diff mbox series

[04/13] test/crypto: add IPv6 tunnel mode cases

Message ID 1638777528-553-5-git-send-email-anoobj@marvell.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers show
Series Add new cases to lookaside IPsec tests | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Anoob Joseph Dec. 6, 2021, 7:58 a.m. UTC
From: Tejasree Kondoj <ktejasree@marvell.com>

Add IPv6 known vector and combined mode tests.

Following modes are added:
Tunnel IPv6 in IPv6
Tunnel IPv4 in IPv4
Tunnel IPv4 in IPv6
Tunnel IPv6 in IPv4

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 app/test/test_cryptodev.c                          | 102 ++++++++++-
 app/test/test_cryptodev_security_ipsec.c           |  74 +++++++-
 app/test/test_cryptodev_security_ipsec.h           |   4 +
 .../test_cryptodev_security_ipsec_test_vectors.h   | 202 +++++++++++++++++++++
 4 files changed, 378 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 2a7ede6..f2c677d 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9125,6 +9125,10 @@  test_ipsec_proto_process(const struct ipsec_test_data td[],
 			 bool silent,
 			 const struct ipsec_test_flags *flags)
 {
+	uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000,
+				0x0000, 0x001a};
+	uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174,
+				0xe82c, 0x4887};
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct rte_security_capability_idx sec_cap_idx;
@@ -9158,8 +9162,16 @@  test_ipsec_proto_process(const struct ipsec_test_data td[],
 			dst += 1;
 	}
 
-	memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
-	memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+	if (td->ipsec_xform.tunnel.type ==
+			RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+		memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
+		memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+	} else {
+		memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+			sizeof(v6_src));
+		memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+			sizeof(v6_dst));
+	}
 
 	ctx = rte_cryptodev_get_sec_ctx(dev_id);
 
@@ -9555,6 +9567,58 @@  test_ipsec_proto_inner_l4_csum(const void *data __rte_unused)
 }
 
 static int
+test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.ipv6 = false;
+	flags.tunnel_ipv6 = false;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.ipv6 = true;
+	flags.tunnel_ipv6 = true;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.ipv6 = false;
+	flags.tunnel_ipv6 = true;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.ipv6 = true;
+	flags.tunnel_ipv6 = false;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
 test_PDCP_PROTO_all(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14431,6 +14495,15 @@  static struct unit_test_suite ipsec_proto_testsuite  = {
 			test_ipsec_proto_known_vec,
 			&pkt_aes_128_cbc_hmac_sha256),
 		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec,
+			&pkt_aes_128_cbc_hmac_sha256_v6),
+		TEST_CASE_NAMED_WITH_DATA(
 			"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
@@ -14451,6 +14524,15 @@  static struct unit_test_suite ipsec_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec_inb,
 			&pkt_aes_128_cbc_hmac_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb,
+			&pkt_aes_128_cbc_hmac_sha256_v6),
 		TEST_CASE_NAMED_ST(
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
@@ -14495,6 +14577,22 @@  static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Inner L4 checksum",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_inner_l4_csum),
+		TEST_CASE_NAMED_ST(
+			"Tunnel IPv4 in IPv4",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_tunnel_v4_in_v4),
+		TEST_CASE_NAMED_ST(
+			"Tunnel IPv6 in IPv6",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_tunnel_v6_in_v6),
+		TEST_CASE_NAMED_ST(
+			"Tunnel IPv4 in IPv6",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_tunnel_v4_in_v6),
+		TEST_CASE_NAMED_ST(
+			"Tunnel IPv6 in IPv4",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_tunnel_v6_in_v4),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 5f67dc0..12031d3 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -19,6 +19,40 @@  struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 				  (RTE_DIM(cipher_list) *
 				   RTE_DIM(auth_list))];
 
+static bool
+is_valid_ipv4_pkt(const struct rte_ipv4_hdr *pkt)
+{
+	/* The IP version number must be 4 */
+	if (((pkt->version_ihl) >> 4) != 4)
+		return false;
+	/*
+	 * The IP header length field must be large enough to hold the
+	 * minimum length legal IP datagram (20 bytes = 5 words).
+	 */
+	if ((pkt->version_ihl & 0xf) < 5)
+		return false;
+
+	/*
+	 * The IP total length field must be large enough to hold the IP
+	 * datagram header, whose length is specified in the IP header length
+	 * field.
+	 */
+	if (rte_cpu_to_be_16(pkt->total_length) < sizeof(struct rte_ipv4_hdr))
+		return false;
+
+	return true;
+}
+
+static bool
+is_valid_ipv6_pkt(const struct rte_ipv6_hdr *pkt)
+{
+	/* The IP version number must be 6 */
+	if ((rte_be_to_cpu_32((pkt->vtc_flow)) >> 28) != 6)
+		return false;
+
+	return true;
+}
+
 void
 test_ipsec_alg_list_populate(void)
 {
@@ -320,14 +354,22 @@  test_ipsec_td_prepare(const struct crypto_param *param1,
 
