status_t status;
+
+	CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa));
+
+	if (ODP_QUEUE_INVALID != suite_context.queue) {
+		do {
+			event = odp_queue_deq(suite_context.queue);
+		} while (event == ODP_EVENT_INVALID);
+
+		CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_STATUS, odp_event_type(event));
+
+		CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_status(&status, event));
+
+		CU_ASSERT_EQUAL(ODP_IPSEC_STATUS_SA_DISABLE, status.id);
+		CU_ASSERT_EQUAL(sa, status.sa);
+		CU_ASSERT_EQUAL(0, status.result);
+		CU_ASSERT_EQUAL(0, status.warn.all);
+
+		odp_event_free(event);
+	}
+
+	CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa));
+}
+
+#define PACKET_USER_PTR	((void *)0x1212fefe)
+
+odp_packet_t ipsec_packet(const ipsec_test_packet *itp)
+{
+	odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len);
+
+	CU_ASSERT_NOT_EQUAL(ODP_PACKET_INVALID, pkt);
+	if (ODP_PACKET_INVALID == pkt)
+		return pkt;
+
+	CU_ASSERT_EQUAL(0, odp_packet_copy_from_mem(pkt, 0, itp->len,
+						    itp->data));
+	if (itp->l2_offset != ODP_PACKET_OFFSET_INVALID)
+		CU_ASSERT_EQUAL(0, odp_packet_l2_offset_set(pkt,
+							    itp->l2_offset));
+	if (itp->l3_offset != ODP_PACKET_OFFSET_INVALID)
+		CU_ASSERT_EQUAL(0, odp_packet_l3_offset_set(pkt,
+							    itp->l3_offset));
+	if (itp->l4_offset != ODP_PACKET_OFFSET_INVALID)
+		CU_ASSERT_EQUAL(0, odp_packet_l4_offset_set(pkt,
+							    itp->l4_offset));
+
+	odp_packet_user_ptr_set(pkt, PACKET_USER_PTR);
+
+	return pkt;
+}
+
+/*
+ * Compare packages ignoring everything before L3 header
+ */
+odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t pkt)
+{
+	uint32_t len = (ODP_PACKET_INVALID == pkt) ? 1 : odp_packet_len(pkt);
+	uint32_t l3, l4;
+	uint8_t data[len];
+
+	if (!itp)
+		return true;
+
+	if (ODP_PACKET_INVALID == pkt)
+		return false;
+
+	CU_ASSERT_EQUAL(PACKET_USER_PTR, odp_packet_user_ptr(pkt));
+
+	l3 = odp_packet_l3_offset(pkt);
+	l4 = odp_packet_l4_offset(pkt);
+	odp_packet_copy_to_mem(pkt, 0, len, data);
+
+	if (len - l3 != itp->len - itp->l3_offset)
+		return false;
+
+	if (l4 - l3 != itp->l4_offset - itp->l3_offset)
+		return false;
+
+	return memcmp(data + l3,
+		      itp->data + itp->l3_offset,
+		      len - l3) ? false : true;
+}
+
+static
+int ipsec_send_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa,
+		      odp_packet_t *pkto)
+{
+	odp_ipsec_in_param_t param;
+	int num_out = part->out_pkt;
+	odp_packet_t pkt;
+	int i;
+
+	pkt = ipsec_packet(part->pkt_in);
+
+	memset(&param, 0, sizeof(param));
+	if (!part->lookup) {
+		param.num_sa = 1;
+		param.sa = &sa;
+	} else {
+		param.num_sa = 0;
+		param.sa = NULL;
+	}
+
+	if (ODP_IPSEC_OP_MODE_SYNC == suite_context.inbound_op_mode) {
+		CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_in(&pkt, 1,
+							    pkto, &num_out,
+							    &param));
+		CU_ASSERT_EQUAL(num_out, part->out_pkt);
+	} else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode) {
+		CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, &param));
+
+		for (i = 0; i < num_out; i++) {
+			odp_event_t event;
+			odp_event_subtype_t subtype;
+
+			do {
+				event = odp_queue_deq(suite_context.queue);
+			} while (event == ODP_EVENT_INVALID);
+
+			CU_ASSERT_EQUAL(ODP_EVENT_PACKET,
+					odp_event_types(event, &subtype));
+			CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype);
+			pkto[i] = odp_ipsec_packet_from_event(event);
+		}
+	} else {
+		odp_pktout_queue_t pktout;
+
+		CU_ASSERT_EQUAL_FATAL(1, odp_pktout_queue(suite_context.pktio,
+							  &pktout, 1));
+
+		CU_ASSERT_EQUAL(1, odp_pktout_send(pktout, &pkt, 1));
+
+		for (i = 0; i < num_out;) {
+			odp_event_t ev;
+			odp_event_subtype_t subtype;
+			odp_queue_t queue;
+
+			ev = odp_schedule(&queue, ODP_SCHED_WAIT);
+			CU_ASSERT_NOT_EQUAL(ODP_EVENT_INVALID, ev);
+
+			if (ODP_EVENT_INVALID == ev)
+				continue;
+
+			CU_ASSERT_EQUAL(ODP_EVENT_PACKET,
+					odp_event_types(ev, &subtype));
+			if (queue == suite_context.queue) {
+				CU_ASSERT(!part->out[i].status.error.sa_lookup);
+				CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC,
+						subtype);
+			} else {
+				CU_ASSERT(part->out[i].status.error.sa_lookup);
+				CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC,
+						subtype);
+			}
+			pkto[i++] = odp_ipsec_packet_from_event(ev);
+		}
+	}
+
+	return num_out;
+}
+
+static
+int ipsec_send_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa,
+		       odp_packet_t *pkto)
+{
+	odp_ipsec_out_param_t param;
+	int num_out = part->out_pkt;
+	odp_packet_t pkt;
+	int i;
+
+	pkt = ipsec_packet(part->pkt_in);
+
+	memset(&param, 0, sizeof(param));
+	param.num_sa = 1;
+	param.sa = &sa;
+	param.num_opt = 0;
+	param.opt = NULL;
+
+	if (ODP_IPSEC_OP_MODE_SYNC == suite_context.outbound_op_mode) {
+		CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&pkt, 1,
+							     pkto, &num_out,
+							     &param));
+		CU_ASSERT_EQUAL(num_out, part->out_pkt);
+	} else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode) {
+		CU_ASSERT_EQUAL(1, odp_ipsec_out_enq(&pkt, 1, &param));
+
+		for (i = 0; i < num_out; i++) {
+			odp_event_t event;
+			odp_event_subtype_t subtype;
+
+			do {
+				event = odp_queue_deq(suite_context.queue);
+			} while (event == ODP_EVENT_INVALID);
+
+			CU_ASSERT_EQUAL(ODP_EVENT_PACKET,
+					odp_event_types(event, &subtype));
+			CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype);
+			pkto[i] = odp_ipsec_packet_from_event(event);
+		}
+	} else {
+		struct odp_ipsec_out_inline_param_t inline_param;
+
+		inline_param.pktio = suite_context.pktio;
+		inline_param.outer_hdr.ptr = part->out[0].pkt_out->data;
+		inline_param.outer_hdr.len = part->out[0].pkt_out->l3_offset;
+
+		CU_ASSERT_EQUAL(1, odp_ipsec_out_inline(&pkt, 1, &param,
+							&inline_param));
+
+		for (i = 0; i < num_out;) {
+			odp_event_t ev;
+			odp_event_subtype_t subtype;
+			odp_queue_t queue;
+
+			ev = odp_schedule(&queue, ODP_SCHED_WAIT);
+			CU_ASSERT_NOT_EQUAL(ODP_EVENT_INVALID, ev);
+
+			if (ODP_EVENT_INVALID == ev)
+				continue;
+
+			CU_ASSERT_EQUAL(ODP_EVENT_PACKET,
+					odp_event_types(ev, &subtype));
+			if (queue == suite_context.queue) {
+				CU_ASSERT(part->out[i].status.error.all);
+				CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC,
+						subtype);
+			} else {
+				CU_ASSERT(!part->out[i].status.error.all);
+				CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC,
+						subtype);
+			}
+			pkto[i++] = odp_ipsec_packet_from_event(ev);
+		}
+	}
+
+	return num_out;
+}
+
+void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa)
+{
+	int num_out = part->out_pkt;
+	odp_packet_t pkto[num_out];
+	int i;
+
+	num_out = ipsec_send_in_one(part, sa, pkto);
+
+	for (i = 0; i < num_out; i++) {
+		odp_ipsec_packet_result_t result;
+
+		if (ODP_PACKET_INVALID == pkto[i]) {
+			CU_FAIL("ODP_PACKET_INVALID received");
+			continue;
+		}
+
+		if (ODP_EVENT_PACKET_IPSEC !=
+		    odp_event_subtype(odp_packet_to_event(pkto[i]))) {
+			/* Inline packet went through loop */
+			CU_ASSERT_EQUAL(1, part->out[i].status.error.sa_lookup);
+		} else {
+			CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i]));
+			CU_ASSERT_EQUAL(part->out[i].status.error.all,
+					result.status.error.all);
+			CU_ASSERT_EQUAL(sa, result.sa);
+		}
+		CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out,
+					     pkto[i]));
+		odp_packet_free(pkto[i]);
+	}
+}
+
+void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa)
+{
+	int num_out = part->out_pkt;
+	odp_packet_t pkto[num_out];
+	int i;
+
+	num_out = ipsec_send_out_one(part, sa, pkto);
+
+	for (i = 0; i < num_out; i++) {
+		odp_ipsec_packet_result_t result;
+
+		if (ODP_PACKET_INVALID == pkto[i]) {
+			CU_FAIL("ODP_PACKET_INVALID received");
+			continue;
+		}
+
+		if (ODP_EVENT_PACKET_IPSEC !=
+		    odp_event_subtype(odp_packet_to_event(pkto[i]))) {
+			/* Inline packet went through loop */
+			CU_ASSERT_EQUAL(0, part->out[i].status.error.all);
+		} else {
+			/* IPsec packet */
+			CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i]));
+			CU_ASSERT_EQUAL(part->out[i].status.error.all,
+					result.status.error.all);
+			CU_ASSERT_EQUAL(sa, result.sa);
+		}
+		CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out,
+					     pkto[i]));
+		odp_packet_free(pkto[i]);
+	}
+}
+
+void ipsec_check_out_in_one(const ipsec_test_part *part,
+			    odp_ipsec_sa_t sa,
+			    odp_ipsec_sa_t sa_in)
+{
+	int num_out = part->out_pkt;
+	odp_packet_t pkto[num_out];
+	int i;
+
+	num_out = ipsec_send_out_one(part, sa, pkto);
+
+	for (i = 0; i < num_out; i++) {
+		ipsec_test_part part_in = *part;
+		ipsec_test_packet pkt_in;
+		odp_ipsec_packet_result_t result;
+
+		if (ODP_PACKET_INVALID == pkto[i]) {
+			CU_FAIL("ODP_PACKET_INVALID received");
+			continue;
+		}
+
+		if (ODP_EVENT_PACKET_IPSEC !=
+		    odp_event_subtype(odp_packet_to_event(pkto[i]))) {
+			/* Inline packet went through loop */
+			CU_ASSERT_EQUAL(0, part->out[i].status.error.all);
+		} else {
+			/* IPsec packet */
+			CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i]));
+			CU_ASSERT_EQUAL(part->out[i].status.error.all,
+					result.status.error.all);
+			CU_ASSERT_EQUAL(sa, result.sa);
+		}
+		CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <=
+				sizeof(pkt_in.data));
+
+		pkt_in.len = odp_packet_len(pkto[i]);
+		pkt_in.l2_offset = odp_packet_l2_offset(pkto[i]);
+		pkt_in.l3_offset = odp_packet_l3_offset(pkto[i]);
+		pkt_in.l4_offset = odp_packet_l4_offset(pkto[i]);
+		odp_packet_copy_to_mem(pkto[i], 0,
+				       pkt_in.len,
+				       pkt_in.data);
+		part_in.pkt_in = &pkt_in;
+		ipsec_check_in_one(&part_in, sa_in);
+		odp_packet_free(pkto[i]);
+	}
+}
+
+static
 void ipsec_test_capability(void)
 {
 	odp_ipsec_capability_t capa;
@@ -22,11 +645,260 @@  odp_testinfo_t ipsec_suite[] = {
 	ODP_TEST_INFO_NULL
 };
 
+static
+int ODP_UNUSED ipsec_sync_init(void)
+{
+	suite_context.pool = odp_pool_lookup("packet_pool");
+	if (suite_context.pool == ODP_POOL_INVALID)
+		return -1;
+
+	suite_context.queue = ODP_QUEUE_INVALID;
+	suite_context.pktio = ODP_PKTIO_INVALID;
+	suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_SYNC;
+	suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_SYNC;
+
+	return 0;
+}
+
+static
+int ODP_UNUSED ipsec_async_init(void)
+{
+	suite_context.pool = odp_pool_lookup("packet_pool");
+	if (suite_context.pool == ODP_POOL_INVALID)
+		return -1;
+	suite_context.queue = odp_queue_lookup("ipsec-out");
+	if (suite_context.queue == ODP_QUEUE_INVALID)
+		return -1;
+
+	suite_context.pktio = ODP_PKTIO_INVALID;
+	suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC;
+	suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC;
