addr_any = params.addr_any
addr_bcast = params.addr_bcast
e = VppEnum.vl_api_ipsec_spd_action_t
+ flags = params.flags
+ salt = params.salt
objs = []
params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
self.tun_if.local_addr[addr_type],
- self.tun_if.remote_addr[addr_type])
+ self.tun_if.remote_addr[addr_type],
+ flags=flags,
+ salt=salt)
params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
self.tun_if.remote_addr[addr_type],
- self.tun_if.local_addr[addr_type])
+ self.tun_if.local_addr[addr_type],
+ flags=flags,
+ salt=salt)
objs.append(params.tun_sa_in)
objs.append(params.tun_sa_out)
IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
e = VppEnum.vl_api_ipsec_spd_action_t
flags = params.flags | flags
+ salt = params.salt
objs = []
params.tra_sa_in = VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
- flags=flags)
+ flags=flags,
+ salt=salt)
params.tra_sa_out = VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
- flags=flags)
+ flags=flags,
+ salt=salt)
objs.append(params.tra_sa_in)
objs.append(params.tra_sa_out)
self.tun_if).add_vpp_config()
self.config_esp_tun(p)
- self.logger.info(self.vapi.ppcli("show ipsec"))
+ self.logger.info(self.vapi.ppcli("show ipsec all"))
d = DpoProto.DPO_PROTO_IP4
VppIpRoute(self, p.remote_tun_if_host, p.addr_len,
def tearDown(self):
super(TemplateIpsecEspUdp, self).tearDown()
- if not self.vpp_dead:
- self.vapi.cli("show hardware")
+
+ def show_commands_at_teardown(self):
+ self.logger.info(self.vapi.cli("show hardware"))
-class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests, IpsecTun4Tests):
+class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests):
""" Ipsec NAT-T ESP UDP tests """
pass
super(TestIpsecEspAll, self).tearDown()
def test_crypto_algs(self):
- """All engines AES-CBC-[128, 192, 256] w/o ESN"""
+ """All engines AES-[CBC, GCM]-[128, 192, 256] w/ & w/o ESN"""
# foreach VPP crypto engine
- engines = ["ia32", "openssl"]
+ engines = ["ia32", "ipsecmb", "openssl"]
# foreach crypto algorithm
- algos = [{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t.
- IPSEC_API_CRYPTO_ALG_AES_CBC_128,
- 'scapy': "AES-CBC",
+ algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_GCM_128),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_NONE),
+ 'scapy-crypto': "AES-GCM",
+ 'scapy-integ': "NULL",
+ 'key': "JPjyOWBeVEQiMe7h",
+ 'salt': 0},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_GCM_192),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_NONE),
+ 'scapy-crypto': "AES-GCM",
+ 'scapy-integ': "NULL",
+ 'key': "JPjyOWBeVEQiMe7h01234567",
+ 'salt': 1010},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_GCM_256),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_NONE),
+ 'scapy-crypto': "AES-GCM",
+ 'scapy-integ': "NULL",
+ 'key': "JPjyOWBeVEQiMe7h0123456787654321",
+ 'salt': 2020},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_128),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "AES-CBC",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7h"},
- {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t.
- IPSEC_API_CRYPTO_ALG_AES_CBC_192,
- 'scapy': "AES-CBC",
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_192),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "AES-CBC",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7hJPjyOWBe"},
- {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t.
- IPSEC_API_CRYPTO_ALG_AES_CBC_256,
- 'scapy': "AES-CBC",
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_256),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "AES-CBC",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
- # bug found in VPP needs fixing with flag
- # (VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN)
- flags = [0]
+ # with and without ESN
+ flags = [0,
+ VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN]
#
# loop through the VPP engines
#
for engine in engines:
- self.vapi.cli("set crypto engine all %s" % engine)
-
+ self.vapi.cli("set crypto handler all %s" % engine)
#
# loop through each of the algorithms
#
self.ipv6_params}
for _, p in self.params.items():
- p.crypt_algo_vpp_id = algo['vpp']
- p.crypt_algo = algo['scapy']
+ p.auth_algo_vpp_id = algo['vpp-integ']
+ p.crypt_algo_vpp_id = algo['vpp-crypto']
+ p.crypt_algo = algo['scapy-crypto']
+ p.auth_algo = algo['scapy-integ']
p.crypt_key = algo['key']
+ p.salt = algo['salt']
p.flags = p.flags | flag
#