X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ipsec_esp.py;h=26f83f16b92385913f029afead264b1afc210a46;hb=ecd1fc7dfa6a36d1774f71093380b3548a22346b;hp=eb21c58ae912c978a3855f19264efd51633fe8d7;hpb=80f6fd53feaa10b4a798582100724075897c0944;p=vpp.git diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index eb21c58ae91..26f83f16b92 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -3,6 +3,7 @@ import unittest from scapy.layers.ipsec import ESP from scapy.layers.inet import UDP +from parameterized import parameterized from framework import VppTestRunner from template_ipsec import IpsecTra46Tests, IpsecTun46Tests, TemplateIpsec, \ IpsecTcpTests, IpsecTun4Tests, IpsecTra4Tests, config_tra_params, \ @@ -14,6 +15,8 @@ from vpp_ip_route import VppIpRoute, VppRoutePath from vpp_ip import DpoProto from vpp_papi import VppEnum +NUM_PKTS = 67 + class ConfigIpsecESP(TemplateIpsec): encryption_type = ESP @@ -74,8 +77,7 @@ class ConfigIpsecESP(TemplateIpsec): r = VppIpRoute(self, p.remote_tun_if_host, p.addr_len, [VppRoutePath(self.tun_if.remote_addr[p.addr_type], 0xffffffff, - proto=d)], - is_ip6=p.is_ipv6) + proto=d)]) r.add_vpp_config() self.net_objs.append(r) @@ -362,11 +364,9 @@ class TestIpsecEspAll(ConfigIpsecESP, def tearDown(self): super(TestIpsecEspAll, self).tearDown() - def test_crypto_algs(self): - """All engines AES-[CBC, GCM]-[128, 192, 256] w/ & w/o ESN""" - - # foreach VPP crypto engine - engines = ["ia32", "ipsecmb", "openssl"] + @parameterized.expand(["ia32", "ipsecmb", "openssl"]) + def test_crypto_algs(self, engine): + """AES-[CBC, GCM]-[128, 192, 256] 3DES-CBC SHA1 MD5 w/ & w/o ESN""" # foreach crypto algorithm algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. @@ -396,9 +396,9 @@ class TestIpsecEspAll(ConfigIpsecESP, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_128), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. - IPSEC_API_INTEG_ALG_SHA1_96), + IPSEC_API_INTEG_ALG_MD5_96), 'scapy-crypto': "AES-CBC", - 'scapy-integ': "HMAC-SHA1-96", + 'scapy-integ': "HMAC-MD5-96", 'salt': 0, 'key': "JPjyOWBeVEQiMe7h"}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. @@ -416,62 +416,78 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-crypto': "AES-CBC", 'scapy-integ': "HMAC-SHA1-96", 'salt': 0, - 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}] + 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_3DES_CBC), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "3DES", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, + 'key': "JPjyOWBeVEQiMe7h00112233"}] # with and without ESN flags = [0, VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN] + self.vapi.cli("set crypto handler all %s" % engine) # - # loop through the VPP engines + # loop through each of the algorithms # - for engine in engines: - self.vapi.cli("set crypto handler all %s" % engine) - # - # loop through each of the algorithms - # - for algo in algos: - # with self.subTest(algo=algo['scapy']): - for flag in flags: - # - # setup up the config paramters - # - self.ipv4_params = IPsecIPv4Params() - self.ipv6_params = IPsecIPv6Params() - - self.params = {self.ipv4_params.addr_type: - self.ipv4_params, - self.ipv6_params.addr_type: - self.ipv6_params} - - for _, p in self.params.items(): - p.auth_algo_vpp_id = algo['vpp-integ'] - p.crypt_algo_vpp_id = algo['vpp-crypto'] - p.crypt_algo = algo['scapy-crypto'] - p.auth_algo = algo['scapy-integ'] - p.crypt_key = algo['key'] - p.salt = algo['salt'] - p.flags = p.flags | flag - - # - # configure the SPDs. SAs, etc - # - self.config_network(self.params.values()) - - # - # run some traffic. - # An exhautsive 4o6, 6o4 is not necessary - # for each algo - # - self.verify_tra_basic6(count=17) - self.verify_tra_basic4(count=17) - self.verify_tun_66(self.params[socket.AF_INET6], 17) - self.verify_tun_44(self.params[socket.AF_INET], 17) - - # - # remove the SPDs, SAs, etc - # - self.unconfig_network() + for algo in algos: + # with self.subTest(algo=algo['scapy']): + for flag in flags: + # + # setup up the config paramters + # + self.ipv4_params = IPsecIPv4Params() + self.ipv6_params = IPsecIPv6Params() + + self.params = {self.ipv4_params.addr_type: + self.ipv4_params, + self.ipv6_params.addr_type: + self.ipv6_params} + + for _, p in self.params.items(): + p.auth_algo_vpp_id = algo['vpp-integ'] + p.crypt_algo_vpp_id = algo['vpp-crypto'] + p.crypt_algo = algo['scapy-crypto'] + p.auth_algo = algo['scapy-integ'] + p.crypt_key = algo['key'] + p.salt = algo['salt'] + p.flags = p.flags | flag + + self.reporter.send_keep_alive(self) + + # + # configure the SPDs. SAs, etc + # + self.config_network(self.params.values()) + + # + # run some traffic. + # An exhautsive 4o6, 6o4 is not necessary + # for each algo + # + self.verify_tra_basic6(count=NUM_PKTS) + self.verify_tra_basic4(count=NUM_PKTS) + self.verify_tun_66(self.params[socket.AF_INET6], + count=NUM_PKTS) + self.verify_tun_44(self.params[socket.AF_INET], + count=NUM_PKTS) + + # + # remove the SPDs, SAs, etc + # + self.unconfig_network() + + # + # reconfigure the network and SA to run the + # anti replay tests + # + self.config_network(self.params.values()) + self.verify_tra_anti_replay() + self.unconfig_network() if __name__ == '__main__':