+
+	return 0;
+}
+
+static
+int ODP_UNUSED ipsec_in_inline_init(void)
+{
+	int rc;
+
+	suite_context.pool = odp_pool_lookup("packet_pool");
+	if (suite_context.pool == ODP_POOL_INVALID)
+		return -1;
+	suite_context.queue = odp_queue_lookup("ipsec-out-sched");
+	if (suite_context.queue == ODP_QUEUE_INVALID)
+		return -1;
+	rc = pktio_start(true, false);
+	if (rc <= 0)
+		return rc;
+	if (suite_context.pktio == ODP_PKTIO_INVALID)
+		return -1;
+
+	suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_INLINE;
+	suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC;
+
+	return 0;
+}
+
+static
+int ODP_UNUSED ipsec_out_inline_init(void)
+{
+	int rc;
+
+	suite_context.pool = odp_pool_lookup("packet_pool");
+	if (suite_context.pool == ODP_POOL_INVALID)
+		return -1;
+	suite_context.queue = odp_queue_lookup("ipsec-out");
+	if (suite_context.queue == ODP_QUEUE_INVALID)
+		return -1;
+	rc = pktio_start(false, true);
+	if (rc <= 0)
+		return rc;
+	if (suite_context.pktio == ODP_PKTIO_INVALID)
+		return -1;
+
+	suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC;
+	suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_INLINE;
+
+	return 0;
+}
+
+static
+int ipsec_suite_term(odp_testinfo_t *suite)
+{
+	int i;
+	int first = 1;
+
+	if (suite_context.pktio != ODP_PKTIO_INVALID)
+		pktio_stop(suite_context.pktio);
+
+	for (i = 0; suite[i].pName; i++) {
+		if (suite[i].check_active &&
+		    suite[i].check_active() == ODP_TEST_INACTIVE) {
+			if (first) {
+				first = 0;
+				printf("\n\n  Inactive tests:\n");
+			}
+			printf("    %s\n", suite[i].pName);
+		}
+	}
+
+	return 0;
+}
+
+static
+int ipsec_in_term(void)
+{
+	return ipsec_suite_term(ipsec_in_suite);
+}
+
+static
+int ipsec_out_term(void)
+{
+	return ipsec_suite_term(ipsec_out_suite);
+}
+
 odp_suiteinfo_t ipsec_suites[] = {
 	{"IPsec", NULL, NULL, ipsec_suite},
+	{"IPsec-sync-in", ipsec_sync_init, ipsec_in_term, ipsec_in_suite},
+	{"IPsec-sync-out", ipsec_sync_init, ipsec_out_term, ipsec_out_suite},
+	{"IPsec-async-in", ipsec_async_init, ipsec_in_term, ipsec_in_suite},
+	{"IPsec-async-out", ipsec_async_init, ipsec_out_term, ipsec_out_suite},
+	{"IPsec-inline-in", ipsec_in_inline_init, ipsec_in_term,
+	 ipsec_in_suite},
+	{"IPsec-inline-out", ipsec_out_inline_init, ipsec_out_term,
+	 ipsec_out_suite},
 	ODP_SUITE_INFO_NULL,
 };
 
+static
+int ipsec_init(odp_instance_t *inst)
+{
+	odp_pool_param_t params;
+	odp_pool_t pool;
+	odp_queue_param_t queue_param;
+	odp_queue_t out_queue;
+	odp_pool_capability_t pool_capa;
+	odp_pktio_t pktio;
+
+	if (0 != odp_init_global(inst, NULL, NULL)) {
+		fprintf(stderr, "error: odp_init_global() failed.\n");
+		return -1;
+	}
+
+	if (0 != odp_init_local(*inst, ODP_THREAD_CONTROL)) {
+		fprintf(stderr, "error: odp_init_local() failed.\n");
+		return -1;
+	}
+
+	if (odp_pool_capability(&pool_capa) < 0) {
+		fprintf(stderr, "error: odp_pool_capability() failed.\n");
+		return -1;
+	}
+
+	odp_pool_param_init(&params);
+	params.pkt.seg_len = PKT_POOL_LEN;
+	params.pkt.len     = PKT_POOL_LEN;
+	params.pkt.num     = PKT_POOL_NUM;
+	params.type        = ODP_POOL_PACKET;
+
+	if (pool_capa.pkt.max_seg_len &&
+	    PKT_POOL_LEN > pool_capa.pkt.max_seg_len) {
+		fprintf(stderr, "Warning: small packet segment length\n");
+		params.pkt.seg_len = pool_capa.pkt.max_seg_len;
+	}
+
+	if (pool_capa.pkt.max_len &&
+	    PKT_POOL_LEN > pool_capa.pkt.max_len) {
+		fprintf(stderr, "Pool max packet length too small\n");
+		return -1;
+	}
+
+	pool = odp_pool_create("packet_pool", &params);
+
+	if (ODP_POOL_INVALID == pool) {
+		fprintf(stderr, "Packet pool creation failed.\n");
+		return -1;
+	}
+	out_queue = odp_queue_create("ipsec-out", NULL);
+	if (ODP_QUEUE_INVALID == out_queue) {
+		fprintf(stderr, "IPsec outq creation failed.\n");
+		return -1;
+	}
+
+	odp_queue_param_init(&queue_param);
+	queue_param.type = ODP_QUEUE_TYPE_SCHED;
+	queue_param.sched.sync  = ODP_SCHED_SYNC_PARALLEL;
+	queue_param.sched.prio  = ODP_SCHED_PRIO_HIGHEST;
+	queue_param.sched.group = ODP_SCHED_GROUP_ALL;
+
+	out_queue = odp_queue_create("ipsec-out-sched", &queue_param);
+	if (ODP_QUEUE_INVALID == out_queue) {
+		fprintf(stderr, "IPsec sched outq creation failed.\n");
+		return -1;
+	}
+
+	pktio = pktio_create(ODP_QUEUE_TYPE_SCHED, pool);
+	if (ODP_PKTIO_INVALID == pktio) {
+		fprintf(stderr, "IPsec pktio creation failed.\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+static
+int ipsec_term(odp_instance_t inst)
+{
+	odp_pool_t pool;
+	odp_queue_t out_queue;
+	odp_pktio_t pktio;
+
+	pktio = odp_pktio_lookup("loop");
+	if (ODP_PKTIO_INVALID != pktio) {
+		if (odp_pktio_close(pktio))
+			fprintf(stderr, "IPsec pktio close failed.\n");
+	} else {
+		fprintf(stderr, "IPsec pktio not found.\n");
+	}
+
+	out_queue = odp_queue_lookup("ipsec-out-sched");
+	if (ODP_QUEUE_INVALID != out_queue) {
+		if (odp_queue_destroy(out_queue))
+			fprintf(stderr, "IPsec sched outq destroy failed.\n");
+	} else {
+		fprintf(stderr, "IPsec sched outq not found.\n");
+	}
+
+	out_queue = odp_queue_lookup("ipsec-out");
+	if (ODP_QUEUE_INVALID != out_queue) {
+		if (odp_queue_destroy(out_queue))
+			fprintf(stderr, "IPsec outq destroy failed.\n");
+	} else {
+		fprintf(stderr, "IPsec outq not found.\n");
+	}
+
+	pool = odp_pool_lookup("packet_pool");
+	if (ODP_POOL_INVALID != pool) {
+		if (odp_pool_destroy(pool))