 		if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
 			/* Copy template for packet & key fields */
-			memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
+			if (flags->ipv6)
+				memcpy(td, &pkt_aes_256_gcm_v6, sizeof(*td));
+			else
+				memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
 
 			td->aead = true;
 			td->xform.aead.aead.algo = param1->alg.aead;
 			td->xform.aead.aead.key.length = param1->key_length;
 		} else {
 			/* Copy template for packet & key fields */
-			memcpy(td, &pkt_aes_128_cbc_hmac_sha256, sizeof(*td));
+			if (flags->ipv6)
+				memcpy(td, &pkt_aes_128_cbc_hmac_sha256_v6,
+					sizeof(*td));
+			else
+				memcpy(td, &pkt_aes_128_cbc_hmac_sha256,
+					sizeof(*td));
 
 			td->aead = false;
 			td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
@@ -358,6 +400,13 @@  test_ipsec_td_prepare(const struct crypto_param *param1,
 			test_ipsec_csum_init(&td->input_text.data, false, true);
 		}
 
+		if (flags->tunnel_ipv6)
+			td->ipsec_xform.tunnel.type =
+					RTE_SECURITY_IPSEC_TUNNEL_IPV6;
+		else
+			td->ipsec_xform.tunnel.type =
+					RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+
 	}
 }
 
@@ -686,6 +735,7 @@  test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 			struct ipsec_test_data *res_d, bool silent,
 			const struct ipsec_test_flags *flags)
 {
+	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
 	int ret;
 
 	if (flags->iv_gen &&
@@ -695,6 +745,26 @@  test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 			return ret;
 	}
 
+	if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+		const struct rte_ipv4_hdr *iph4;
+		const struct rte_ipv6_hdr *iph6;
+
+		if (td->ipsec_xform.tunnel.type ==
+				RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+			iph4 = (const struct rte_ipv4_hdr *)output_text;
+			if (is_valid_ipv4_pkt(iph4) == false) {
+				printf("Outer header is not IPv4\n");
+				return TEST_FAILED;
+			}
+		} else {
+			iph6 = (const struct rte_ipv6_hdr *)output_text;
+			if (is_valid_ipv6_pkt(iph6) == false) {
+				printf("Outer header is not IPv6\n");
+				return TEST_FAILED;
+			}
+		}
+	}
+
 	/*
 	 * In case of known vector tests & all inbound tests, res_d provided
 	 * would be NULL and output data need to be validated against expected.
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index b1f0ff8..69e81ae 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -61,6 +61,8 @@  struct ipsec_test_flags {
 	bool udp_ports_verify;
 	bool ip_csum;
 	bool l4_csum;
+	bool ipv6;
+	bool tunnel_ipv6;
 };
 
 struct crypto_param {
@@ -119,7 +121,9 @@  struct crypto_param_comb {
 };
 
 extern struct ipsec_test_data pkt_aes_256_gcm;
+extern struct ipsec_test_data pkt_aes_256_gcm_v6;
 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
+extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
 
 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 					 (RTE_DIM(cipher_list) *
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index 16c88fe..04ccbf0 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -434,6 +434,103 @@  struct ipsec_test_data pkt_aes_128_cbc_null = {
 	},
 };
 
+struct ipsec_test_data pkt_aes_256_gcm_v6 = {
+	.key = {
+		.data = {
+			0xde, 0x12, 0xbe, 0x56, 0xde, 0xad, 0xbe, 0xef,
+			0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
+			0x12, 0x78, 0xbe, 0x34, 0x01, 0x02, 0x03, 0x07,
+			0xaa, 0xbb, 0xcc, 0xf1, 0x08, 0x07, 0x06, 0x05,
+		},
+	},
+	.input_text = {
+		.data = {
+			0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38,
+			0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
+			0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad,
+			0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87,
+			0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c,
+			0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6,
+			0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a,
+			0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07,
+		},
+		.len = 72,
+	},
+	.output_text = {
+		.data = {
+			0x60, 0x00, 0x00, 0x00, 0x00, 0x6c, 0x32, 0x40,
+			0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34,
+			0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x56, 0x78,
+			0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34,
+			0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x34, 0x56,
+			0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+			0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00,
+			0xe7, 0xdf, 0xc4, 0x7e, 0x21, 0xbd, 0xec, 0x1b,
+			0x74, 0x5a, 0xe4, 0x7e, 0x2e, 0x94, 0x21, 0x0a,
+			0x9b, 0x0e, 0x59, 0xbe, 0x06, 0x2a, 0xda, 0xb8,
+			0x6b, 0x48, 0x7f, 0x0b, 0x88, 0x3a, 0xa9, 0xfd,
+			0x3c, 0xfe, 0x9f, 0xb1, 0x8c, 0x67, 0xd2, 0xf8,
+			0xaf, 0xb5, 0xad, 0x16, 0xdb, 0xff, 0x8d, 0x50,
+			0xd3, 0x48, 0xf5, 0x6c, 0x3c, 0x0c, 0x27, 0x34,
+			0x2b, 0x65, 0xc8, 0xff, 0xeb, 0x5f, 0xb8, 0xff,
+			0x12, 0x00, 0x1c, 0x9f, 0xb7, 0x85, 0xdd, 0x7d,
+			0x40, 0x19, 0xcb, 0x18, 0xeb, 0x15, 0xc4, 0x88,
+			0xe1, 0xc2, 0x91, 0xc7, 0xb1, 0x65, 0xc3, 0x27,
+			0x16, 0x06, 0x8f, 0xf2,
+		},
+		.len = 148,
+	},
+	.salt = {
+		.data = {
+			0x11, 0x22, 0x33, 0x44
+		},
+		.len = 4,
+	},
+
+	.iv = {
+		.data = {
+			0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 52,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+		.replay_win_sz = 0,
+	},
+
+	.aead = true,
+
+	.xform = {
+		.aead = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			.aead = {
+				.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.key.length = 32,
+				.iv.length = 12,
+				.iv.offset = IV_OFFSET,
+				.digest_length = 16,
+				.aad_length = 12,
+			},
+		},
+	},
+};
+
 struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
 	.key = {
 		.data = {
@@ -543,4 +640,109 @@  struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
 	},
 };
 
+struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6 = {
+	.key = {
+		.data = {
+			0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x0a, 0x0b, 0x0c, 0x0f, 0x00, 0x00,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+			0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+			0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+			0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38,
+			0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
+			0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad,
+			0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87,
+			0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c,
+			0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6,
+			0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a,
+			0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07,
+		},
+		.len = 72,
+	},
+	.output_text = {
+		.data = {
+			0x60, 0x00, 0x00, 0x00, 0x00, 0x78, 0x32, 0x40,
+			0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34,
+			0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x56, 0x78,
+			0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34,
+			0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x34, 0x56,
+			0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+			0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00,
+			0xf0, 0xc1, 0x05, 0x3c, 0x00, 0x00, 0x00, 0x00,
+			0x1b, 0x1c, 0x98, 0x6e, 0x2a, 0xce, 0x61, 0xef,
+			0xc1, 0xdd, 0x25, 0x96, 0x5c, 0xb1, 0xb0, 0x15,
+			0x47, 0x25, 0xb7, 0x8b, 0x00, 0xb6, 0xbb, 0xe6,
+			0x2e, 0x29, 0xcb, 0x4a, 0x94, 0x00, 0xf0, 0x73,
+			0xdb, 0x14, 0x32, 0xd9, 0xa2, 0xdf, 0x22, 0x2f,
+			0x52, 0x3e, 0x79, 0x77, 0xf3, 0x17, 0xaa, 0x40,
+			0x1c, 0x57, 0x27, 0x12, 0x82, 0x44, 0x35, 0xb8,
+			0x64, 0xe0, 0xaa, 0x5c, 0x10, 0xc7, 0x97, 0x35,
+			0x9c, 0x6b, 0x1c, 0xf7, 0xe7, 0xbd, 0x83, 0x33,
+			0x77, 0x48, 0x44, 0x7d, 0xa4, 0x13, 0x74, 0x3b,
+			0x6a, 0x91, 0xd0, 0xd8, 0x7d, 0x41, 0x45, 0x23,
+			0x5d, 0xc9, 0x2d, 0x08, 0x7a, 0xd8, 0x25, 0x8e,
+		},
+		.len = 160,
+	},
+	.iv = {
+		.data = {
+			0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00,
+			0xf0, 0xc1, 0x05, 0x3c, 0x00, 0x00, 0x00, 0x00,
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 52,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+
+	.xform = {
+		.chain.cipher = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			.cipher = {
+				.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+				.key.length = 16,
+				.iv.length = 16,
+			},
+		},
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+				.key.length = 32,
+				.digest_length = 16,
+			},
+		},
+	},
+};
+
 #endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */