X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ipsec_esp.py;h=178b1d248bf694f53cbe508605b99392d237cd0f;hb=751bb131e;hp=e5db0a627a53ef90b0123eb868984332b940873f;hpb=90cf21b5d8fd2d3e531e841dcd752311df5f8a50;p=vpp.git diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index e5db0a627a5..178b1d248bf 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -1,19 +1,28 @@ import socket import unittest from scapy.layers.ipsec import ESP -from scapy.layers.inet import UDP +from scapy.layers.inet import IP, ICMP, UDP +from scapy.layers.inet6 import IPv6 +from scapy.layers.l2 import Ether +from scapy.packet import Raw +from parameterized import parameterized from framework import VppTestRunner from template_ipsec import IpsecTra46Tests, IpsecTun46Tests, TemplateIpsec, \ IpsecTcpTests, IpsecTun4Tests, IpsecTra4Tests, config_tra_params, \ - IPsecIPv4Params, IPsecIPv6Params, \ - IpsecTra4, IpsecTun4, IpsecTra6, IpsecTun6 + config_tun_params, IPsecIPv4Params, IPsecIPv6Params, \ + IpsecTra4, IpsecTun4, IpsecTra6, IpsecTun6, \ + IpsecTun6HandoffTests, IpsecTun4HandoffTests, \ + IpsecTra6ExtTests from vpp_ipsec import VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSA,\ VppIpsecSpdItfBinding from vpp_ip_route import VppIpRoute, VppRoutePath from vpp_ip import DpoProto from vpp_papi import VppEnum +NUM_PKTS = 67 +engines_supporting_chain_bufs = ["openssl"] + class ConfigIpsecESP(TemplateIpsec): encryption_type = ESP @@ -68,14 +77,14 @@ class ConfigIpsecESP(TemplateIpsec): config_tra_params(p, self.encryption_type) for p in params: self.config_esp_tun(p) + config_tun_params(p, self.encryption_type, self.tun_if) for p in params: d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4 r = VppIpRoute(self, p.remote_tun_if_host, p.addr_len, [VppRoutePath(self.tun_if.remote_addr[p.addr_type], 0xffffffff, - proto=d)], - is_ip6=p.is_ipv6) + proto=d)]) r.add_vpp_config() self.net_objs.append(r) @@ -100,6 +109,9 @@ class ConfigIpsecESP(TemplateIpsec): addr_any = params.addr_any addr_bcast = params.addr_bcast e = VppEnum.vl_api_ipsec_spd_action_t + flags = params.flags + tun_flags = params.tun_flags + salt = params.salt objs = [] params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, @@ -107,13 +119,21 @@ class ConfigIpsecESP(TemplateIpsec): crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.local_addr[addr_type], - self.tun_if.remote_addr[addr_type]) + self.tun_if.remote_addr[addr_type], + tun_flags=tun_flags, + dscp=params.dscp, + flags=flags, + salt=salt) params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.remote_addr[addr_type], - self.tun_if.local_addr[addr_type]) + self.tun_if.local_addr[addr_type], + tun_flags=tun_flags, + dscp=params.dscp, + flags=flags, + salt=salt) objs.append(params.tun_sa_in) objs.append(params.tun_sa_out) @@ -181,18 +201,21 @@ class ConfigIpsecESP(TemplateIpsec): IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY) e = VppEnum.vl_api_ipsec_spd_action_t flags = params.flags | flags + salt = params.salt objs = [] params.tra_sa_in = VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - flags=flags) + flags=flags, + salt=salt) params.tra_sa_out = VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - flags=flags) + flags=flags, + salt=salt) objs.append(params.tra_sa_in) objs.append(params.tra_sa_out) @@ -273,9 +296,169 @@ class TemplateIpsecEsp(ConfigIpsecESP): super(TemplateIpsecEsp, self).tearDown() -class TestIpsecEsp1(TemplateIpsecEsp, IpsecTra46Tests, IpsecTun46Tests): +class TestIpsecEsp1(TemplateIpsecEsp, IpsecTra46Tests, + IpsecTun46Tests, IpsecTra6ExtTests): """ Ipsec ESP - TUN & TRA tests """ - pass + + @classmethod + def setUpClass(cls): + super(TestIpsecEsp1, cls).setUpClass() + + @classmethod + def tearDownClass(cls): + super(TestIpsecEsp1, cls).tearDownClass() + + def setUp(self): + super(TestIpsecEsp1, self).setUp() + + def tearDown(self): + super(TestIpsecEsp1, self).tearDown() + + def test_tun_46(self): + """ ipsec 4o6 tunnel """ + # add an SPD entry to direct 2.2.2.2 to the v6 tunnel SA + p6 = self.ipv6_params + p4 = self.ipv4_params + + p6.remote_tun_if_host4 = "2.2.2.2" + e = VppEnum.vl_api_ipsec_spd_action_t + + VppIpsecSpdEntry(self, + self.tun_spd, + p6.scapy_tun_sa_id, + self.pg1.remote_addr[p4.addr_type], + self.pg1.remote_addr[p4.addr_type], + p6.remote_tun_if_host4, + p6.remote_tun_if_host4, + 0, + priority=10, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, + is_outbound=1).add_vpp_config() + VppIpRoute(self, p6.remote_tun_if_host4, p4.addr_len, + [VppRoutePath(self.tun_if.remote_addr[p4.addr_type], + 0xffffffff)]).add_vpp_config() + + old_name = self.tun6_encrypt_node_name + self.tun6_encrypt_node_name = "esp4-encrypt" + + self.verify_tun_46(p6, count=63) + self.tun6_encrypt_node_name = old_name + + def test_tun_64(self): + """ ipsec 6o4 tunnel """ + # add an SPD entry to direct 4444::4 to the v4 tunnel SA + p6 = self.ipv6_params + p4 = self.ipv4_params + + p4.remote_tun_if_host6 = "4444::4" + e = VppEnum.vl_api_ipsec_spd_action_t + + VppIpsecSpdEntry(self, + self.tun_spd, + p4.scapy_tun_sa_id, + self.pg1.remote_addr[p6.addr_type], + self.pg1.remote_addr[p6.addr_type], + p4.remote_tun_if_host6, + p4.remote_tun_if_host6, + 0, + priority=10, + policy=e.IPSEC_API_SPD_ACTION_PROTECT, + is_outbound=1).add_vpp_config() + d = DpoProto.DPO_PROTO_IP6 + VppIpRoute(self, p4.remote_tun_if_host6, p6.addr_len, + [VppRoutePath(self.tun_if.remote_addr[p6.addr_type], + 0xffffffff, + proto=d)]).add_vpp_config() + + old_name = self.tun4_encrypt_node_name + self.tun4_encrypt_node_name = "esp6-encrypt" + self.verify_tun_64(p4, count=63) + self.tun4_encrypt_node_name = old_name + + +class TestIpsecEspTun(TemplateIpsecEsp, IpsecTun46Tests): + """ Ipsec ESP - TUN encap tests """ + + def setUp(self): + self.ipv4_params = IPsecIPv4Params() + self.ipv6_params = IPsecIPv6Params() + + c = (VppEnum.vl_api_tunnel_encap_decap_flags_t. + TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP) + c1 = c | (VppEnum.vl_api_tunnel_encap_decap_flags_t. + TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN) + + self.ipv4_params.tun_flags = c + self.ipv6_params.tun_flags = c1 + + super(TestIpsecEspTun, self).setUp() + + def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54): + # set the DSCP + ECN - flags are set to copy only DSCP + return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / + IP(src=src, dst=dst, tos=5) / + UDP(sport=4444, dport=4444) / + Raw(b'X' * payload_size) + for i in range(count)] + + def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54): + # set the DSCP + ECN - flags are set to copy both + return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / + IPv6(src=src, dst=dst, tc=5) / + UDP(sport=4444, dport=4444) / + Raw(b'X' * payload_size) + for i in range(count)] + + def verify_encrypted(self, p, sa, rxs): + # just check that only the DSCP is copied + for rx in rxs: + self.assertEqual(rx[IP].tos, 4) + + def verify_encrypted6(self, p, sa, rxs): + # just check that the DSCP & ECN are copied + for rx in rxs: + self.assertEqual(rx[IPv6].tc, 5) + + +class TestIpsecEspTun2(TemplateIpsecEsp, IpsecTun46Tests): + """ Ipsec ESP - TUN DSCP tests """ + + def setUp(self): + self.ipv4_params = IPsecIPv4Params() + self.ipv6_params = IPsecIPv6Params() + + self.ipv4_params.dscp = VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF + self.ipv6_params.dscp = VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_AF11 + + super(TestIpsecEspTun2, self).setUp() + + def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54): + # set the DSCP + ECN - flags are set to copy only DSCP + return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / + IP(src=src, dst=dst) / + UDP(sport=4444, dport=4444) / + Raw(b'X' * payload_size) + for i in range(count)] + + def gen_pkts6(self, sw_intf, src, dst, count=1, payload_size=54): + # set the DSCP + ECN - flags are set to copy both + return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / + IPv6(src=src, dst=dst) / + UDP(sport=4444, dport=4444) / + Raw(b'X' * payload_size) + for i in range(count)] + + def verify_encrypted(self, p, sa, rxs): + # just check that only the DSCP is copied + for rx in rxs: + self.assertEqual(rx[IP].tos, + VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF << 2) + + def verify_encrypted6(self, p, sa, rxs): + # just check that the DSCP & ECN are copied + for rx in rxs: + self.assertEqual(rx[IPv6].tc, + VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_AF11 << 2) class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests): @@ -283,6 +466,13 @@ class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests): pass +class TestIpsecEspHandoff(TemplateIpsecEsp, + IpsecTun6HandoffTests, + IpsecTun4HandoffTests): + """ Ipsec ESP - handoff tests """ + pass + + class TemplateIpsecEspUdp(ConfigIpsecESP): """ UDP encapped ESP @@ -337,94 +527,580 @@ class TemplateIpsecEspUdp(ConfigIpsecESP): self.logger.info(self.vapi.cli("show hardware")) -class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests, IpsecTun4Tests): +class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests): """ Ipsec NAT-T ESP UDP tests """ pass -class TestIpsecEspAll(ConfigIpsecESP, - IpsecTra4, IpsecTra6, - IpsecTun4, IpsecTun6): +class MyParameters(): + def __init__(self): + self.engines = ["ia32", "ipsecmb", "openssl"] + flag_esn = VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN + self.flags = [0, flag_esn] + # foreach crypto algorithm + self.algos = { + 'AES-GCM-128/NONE': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_128), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': b"JPjyOWBeVEQiMe7h", + 'salt': 0}, + 'AES-GCM-192/NONE': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_192), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': b"JPjyOWBeVEQiMe7h01234567", + 'salt': 1010}, + 'AES-GCM-256/NONE': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_256), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': b"JPjyOWBeVEQiMe7h0123456787654321", + 'salt': 2020}, + 'AES-CBC-128/MD5-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_128), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_MD5_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-MD5-96", + 'salt': 0, + 'key': b"JPjyOWBeVEQiMe7h"}, + 'AES-CBC-192/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_192), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, + 'key': b"JPjyOWBeVEQiMe7hJPjyOWBe"}, + 'AES-CBC-256/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_256), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, + 'key': b"JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}, + '3DES-CBC/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_3DES_CBC), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "3DES", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, + 'key': b"JPjyOWBeVEQiMe7h00112233"}, + 'NONE/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_NONE), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "NULL", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, + 'key': b"JPjyOWBeVEQiMe7h00112233"}, + 'AES-CTR-128/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CTR_128), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CTR", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, + 'key': b"JPjyOWBeVEQiMe7h"}, + 'AES-CTR-192/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CTR_192), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CTR", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 1010, + 'key': b"JPjyOWBeVEQiMe7hJPjyOWBe"}, + 'AES-CTR-256/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CTR_256), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CTR", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 2020, + 'key': b"JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}} + + +class RunTestIpsecEspAll(ConfigIpsecESP, + IpsecTra4, IpsecTra6, + IpsecTun4, IpsecTun6): """ Ipsec ESP all Algos """ def setUp(self): - super(TestIpsecEspAll, self).setUp() + super(RunTestIpsecEspAll, self).setUp() + test_args = str.split(self.__doc__, " ") + + params = MyParameters() + self.engine = test_args[0] + self.flag = params.flags[0] + if test_args[1] == 'ESN': + self.flag = params.flags[1] + + self.algo = params.algos[test_args[2]] def tearDown(self): - super(TestIpsecEspAll, self).tearDown() + super(RunTestIpsecEspAll, self).tearDown() - def test_crypto_algs(self): - """All engines AES-CBC-[128, 192, 256] w/o ESN""" + def run_test(self): + self.run_a_test(self.engine, self.flag, self.algo) - # foreach VPP crypto engine - engines = ["ia32", "ipsecmb", "openssl"] + def run_a_test(self, engine, flag, algo, payload_size=None): + if engine == "ia32": + engine = "native" + self.vapi.cli("set crypto handler all %s" % engine) - # foreach crypto algorithm - algos = [{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_128, - 'scapy': "AES-CBC", - 'key': "JPjyOWBeVEQiMe7h"}, - {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_192, - 'scapy': "AES-CBC", - 'key': "JPjyOWBeVEQiMe7hJPjyOWBe"}, - {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_256, - 'scapy': "AES-CBC", - 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}] - - # bug found in VPP needs fixing with flag - # (VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN) - flags = [0] + self.ipv4_params = IPsecIPv4Params() + self.ipv6_params = IPsecIPv6Params() + + self.params = {self.ipv4_params.addr_type: + self.ipv4_params, + self.ipv6_params.addr_type: + self.ipv6_params} + + for _, p in self.params.items(): + p.auth_algo_vpp_id = algo['vpp-integ'] + p.crypt_algo_vpp_id = algo['vpp-crypto'] + p.crypt_algo = algo['scapy-crypto'] + p.auth_algo = algo['scapy-integ'] + p.crypt_key = algo['key'] + p.salt = algo['salt'] + p.flags = p.flags | flag + + self.reporter.send_keep_alive(self) + + # + # configure the SPDs. SAs, etc + # + self.config_network(self.params.values()) + + # + # run some traffic. + # An exhautsive 4o6, 6o4 is not necessary + # for each algo + # + self.verify_tra_basic6(count=NUM_PKTS) + self.verify_tra_basic4(count=NUM_PKTS) + self.verify_tun_66(self.params[socket.AF_INET6], + count=NUM_PKTS) + # + # Use an odd-byte payload size to check for correct padding. + # + # 49 + 2 == 51 which should pad +1 to 52 for 4 byte alignment, +5 + # to 56 for 8 byte alignment, and +13 to 64 for 64 byte alignment. + # This should catch bugs where the code is incorrectly over-padding + # for algorithms that don't require it + psz = 49 - len(IP()/ICMP()) if payload_size is None else payload_size + self.verify_tun_44(self.params[socket.AF_INET], + count=NUM_PKTS, payload_size=psz) + + LARGE_PKT_SZ = [ + 1970, # results in 2 chained buffers entering decrypt node + # but leaving as simple buffer due to ICV removal (tra4) + 2004, # footer+ICV will be added to 2nd buffer (tun4) + 4010, # ICV ends up splitted accross 2 buffers in esp_decrypt + # for transport4; transport6 takes normal path + 4020, # same as above but tra4 and tra6 are switched + ] + if self.engine in engines_supporting_chain_bufs: + for sz in LARGE_PKT_SZ: + self.verify_tra_basic4(count=NUM_PKTS, payload_size=sz) + self.verify_tra_basic6(count=NUM_PKTS, payload_size=sz) + self.verify_tun_66(self.params[socket.AF_INET6], + count=NUM_PKTS, payload_size=sz) + self.verify_tun_44(self.params[socket.AF_INET], + count=NUM_PKTS, payload_size=sz) # - # loop through the VPP engines + # remove the SPDs, SAs, etc # - for engine in engines: - self.vapi.cli("set crypto engine all %s" % engine) - - # - # loop through each of the algorithms - # - for algo in algos: - # with self.subTest(algo=algo['scapy']): - for flag in flags: - # - # setup up the config paramters - # - self.ipv4_params = IPsecIPv4Params() - self.ipv6_params = IPsecIPv6Params() - - self.params = {self.ipv4_params.addr_type: - self.ipv4_params, - self.ipv6_params.addr_type: - self.ipv6_params} - - for _, p in self.params.items(): - p.crypt_algo_vpp_id = algo['vpp'] - p.crypt_algo = algo['scapy'] - p.crypt_key = algo['key'] - p.flags = p.flags | flag - - # - # configure the SPDs. SAs, etc - # - self.config_network(self.params.values()) - - # - # run some traffic. - # An exhautsive 4o6, 6o4 is not necessary - # for each algo - # - self.verify_tra_basic6(count=17) - self.verify_tra_basic4(count=17) - self.verify_tun_66(self.params[socket.AF_INET6], 17) - self.verify_tun_44(self.params[socket.AF_INET], 17) - - # - # remove the SPDs, SAs, etc - # - self.unconfig_network() + self.unconfig_network() + + # + # reconfigure the network and SA to run the + # anti replay tests + # + self.config_network(self.params.values()) + self.verify_tra_anti_replay() + self.unconfig_network() + +# +# To generate test classes, do: +# grep '# GEN' test_ipsec_esp.py | sed -e 's/# GEN //g' | bash +# +# GEN for ENG in ia32 ipsecmb openssl; do \ +# GEN for FLG in noESN ESN; do for ALG in AES-GCM-128/NONE \ +# GEN AES-GCM-192/NONE AES-GCM-256/NONE AES-CBC-128/MD5-96 \ +# GEN AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96 \ +# GEN 3DES-CBC/SHA1-96 NONE/SHA1-96 \ +# GEN AES-CTR-128/SHA1-96 AES-CTR-192/SHA1-96 AES-CTR-256/SHA1-96; do \ +# GEN [[ ${FLG} == "ESN" && ${ALG} == *"NONE" ]] && continue +# GEN echo -e "\n\nclass Test_${ENG}_${FLG}_${ALG}(RunTestIpsecEspAll):" | +# GEN sed -e 's/-/_/g' -e 's#/#_#g' ; \ +# GEN echo ' """'$ENG $FLG $ALG IPSec test'"""' ; +# GEN echo " def test_ipsec(self):"; +# GEN echo " self.run_test()"; +# GEN done; done; done + + +class Test_ia32_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll): + """ia32 noESN AES-GCM-128/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll): + """ia32 noESN AES-GCM-192/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll): + """ia32 noESN AES-GCM-256/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """ia32 noESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_NONE_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN AES-CTR-128/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN AES-CTR-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN AES-CTR-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """ia32 ESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_NONE_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN AES-CTR-128/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN AES-CTR-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN AES-CTR-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll): + """ipsecmb noESN AES-GCM-128/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll): + """ipsecmb noESN AES-GCM-192/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll): + """ipsecmb noESN AES-GCM-256/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """ipsecmb noESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_NONE_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN AES-CTR-128/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN AES-CTR-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN AES-CTR-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """ipsecmb ESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_NONE_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN AES-CTR-128/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN AES-CTR-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN AES-CTR-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll): + """openssl noESN AES-GCM-128/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll): + """openssl noESN AES-GCM-192/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll): + """openssl noESN AES-GCM-256/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """openssl noESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """openssl noESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """openssl noESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """openssl noESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_NONE_SHA1_96(RunTestIpsecEspAll): + """openssl noESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll): + """openssl noESN AES-CTR-128/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll): + """openssl noESN AES-CTR-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): + """openssl noESN AES-CTR-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """openssl ESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """openssl ESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """openssl ESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """openssl ESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_NONE_SHA1_96(RunTestIpsecEspAll): + """openssl ESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll): + """openssl ESN AES-CTR-128/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll): + """openssl ESN AES-CTR-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): + """openssl ESN AES-CTR-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() if __name__ == '__main__':