+			fprintf(stderr, "Packet pool destroy failed.\n");
+	} else {
+		fprintf(stderr, "Packet pool not found.\n");
+	}
+
+	if (0 != odp_term_local()) {
+		fprintf(stderr, "error: odp_term_local() failed.\n");
+		return -1;
+	}
+
+	if (0 != odp_term_global(inst)) {
+		fprintf(stderr, "error: odp_term_global() failed.\n");
+		return -1;
+	}
+
+	return 0;
+}
+
 int ipsec_main(int argc, char *argv[])
 {
 	int ret;
@@ -35,8 +907,10 @@  int ipsec_main(int argc, char *argv[])
 	if (odp_cunit_parse_options(argc, argv))
 		return -1;
 
-	ret = odp_cunit_register(ipsec_suites);
+	odp_cunit_register_global_init(ipsec_init);
+	odp_cunit_register_global_term(ipsec_term);
 
+	ret = odp_cunit_register(ipsec_suites);
 	if (ret == 0)
 		ret = odp_cunit_run();
 
diff --git a/test/common_plat/validation/api/ipsec/ipsec.h b/test/common_plat/validation/api/ipsec/ipsec.h
index 290a186f..8ffe9f31 100644
--- a/test/common_plat/validation/api/ipsec/ipsec.h
+++ b/test/common_plat/validation/api/ipsec/ipsec.h
@@ -9,16 +9,70 @@ 
 
 #include <odp_cunit_common.h>
 
-/* test functions: */
-void ipsec_test_capability(void);
-
 /* test arrays: */
-extern odp_testinfo_t ipsec_suite[];
-
-/* test registry: */
-extern odp_suiteinfo_t ipsec_suites[];
+extern odp_testinfo_t ipsec_in_suite[];
+extern odp_testinfo_t ipsec_out_suite[];
 
 /* main test program: */
 int ipsec_main(int argc, char *argv[]);
 
+struct suite_context_s {
+	odp_ipsec_op_mode_t inbound_op_mode;
+	odp_ipsec_op_mode_t outbound_op_mode;
+	odp_pool_t pool;
+	odp_queue_t queue;
+	odp_pktio_t pktio;
+};
+
+extern struct suite_context_s suite_context;
+
+typedef struct {
+	uint32_t len;
+	uint32_t l2_offset;
+	uint32_t l3_offset;
+	uint32_t l4_offset;
+	uint8_t data[256];
+} ipsec_test_packet;
+
+typedef struct {
+	const ipsec_test_packet *pkt_in;
+	odp_bool_t lookup;
+	int out_pkt;
+	struct {
+		odp_ipsec_op_status_t status;
+		const ipsec_test_packet *pkt_out;
+	} out[1];
+} ipsec_test_part;
+
+void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
+			 odp_bool_t in,
+			 odp_bool_t ah,
+			 uint32_t spi,
+			 odp_ipsec_tunnel_param_t *tun,
+			 odp_cipher_alg_t cipher_alg,
+			 const odp_crypto_key_t *cipher_key,
+			 odp_auth_alg_t auth_alg,
+			 const odp_crypto_key_t *auth_key);
+
+void ipsec_sa_destroy(odp_ipsec_sa_t sa);
+odp_packet_t ipsec_packet(const ipsec_test_packet *itp);
+odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t pkt);
+void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa);
+void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa);
+void ipsec_check_out_in_one(const ipsec_test_part *part,
+			    odp_ipsec_sa_t sa,
+			    odp_ipsec_sa_t sa_in);
+
+int ipsec_check(odp_bool_t ah,
+		odp_cipher_alg_t cipher,
+		odp_auth_alg_t auth);
+#define ipsec_check_ah(auth) \
+	ipsec_check(true, ODP_CIPHER_ALG_NULL, auth)
+#define ipsec_check_esp(cipher, auth) \
+	ipsec_check(false, cipher, auth)
+int ipsec_check_ah_sha256(void);
+int ipsec_check_esp_null_sha256(void);
+int ipsec_check_esp_aes_cbc_null(void);
+int ipsec_check_esp_aes_cbc_sha256(void);
+
 #endif
diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_in.c b/test/common_plat/validation/api/ipsec/ipsec_test_in.c
new file mode 100644
index 00000000..bd9a47f1
--- /dev/null
+++ b/test/common_plat/validation/api/ipsec/ipsec_test_in.c
@@ -0,0 +1,831 @@ 
+/* Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#include "ipsec.h"
+
+#include "test_vectors.h"
+
+static
+void test_in_ah_sha256(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, true, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_ah_sha256_1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_ah_sha256_tun(void)
+{
+	odp_ipsec_tunnel_param_t tunnel = {};
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, true, 123, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_ah_tun_sha256_1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_ah_sha256_tun_notun(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, true, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_ah_tun_sha256_1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0_ipip },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_esp_null_sha256(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_esp_null_sha256_1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_esp_aes_cbc_null(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_AES_CBC, &key_a5_128,
+			    ODP_AUTH_ALG_NULL, NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_esp_aes_cbc_sha256(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_AES_CBC, &key_a5_128,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_lookup_ah_sha256(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, true, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_ah_sha256_1,
+		.lookup = 1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_lookup_esp_null_sha256(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_esp_null_sha256_1,
+		.lookup = 1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_esp_null_sha256_tun(void)
+{
+	odp_ipsec_tunnel_param_t tunnel = {};
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_esp_tun_null_sha256_1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_ah_esp_pkt(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	/* This test will not work properly inbound inline mode.
+	 * test_in_lookup_ah_esp_pkt will be used instead. */
+	if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE)
+		return;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, true, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_esp_null_sha256_1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.proto = 1,
+			  .pkt_out =  NULL },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_esp_ah_pkt(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	/* This test will not work properly inbound inline mode.
+	 * test_in_lookup_esp_ah_pkt will be used instead. */
+	if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE)
+		return;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_ah_sha256_1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.proto = 1,
+			  .pkt_out = NULL },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_lookup_ah_esp_pkt(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, true, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_esp_null_sha256_1,
+		.lookup = 1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.sa_lookup = 1,
+			  .pkt_out =  NULL },
+		},
+	};
+
+	ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_lookup_esp_ah_pkt(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_ah_sha256_1,
+		.lookup = 1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.sa_lookup = 1,
+			  .pkt_out = NULL },
+		},
+	};
+
+	ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_ah_sha256_bad1(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, true, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_ah_sha256_1_bad1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.auth = 1,
+			  .pkt_out = NULL },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_ah_sha256_bad2(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, true, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_ah_sha256_1_bad2,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.auth = 1,
+			  .pkt_out = NULL },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_esp_null_sha256_bad1(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.auth = 1,
+			  .pkt_out = NULL },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_rfc3602_5_esp(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 0x4321, NULL,
+			    ODP_CIPHER_ALG_AES_CBC, &key_rfc3602,
+			    ODP_AUTH_ALG_NULL, NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_rfc3602_5_esp,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_rfc3602_5 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_rfc3602_6_esp(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 0x4321, NULL,
+			    ODP_CIPHER_ALG_AES_CBC, &key_rfc3602,
+			    ODP_AUTH_ALG_NULL, NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_rfc3602_6_esp,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_rfc3602_6 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_rfc3602_7_esp(void)
+{
+	odp_ipsec_tunnel_param_t tunnel = {};
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 0x8765, &tunnel,
+			    ODP_CIPHER_ALG_AES_CBC, &key_rfc3602_2,
+			    ODP_AUTH_ALG_NULL, NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_rfc3602_7_esp,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_rfc3602_7 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_in_rfc3602_8_esp(void)
+{
+	odp_ipsec_tunnel_param_t tunnel = {};
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 0x8765, &tunnel,
+			    ODP_CIPHER_ALG_AES_CBC, &key_rfc3602_2,
+			    ODP_AUTH_ALG_NULL, NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_rfc3602_8_esp,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_rfc3602_8 },
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+odp_testinfo_t ipsec_in_suite[] = {
+	ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_5_esp,
+				  ipsec_check_esp_aes_cbc_null),
+	ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_6_esp,
+				  ipsec_check_esp_aes_cbc_null),
+	ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_7_esp,
+				  ipsec_check_esp_aes_cbc_null),
+	ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_8_esp,
+				  ipsec_check_esp_aes_cbc_null),
+	ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun_notun,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null,
+				  ipsec_check_esp_aes_cbc_null),
+	ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256,
+				  ipsec_check_esp_aes_cbc_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_esp_pkt,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_ah_pkt,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_NULL,
+};
diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_out.c b/test/common_plat/validation/api/ipsec/ipsec_test_out.c
new file mode 100644
index 00000000..a62f2549
--- /dev/null
+++ b/test/common_plat/validation/api/ipsec/ipsec_test_out.c
@@ -0,0 +1,347 @@ 
+/* Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#include "ipsec.h"
+
+#include "test_vectors.h"
+
+static
+void test_out_ah_sha256(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    false, true, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0_ah_sha256_1 },
+		},
+	};
+
+	ipsec_check_out_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+#define IPV4ADDR(a, b, c, d) odp_cpu_to_be_32((a << 24) | \
+					      (b << 16) | \
+					      (c << 8) | \
+					      (d << 0))
+
+static
+void test_out_ah_sha256_tun(void)
+{
+	uint32_t src = IPV4ADDR(10, 0, 111, 2);
+	uint32_t dst = IPV4ADDR(10, 0, 222, 2);
+	odp_ipsec_tunnel_param_t tunnel = {
+		.type = ODP_IPSEC_TUNNEL_IPV4,
+		.ipv4.src_addr = &src,
