X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=resources%2Flibraries%2Fpython%2FIPsecUtil.py;h=70d44e093696c40941c58e33e6d276f15797d399;hb=176eda8bf7775a2c761a6544ab932c2bc59dfa57;hp=fc3f8874aecbd8d15d7c0cc21f176a269bade889;hpb=3e75fd82a125894db2c56eaa6c3f4798e7dea076;p=csit.git diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py index fc3f8874ae..70d44e0936 100644 --- a/resources/libraries/python/IPsecUtil.py +++ b/resources/libraries/python/IPsecUtil.py @@ -36,7 +36,7 @@ class PolicyAction(Enum): class CryptoAlg(Enum): """Encryption algorithms.""" AES_CBC_128 = ('aes-cbc-128', 'AES-CBC', 16) - AES_CBC_192 = ('aes-cbc-128', 'AES-CBC', 24) + AES_CBC_192 = ('aes-cbc-192', 'AES-CBC', 24) AES_CBC_256 = ('aes-cbc-256', 'AES-CBC', 32) def __init__(self, alg_name, scapy_name, key_len): @@ -227,10 +227,9 @@ class IPsecUtil(object): """ ckey = crypto_key.encode('hex') ikey = integ_key.encode('hex') - tunnel = '' - if tunnel_src is not None and tunnel_dst is not None: - tunnel = 'tunnel_src {0} tunnel_dst {1}'.format(tunnel_src, - tunnel_dst) + tunnel = 'tunnel_src {0} tunnel_dst {1}'.format(tunnel_src, tunnel_dst)\ + if tunnel_src is not None and tunnel_dst is not None else '' + out = VatExecutor.cmd_from_template(node, "ipsec/ipsec_sad_add_entry.vat", sad_id=sad_id, spi=spi, @@ -241,6 +240,30 @@ class IPsecUtil(object): out[0], err_msg='Add SAD entry failed on {0}'.format(node['host'])) + @staticmethod + def vpp_ipsec_sa_set_key(node, sa_id, crypto_key, integ_key): + """Update Security Association (SA) keys. + + :param node: VPP node to update SA keys. + :param sa_id: SAD entry ID. + :param crypto_key: The encryption key string. + :param integ_key: The integrity key string. + :type node: dict + :type sa_id: int + :type crypto_key: str + :type integ_key: str + """ + ckey = crypto_key.encode('hex') + ikey = integ_key.encode('hex') + + out = VatExecutor.cmd_from_template(node, + "ipsec/ipsec_sa_set_key.vat", + sa_id=sa_id, + ckey=ckey, ikey=ikey) + VatJsonUtil.verify_vat_retval( + out[0], + err_msg='Update SA key failed on {0}'.format(node['host'])) + @staticmethod def vpp_ipsec_add_spd(node, spd_id): """Create Security Policy Database on the VPP node. @@ -258,7 +281,7 @@ class IPsecUtil(object): @staticmethod def vpp_ipsec_spd_add_if(node, spd_id, interface): - """Add interface to the SPD. + """Add interface to the Security Policy Database. :param node: VPP node. :param spd_id: SPD ID to add interface on. @@ -267,10 +290,9 @@ class IPsecUtil(object): :type spd_id: int :type interface: str or int """ - if isinstance(interface, basestring): - sw_if_index = Topology.get_interface_sw_index(node, interface) - else: - sw_if_index = interface + sw_if_index = Topology.get_interface_sw_index(node, interface)\ + if isinstance(interface, basestring) else interface + out = VatExecutor.cmd_from_template(node, "ipsec/ipsec_interface_add_spd.vat", spd_id=spd_id, sw_if_id=sw_if_index) @@ -299,9 +321,9 @@ class IPsecUtil(object): format IP/prefix or IP/mask. If no mask is provided, it's considered to be /32. :param proto: Policy selector next layer protocol number. - :param lport_range: Policy selector local TCP/UDP port range in foramt + :param lport_range: Policy selector local TCP/UDP port range in format -. - :param rport_range: Policy selector remote TCP/UDP port range in foramt + :param rport_range: Policy selector remote TCP/UDP port range in format -. :type node: dict :type spd_id: int @@ -315,9 +337,7 @@ class IPsecUtil(object): :type lport_range: string :type rport_range: string """ - direction = 'outbound' - if inbound: - direction = 'inbound' + direction = 'inbound' if inbound else 'outbound' act_str = action.value if PolicyAction.PROTECT == action and sa_id is not None: