X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ipsec_esp.py;h=8d9b3ecb9e2c90c2c2306de13570ad6f3c423c60;hb=refs%2Fchanges%2F34%2F18834%2F8;hp=e5db0a627a53ef90b0123eb868984332b940873f;hpb=90cf21b5d8fd2d3e531e841dcd752311df5f8a50;p=vpp.git diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index e5db0a627a5..8d9b3ecb9e2 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -1,5 +1,6 @@ import socket import unittest +import struct from scapy.layers.ipsec import ESP from scapy.layers.inet import UDP @@ -100,6 +101,7 @@ class ConfigIpsecESP(TemplateIpsec): addr_any = params.addr_any addr_bcast = params.addr_bcast e = VppEnum.vl_api_ipsec_spd_action_t + flags = params.flags objs = [] params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, @@ -107,13 +109,15 @@ class ConfigIpsecESP(TemplateIpsec): crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.local_addr[addr_type], - self.tun_if.remote_addr[addr_type]) + self.tun_if.remote_addr[addr_type], + flags=flags) params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.remote_addr[addr_type], - self.tun_if.local_addr[addr_type]) + self.tun_if.local_addr[addr_type], + flags=flags) objs.append(params.tun_sa_in) objs.append(params.tun_sa_out) @@ -337,7 +341,7 @@ class TemplateIpsecEspUdp(ConfigIpsecESP): self.logger.info(self.vapi.cli("show hardware")) -class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests, IpsecTun4Tests): +class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests): """ Ipsec NAT-T ESP UDP tests """ pass @@ -354,34 +358,62 @@ class TestIpsecEspAll(ConfigIpsecESP, super(TestIpsecEspAll, self).tearDown() def test_crypto_algs(self): - """All engines AES-CBC-[128, 192, 256] w/o ESN""" + """All engines AES-[CBC, GCM]-[128, 192, 256] w/ & w/o ESN""" # foreach VPP crypto engine engines = ["ia32", "ipsecmb", "openssl"] # foreach crypto algorithm - algos = [{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_128, - 'scapy': "AES-CBC", + algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_128), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': "JPjyOWBeVEQiMe7h", + 'salt': struct.pack("!L", 0)}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_256), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': "JPjyOWBeVEQiMe7h0123456787654321", + 'salt': struct.pack("!L", 0)}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_128), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': '', 'key': "JPjyOWBeVEQiMe7h"}, - {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_192, - 'scapy': "AES-CBC", + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_192), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': '', 'key': "JPjyOWBeVEQiMe7hJPjyOWBe"}, - {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_256, - 'scapy': "AES-CBC", + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_256), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': '', 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}] - # bug found in VPP needs fixing with flag - # (VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN) - flags = [0] + # with and without ESN + flags = [0, + VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN] # # loop through the VPP engines # for engine in engines: - self.vapi.cli("set crypto engine all %s" % engine) + self.vapi.cli("set crypto handler all %s" % engine) # # loop through each of the algorithms @@ -401,9 +433,12 @@ class TestIpsecEspAll(ConfigIpsecESP, self.ipv6_params} for _, p in self.params.items(): - p.crypt_algo_vpp_id = algo['vpp'] - p.crypt_algo = algo['scapy'] + p.auth_algo_vpp_id = algo['vpp-integ'] + p.crypt_algo_vpp_id = algo['vpp-crypto'] + p.crypt_algo = algo['scapy-crypto'] + p.auth_algo = algo['scapy-integ'] p.crypt_key = algo['key'] + p.crypt_salt = algo['salt'] p.flags = p.flags | flag #