+		.ipv4.dst_addr = &dst,
+		.ipv4.ttl = 64,
+	};
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    false, true, 123, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0_ah_tun_sha256_1 },
+		},
+	};
+
+	ipsec_check_out_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_out_esp_null_sha256_out(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0_esp_null_sha256_1 },
+		},
+	};
+
+	ipsec_check_out_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_out_esp_null_sha256_tun_out(void)
+{
+	uint32_t src = IPV4ADDR(10, 0, 111, 2);
+	uint32_t dst = IPV4ADDR(10, 0, 222, 2);
+	odp_ipsec_tunnel_param_t tunnel = {
+		.type = ODP_IPSEC_TUNNEL_IPV4,
+		.ipv4.src_addr = &src,
+		.ipv4.dst_addr = &dst,
+		.ipv4.ttl = 64,
+	};
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0_esp_tun_null_sha256_1 },
+		},
+	};
+
+	ipsec_check_out_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_out_esp_null_sha256(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+	odp_ipsec_sa_t sa2;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa2 = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_out_in_one(&test, sa, sa2);
+
+	ipsec_sa_destroy(sa2);
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_out_esp_aes_cbc_null(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+	odp_ipsec_sa_t sa2;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, NULL,
+			    ODP_CIPHER_ALG_AES_CBC, &key_a5_128,
+			    ODP_AUTH_ALG_NULL, NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_AES_CBC, &key_a5_128,
+			    ODP_AUTH_ALG_NULL, NULL);
+
+	sa2 = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_out_in_one(&test, sa, sa2);
+
+	ipsec_sa_destroy(sa2);
+	ipsec_sa_destroy(sa);
+}
+
+static
+void test_out_esp_aes_cbc_sha256(void)
+{
+	odp_ipsec_config_t ipsec_config;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+	odp_ipsec_sa_t sa2;
+
+	odp_ipsec_config_init(&ipsec_config);
+	ipsec_config.inbound_mode = suite_context.inbound_op_mode;
+	ipsec_config.outbound_mode = suite_context.outbound_op_mode;
+	ipsec_config.inbound.default_queue = suite_context.queue;
+
+	CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config));
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, NULL,
+			    ODP_CIPHER_ALG_AES_CBC, &key_a5_128,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_AES_CBC, &key_a5_128,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256);
+
+	sa2 = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_out_in_one(&test, sa, sa2);
+
+	ipsec_sa_destroy(sa2);
+	ipsec_sa_destroy(sa);
+}
+
+odp_testinfo_t ipsec_out_suite[] = {
+	ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256_tun,
+				  ipsec_check_ah_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_out,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_tun_out,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_null,
+				  ipsec_check_esp_aes_cbc_null),
+	ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256,
+				  ipsec_check_esp_aes_cbc_sha256),
+	ODP_TEST_INFO_NULL,
+};
diff --git a/test/common_plat/validation/api/ipsec/test_vectors.h b/test/common_plat/validation/api/ipsec/test_vectors.h
new file mode 100644
index 00000000..facd0636
--- /dev/null
+++ b/test/common_plat/validation/api/ipsec/test_vectors.h
@@ -0,0 +1,728 @@ 
+/* Copyright (c) 2017, Linaro Limited
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier:     BSD-3-Clause
+ */
+
+#ifndef _ODP_TEST_IPSEC_VECTORS_H_
+#define _ODP_TEST_IPSEC_VECTORS_H_
+
+#define KEY(name, ...)					\
+	static uint8_t name ## _data[] = { __VA_ARGS__ };	\
+	static const ODP_UNUSED odp_crypto_key_t name = {	\
+		.data = name ## _data,			\
+		.length = sizeof(name ## _data),	\
+	}
+
+KEY(key_a5_128, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,
+		0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5);
+KEY(key_5a_128, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+		0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a);
+KEY(key_a5_256, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,
+		0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,
+		0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,
+		0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5);
+KEY(key_5a_256, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+		0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+		0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+		0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a);
+
+KEY(key_rfc3602, 0x90, 0xd3, 0x82, 0xb4, 0x10, 0xee, 0xba, 0x7a,
+		 0xd9, 0x38, 0xc4, 0x6c, 0xec, 0x1a, 0x82, 0xbf);
+KEY(key_rfc3602_2, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+		   0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef);
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = {
+	.len = 142,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* ICMP */
+		0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+		0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+		0x58, 0x59, 0x5a, 0x5b,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = {
+	.len = 162,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x04, 0x19, 0x62, 0x0a, 0x00, 0x6f, 0x02,
+		0x0a, 0x00, 0xde, 0x02,
+
+		/* Inner IP */
+		0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* ICMP */
+		0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+		0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+		0x58, 0x59, 0x5a, 0x5b
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = {
+	.len = 170,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* AH */
