X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ipsec_esp.py;h=8ed80c3d8de01d50de9b9299c029af0496d52ab5;hb=097fa66b986f06281f603767d321ab13ab6c88c3;hp=283914071ca95b0a72cdb9dc0349f265b937f070;hpb=4f33c80c5de96fccc15a91135099ee437f75f252;p=vpp.git diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 283914071ca..8ed80c3d8de 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -74,8 +74,7 @@ class ConfigIpsecESP(TemplateIpsec): r = VppIpRoute(self, p.remote_tun_if_host, p.addr_len, [VppRoutePath(self.tun_if.remote_addr[p.addr_type], 0xffffffff, - proto=d)], - is_ip6=p.is_ipv6) + proto=d)]) r.add_vpp_config() self.net_objs.append(r) @@ -100,6 +99,8 @@ class ConfigIpsecESP(TemplateIpsec): addr_any = params.addr_any addr_bcast = params.addr_bcast e = VppEnum.vl_api_ipsec_spd_action_t + flags = params.flags + salt = params.salt objs = [] params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, @@ -107,13 +108,17 @@ class ConfigIpsecESP(TemplateIpsec): crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.local_addr[addr_type], - self.tun_if.remote_addr[addr_type]) + self.tun_if.remote_addr[addr_type], + flags=flags, + salt=salt) params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.remote_addr[addr_type], - self.tun_if.local_addr[addr_type]) + self.tun_if.local_addr[addr_type], + flags=flags, + salt=salt) objs.append(params.tun_sa_in) objs.append(params.tun_sa_out) @@ -181,18 +186,21 @@ class ConfigIpsecESP(TemplateIpsec): IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY) e = VppEnum.vl_api_ipsec_spd_action_t flags = params.flags | flags + salt = params.salt objs = [] params.tra_sa_in = VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - flags=flags) + flags=flags, + salt=salt) params.tra_sa_out = VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - flags=flags) + flags=flags, + salt=salt) objs.append(params.tra_sa_in) objs.append(params.tra_sa_out) @@ -322,7 +330,7 @@ class TemplateIpsecEspUdp(ConfigIpsecESP): self.tun_if).add_vpp_config() self.config_esp_tun(p) - self.logger.info(self.vapi.ppcli("show ipsec")) + self.logger.info(self.vapi.ppcli("show ipsec all")) d = DpoProto.DPO_PROTO_IP4 VppIpRoute(self, p.remote_tun_if_host, p.addr_len, @@ -332,11 +340,12 @@ class TemplateIpsecEspUdp(ConfigIpsecESP): def tearDown(self): super(TemplateIpsecEspUdp, self).tearDown() - if not self.vpp_dead: - self.vapi.cli("show hardware") + + def show_commands_at_teardown(self): + self.logger.info(self.vapi.cli("show hardware")) -class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests, IpsecTun4Tests): +class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests): """ Ipsec NAT-T ESP UDP tests """ pass @@ -353,35 +362,78 @@ class TestIpsecEspAll(ConfigIpsecESP, super(TestIpsecEspAll, self).tearDown() def test_crypto_algs(self): - """All engines AES-CBC-[128, 192, 256] w/o ESN""" + """All engines AES-[CBC, GCM]-[128, 192, 256] 3DES-CBC w/ & w/o ESN""" # foreach VPP crypto engine - engines = ["ia32", "openssl"] + engines = ["ia32", "ipsecmb", "openssl"] # foreach crypto algorithm - algos = [{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_128, - 'scapy': "AES-CBC", + algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_128), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': "JPjyOWBeVEQiMe7h", + 'salt': 0}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_192), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': "JPjyOWBeVEQiMe7h01234567", + 'salt': 1010}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_256), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': "JPjyOWBeVEQiMe7h0123456787654321", + 'salt': 2020}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_128), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, 'key': "JPjyOWBeVEQiMe7h"}, - {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_192, - 'scapy': "AES-CBC", + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_192), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, 'key': "JPjyOWBeVEQiMe7hJPjyOWBe"}, - {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_256, - 'scapy': "AES-CBC", - 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}] - - # bug found in VPP needs fixing with flag - # (VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN) - flags = [0] + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_256), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, + 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_3DES_CBC), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "3DES", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, + 'key': "JPjyOWBeVEQiMe7h00112233"}] + + # with and without ESN + flags = [0, + VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN] # # loop through the VPP engines # for engine in engines: - self.vapi.cli("set crypto engine all %s" % engine) - + self.vapi.cli("set crypto handler all %s" % engine) # # loop through each of the algorithms # @@ -400,9 +452,12 @@ class TestIpsecEspAll(ConfigIpsecESP, self.ipv6_params} for _, p in self.params.items(): - p.crypt_algo_vpp_id = algo['vpp'] - p.crypt_algo = algo['scapy'] + p.auth_algo_vpp_id = algo['vpp-integ'] + p.crypt_algo_vpp_id = algo['vpp-crypto'] + p.crypt_algo = algo['scapy-crypto'] + p.auth_algo = algo['scapy-integ'] p.crypt_key = algo['key'] + p.salt = algo['salt'] p.flags = p.flags | flag #