+		0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+		0x00, 0x00, 0x00, 0x01,
+		0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3,
+		0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51,
+
+		/* ICMP */
+		0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+		0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+		0x58, 0x59, 0x5a, 0x5b,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = {
+	.len = 190,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x33, 0x19, 0x17, 0x0a, 0x00, 0x6f, 0x02,
+		0x0a, 0x00, 0xde, 0x02,
+
+		/* AH */
+		0x04, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+		0x00, 0x00, 0x00, 0x01,
+		0xd5, 0x35, 0x9b, 0x21, 0xe6, 0x14, 0x9b, 0x42,
+		0x1f, 0x00, 0xfa, 0x36, 0x73, 0x4c, 0x53, 0xcf,
+
+		/* Inner IP */
+		0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* ICMP */
+		0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+		0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+		0x58, 0x59, 0x5a, 0x5b,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = {
+	.len = 168,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* AH */
+		0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+		0x00, 0x00, 0x00, 0x01,
+		0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3,
+		0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51,
+
+		/* ICMP */
+		0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+		0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+		0x58, 0x59,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = {
+	.len = 170,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* AH */
+		0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+		0x00, 0x00, 0x00, 0x01,
+		0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3,
+		0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51,
+
+		/* ICMP */
+		0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+		0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+		0x58, 0x59, 0x5a, 0x5d,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = {
+	.len = 170,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* ESP */
+		0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,
+
+		/* ICMP */
+		0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+		0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+		0x58, 0x59, 0x5a, 0x5b,
+
+		/* ESP TRL */
+		0x01, 0x02, 0x02, 0x01,
+
+		/* ICV */
+		0xe9, 0x81, 0xcd, 0x65, 0x9b, 0x25, 0x0b, 0x33,
+		0xe2, 0xf3, 0x83, 0xf1, 0x6d, 0x14, 0xb4, 0x1f,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = {
+	.len = 190,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x32, 0x19, 0x18, 0x0a, 0x00, 0x6f, 0x02,
+		0x0a, 0x00, 0xde, 0x02,
+
+		/* ESP */
+		0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,
+
+		/* Inner IP */
+		0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* ICMP */
+		0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+		0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+		0x58, 0x59, 0x5a, 0x5b,
+
+		/* ESP TRL */
+		0x01, 0x02, 0x02, 0x04,
+
+		/* ICV */
+		0x73, 0x8d, 0xf6, 0x9a, 0x26, 0x06, 0x4d, 0xa1,
+		0x88, 0x37, 0x65, 0xab, 0x0d, 0xe9, 0x95, 0x3b,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = {
+	.len = 170,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* ESP */
+		0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,
+
+		/* ICMP */
+		0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+		0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+		0x58, 0x59, 0x5a, 0x5b,
+
+		/* ESP TRL */
+		0x01, 0x02, 0x02, 0x01,
+
+		/* ICV */
+		0x18, 0x00, 0x14, 0x3a, 0x54, 0x72, 0x98, 0xe8,
+		0xc7, 0x2d, 0xfa, 0xeb, 0x70, 0xe0, 0x24, 0xdf,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = {
+	.len = 170,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* ESP */
+		0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,
+
+		/* IV */
+		0x96, 0xfa, 0x74, 0x56, 0x78, 0xe4, 0xbb, 0x0c,
+		0x9e, 0x6e, 0x4a, 0xeb, 0x44, 0xd9, 0xf2, 0xe6,
+
+		/* data */
+		0x2f, 0xb3, 0xa6, 0xfe, 0x2c, 0x2e, 0xce, 0x65,
+		0x3a, 0x57, 0xe3, 0x09, 0x5d, 0x66, 0x36, 0x32,
+		0xb1, 0xc2, 0x59, 0x58, 0xb6, 0xe5, 0x9e, 0xa2,
+		0x07, 0xf8, 0x26, 0x4a, 0x64, 0xf5, 0x16, 0x01,
+		0x51, 0x8e, 0xe5, 0x4b, 0x07, 0x2c, 0x4b, 0x23,
+		0xfa, 0x4e, 0x6e, 0xdb, 0x35, 0xc7, 0x1d, 0x30,
+		0x42, 0xd9, 0x0f, 0xba, 0x8a, 0x69, 0x7e, 0x29,
+		0xe7, 0xbd, 0x15, 0xe9, 0x35, 0x9e, 0x81, 0xe7,
+		0x9e, 0xc9, 0x7d, 0x66, 0x99, 0x58, 0xec, 0x45,
+		0x29, 0xd0, 0xa4, 0xfd, 0xf1, 0xe7, 0x5b, 0x3e,
+		0x2a, 0x77, 0x1d, 0x8f, 0x2b, 0x73, 0xba, 0xf8,
+		0x72, 0xd2, 0xa0, 0x0b, 0x90, 0xb9, 0x73, 0x9c,
+		0xde, 0x3c, 0xc3, 0xb8, 0x91, 0x97, 0xc4, 0x28,
+		0xfa, 0x6d, 0xa8, 0x41, 0xb6, 0x83, 0xc8, 0xaa,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = {
+	.len = 186,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x00,
+		0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02,
+		0xc0, 0xa8, 0xde, 0x02,
+
+		/* ESP */
+		0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01,
+
+		/* IV */
+		0x96, 0xfa, 0x74, 0x56, 0x78, 0xe4, 0xbb, 0x0c,
+		0x9e, 0x6e, 0x4a, 0xeb, 0x44, 0xd9, 0xf2, 0xe6,
+
+		/* data */
+		0x2f, 0xb3, 0xa6, 0xfe, 0x2c, 0x2e, 0xce, 0x65,
+		0x3a, 0x57, 0xe3, 0x09, 0x5d, 0x66, 0x36, 0x32,
+		0xb1, 0xc2, 0x59, 0x58, 0xb6, 0xe5, 0x9e, 0xa2,
+		0x07, 0xf8, 0x26, 0x4a, 0x64, 0xf5, 0x16, 0x01,
+		0x51, 0x8e, 0xe5, 0x4b, 0x07, 0x2c, 0x4b, 0x23,
+		0xfa, 0x4e, 0x6e, 0xdb, 0x35, 0xc7, 0x1d, 0x30,
+		0x42, 0xd9, 0x0f, 0xba, 0x8a, 0x69, 0x7e, 0x29,
+		0xe7, 0xbd, 0x15, 0xe9, 0x35, 0x9e, 0x81, 0xe7,
+		0x9e, 0xc9, 0x7d, 0x66, 0x99, 0x58, 0xec, 0x45,
+		0x29, 0xd0, 0xa4, 0xfd, 0xf1, 0xe7, 0x5b, 0x3e,
+		0x2a, 0x77, 0x1d, 0x8f, 0x2b, 0x73, 0xba, 0xf8,
+		0x72, 0xd2, 0xa0, 0x0b, 0x90, 0xb9, 0x73, 0x9c,
+		0xde, 0x3c, 0xc3, 0xb8, 0x91, 0x97, 0xc4, 0x28,
+		0xfa, 0x6d, 0xa8, 0x41, 0xb6, 0x83, 0xc8, 0xaa,
+
+		/* IV */
+		0x8a, 0x39, 0x10, 0x07, 0x02, 0x97, 0xbb, 0x1c,
+		0x59, 0xb7, 0x70, 0x33, 0xa4, 0x26, 0xa2, 0xb8
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = {
+	.len = 98,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x54, 0x08, 0xf2, 0x00, 0x00,
+		0x40, 0x01, 0xf9, 0xfe, 0xc0, 0xa8, 0x7b, 0x03,
+		0xc0, 0xa8, 0x7b, 0x64,
+
+		/* ICMP */
+		0x08, 0x00, 0x0e, 0xbd, 0xa7, 0x0a, 0x00, 0x00,
+		0x8e, 0x9c, 0x08, 0x3d, 0xb9, 0x5b, 0x07, 0x00,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5_esp = {
+	.len = 138,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x7c, 0x08, 0xf2, 0x00, 0x00,
+		0x40, 0x32, 0xf9, 0xa5, 0xc0, 0xa8, 0x7b, 0x03,
+		0xc0, 0xa8, 0x7b, 0x64,
+
+		/* ESP */
+		0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x01,
+
+		/* IV */
+		0xe9, 0x6e, 0x8c, 0x08, 0xab, 0x46, 0x57, 0x63,
+		0xfd, 0x09, 0x8d, 0x45, 0xdd, 0x3f, 0xf8, 0x93,
+
+		/* data */
+		0xf6, 0x63, 0xc2, 0x5d, 0x32, 0x5c, 0x18, 0xc6,
+		0xa9, 0x45, 0x3e, 0x19, 0x4e, 0x12, 0x08, 0x49,
+		0xa4, 0x87, 0x0b, 0x66, 0xcc, 0x6b, 0x99, 0x65,
+		0x33, 0x00, 0x13, 0xb4, 0x89, 0x8d, 0xc8, 0x56,
+		0xa4, 0x69, 0x9e, 0x52, 0x3a, 0x55, 0xdb, 0x08,
+		0x0b, 0x59, 0xec, 0x3a, 0x8e, 0x4b, 0x7e, 0x52,
+		0x77, 0x5b, 0x07, 0xd1, 0xdb, 0x34, 0xed, 0x9c,
+		0x53, 0x8a, 0xb5, 0x0c, 0x55, 0x1b, 0x87, 0x4a,
+		0xa2, 0x69, 0xad, 0xd0, 0x47, 0xad, 0x2d, 0x59,
+		0x13, 0xac, 0x19, 0xb7, 0xcf, 0xba, 0xd4, 0xa6,
+	},
+};
+
+static const ipsec_test_packet pkt_rfc3602_6 = {
+	.len = 62,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x30, 0x08, 0xfe, 0x00, 0x00,
+		0x40, 0x01, 0xfa, 0x16, 0xc0, 0xa8, 0x7b, 0x03,
+		0xc0, 0xa8, 0x7b, 0x64,
+
+		/* ICMP */
+		0x08, 0x00, 0xb5, 0xe8, 0xa8, 0x0a, 0x05, 0x00,
+		0xa6, 0x9c, 0x08, 0x3d, 0x0b, 0x66, 0x0e, 0x00,
+		0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
+		0x77, 0x77, 0x77, 0x77,
+	},
+};
+
+static const ipsec_test_packet pkt_rfc3602_6_esp = {
+	.len = 90,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x4c, 0x08, 0xfe, 0x00, 0x00,
+		0x40, 0x32, 0xf9, 0xc9, 0xc0, 0xa8, 0x7b, 0x03,
+		0xc0, 0xa8, 0x7b, 0x64,
+
+		/* ESP */
+		0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x08,
+
+		/* IV */
+		0x69, 0xd0, 0x8d, 0xf7, 0xd2, 0x03, 0x32, 0x9d,
+		0xb0, 0x93, 0xfc, 0x49, 0x24, 0xe5, 0xbd, 0x80,
+
+		/* data */
+		0xf5, 0x19, 0x95, 0x88, 0x1e, 0xc4, 0xe0, 0xc4,
+		0x48, 0x89, 0x87, 0xce, 0x74, 0x2e, 0x81, 0x09,
+		0x68, 0x9b, 0xb3, 0x79, 0xd2, 0xd7, 0x50, 0xc0,
+		0xd9, 0x15, 0xdc, 0xa3, 0x46, 0xa8, 0x9f, 0x75,
+	},
+};
+
+static const ipsec_test_packet pkt_rfc3602_7 = {
+	.len = 98,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x54, 0x09, 0x04, 0x00, 0x00,
+		0x40, 0x01, 0xf9, 0x88, 0xc0, 0xa8, 0x7b, 0x03,
+		0xc0, 0xa8, 0x7b, 0xc8,
+
+		/* ICMP */
+		0x08, 0x00, 0x9f, 0x76, 0xa9, 0x0a, 0x01, 0x00,
+		0xb4, 0x9c, 0x08, 0x3d, 0x02, 0xa2, 0x04, 0x00,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+	},
+};
+
+static const ipsec_test_packet pkt_rfc3602_7_esp = {
+	.len = 154,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x8c, 0x09, 0x05, 0x00, 0x00,
+		0x40, 0x32, 0xf9, 0x1e, 0xc0, 0xa8, 0x7b, 0x03,
+		0xc0, 0xa8, 0x7b, 0xc8,
+
+		/* ESP */
+		0x00, 0x00, 0x87, 0x65, 0x00, 0x00, 0x00, 0x02,
+
+		/* IV */
+		0xf4, 0xe7, 0x65, 0x24, 0x4f, 0x64, 0x07, 0xad,
+		0xf1, 0x3d, 0xc1, 0x38, 0x0f, 0x67, 0x3f, 0x37,
+
+		/* data */
+		0x77, 0x3b, 0x52, 0x41, 0xa4, 0xc4, 0x49, 0x22,
+		0x5e, 0x4f, 0x3c, 0xe5, 0xed, 0x61, 0x1b, 0x0c,
+		0x23, 0x7c, 0xa9, 0x6c, 0xf7, 0x4a, 0x93, 0x01,
+		0x3c, 0x1b, 0x0e, 0xa1, 0xa0, 0xcf, 0x70, 0xf8,
+		0xe4, 0xec, 0xae, 0xc7, 0x8a, 0xc5, 0x3a, 0xad,
+		0x7a, 0x0f, 0x02, 0x2b, 0x85, 0x92, 0x43, 0xc6,
+		0x47, 0x75, 0x2e, 0x94, 0xa8, 0x59, 0x35, 0x2b,
+		0x8a, 0x4d, 0x4d, 0x2d, 0xec, 0xd1, 0x36, 0xe5,
+		0xc1, 0x77, 0xf1, 0x32, 0xad, 0x3f, 0xbf, 0xb2,
+		0x20, 0x1a, 0xc9, 0x90, 0x4c, 0x74, 0xee, 0x0a,
+		0x10, 0x9e, 0x0c, 0xa1, 0xe4, 0xdf, 0xe9, 0xd5,
+		0xa1, 0x00, 0xb8, 0x42, 0xf1, 0xc2, 0x2f, 0x0d,
+	},
+};
+
+static const ipsec_test_packet pkt_rfc3602_8 = {
+	.len = 82,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x44, 0x09, 0x0c, 0x00, 0x00,
+		0x40, 0x01, 0xf9, 0x90, 0xc0, 0xa8, 0x7b, 0x03,
+		0xc0, 0xa8, 0x7b, 0xc8,
+
+		/* ICMP */
+		0x08, 0x00, 0xd6, 0x3c, 0xaa, 0x0a, 0x02, 0x00,
+		0xc6, 0x9c, 0x08, 0x3d, 0xa3, 0xde, 0x03, 0x00,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	},
+};
+
+static const ipsec_test_packet pkt_rfc3602_8_esp = {
+	.len = 138,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x7c, 0x09, 0x0d, 0x00, 0x00,
+		0x40, 0x32, 0xf9, 0x26, 0xc0, 0xa8, 0x7b, 0x03,
+		0xc0, 0xa8, 0x7b, 0xc8,
+
+		/* ESP */
+		0x00, 0x00, 0x87, 0x65, 0x00, 0x00, 0x00, 0x05,
+
+		/* IV */
+		0x85, 0xd4, 0x72, 0x24, 0xb5, 0xf3, 0xdd, 0x5d,
+		0x21, 0x01, 0xd4, 0xea, 0x8d, 0xff, 0xab, 0x22,
+
+		/* data */
+		0x15, 0xb9, 0x26, 0x83, 0x81, 0x95, 0x96, 0xa8,
+		0x04, 0x72, 0x32, 0xcc, 0x00, 0xf7, 0x04, 0x8f,
+		0xe4, 0x53, 0x18, 0xe1, 0x1f, 0x8a, 0x0f, 0x62,
+		0xed, 0xe3, 0xc3, 0xfc, 0x61, 0x20, 0x3b, 0xb5,
+		0x0f, 0x98, 0x0a, 0x08, 0xc9, 0x84, 0x3f, 0xd3,
+		0xa1, 0xb0, 0x6d, 0x5c, 0x07, 0xff, 0x96, 0x39,
+		0xb7, 0xeb, 0x7d, 0xfb, 0x35, 0x12, 0xe5, 0xde,
+		0x43, 0x5e, 0x72, 0x07, 0xed, 0x97, 0x1e, 0xf3,
+		0xd2, 0x72, 0x6d, 0x9b, 0x5e, 0xf6, 0xaf, 0xfc,
+		0x6d, 0x17, 0xa0, 0xde, 0xcb, 0xb1, 0x38, 0x92,
+	},
+};
+
+#endif