X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ipsec_esp.py;h=927863c80a101b0b375fbd855cbc4d8dbca2a1eb;hb=84e665848;hp=90f013f8010299950cfe0f271b0836e109e65e8e;hpb=76a1d0580a4b05d7908e0b05bf6ceb974703f96d;p=vpp.git diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 90f013f8010..927863c80a1 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -145,8 +145,8 @@ class ConfigIpsecESP(TemplateIpsec): crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - self.tun_if.local_addr[addr_type], self.tun_if.remote_addr[addr_type], + self.tun_if.local_addr[addr_type], tun_flags=tun_flags, dscp=params.dscp, flags=flags, @@ -162,8 +162,8 @@ class ConfigIpsecESP(TemplateIpsec): crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - self.tun_if.remote_addr[addr_type], self.tun_if.local_addr[addr_type], + self.tun_if.remote_addr[addr_type], tun_flags=tun_flags, dscp=params.dscp, flags=flags, @@ -201,7 +201,7 @@ class ConfigIpsecESP(TemplateIpsec): VppIpsecSpdEntry( self, self.tun_spd, - vpp_tun_sa_id, + scapy_tun_sa_id, remote_tun_if_host, remote_tun_if_host, self.pg1.remote_addr[addr_type], @@ -216,7 +216,7 @@ class ConfigIpsecESP(TemplateIpsec): VppIpsecSpdEntry( self, self.tun_spd, - scapy_tun_sa_id, + vpp_tun_sa_id, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], remote_tun_if_host, @@ -230,7 +230,7 @@ class ConfigIpsecESP(TemplateIpsec): VppIpsecSpdEntry( self, self.tun_spd, - vpp_tun_sa_id, + scapy_tun_sa_id, remote_tun_if_host, remote_tun_if_host, self.pg0.local_addr[addr_type], @@ -245,7 +245,7 @@ class ConfigIpsecESP(TemplateIpsec): VppIpsecSpdEntry( self, self.tun_spd, - scapy_tun_sa_id, + vpp_tun_sa_id, self.pg0.local_addr[addr_type], self.pg0.local_addr[addr_type], remote_tun_if_host, @@ -332,7 +332,7 @@ class ConfigIpsecESP(TemplateIpsec): VppIpsecSpdEntry( self, self.tra_spd, - vpp_tra_sa_id, + scapy_tra_sa_id, self.tra_if.local_addr[addr_type], self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], @@ -347,7 +347,7 @@ class ConfigIpsecESP(TemplateIpsec): VppIpsecSpdEntry( self, self.tra_spd, - scapy_tra_sa_id, + vpp_tra_sa_id, self.tra_if.local_addr[addr_type], self.tra_if.local_addr[addr_type], self.tra_if.remote_addr[addr_type], @@ -447,7 +447,7 @@ class TestIpsecEsp1( VppIpsecSpdEntry( self, self.tun_spd, - p6.scapy_tun_sa_id, + p6.vpp_tun_sa_id, self.pg1.remote_addr[p4.addr_type], self.pg1.remote_addr[p4.addr_type], p6.remote_tun_if_host4, @@ -482,7 +482,7 @@ class TestIpsecEsp1( VppIpsecSpdEntry( self, self.tun_spd, - p4.scapy_tun_sa_id, + p4.vpp_tun_sa_id, self.pg1.remote_addr[p6.addr_type], self.pg1.remote_addr[p6.addr_type], p4.remote_tun_if_host6, @@ -746,10 +746,10 @@ class TestIpsecEspAsync(TemplateIpsecEsp): self.assertEqual(len(rxs), len(pkts)) for rx in rxs: - if rx[ESP].spi == p.scapy_tun_spi: + if rx[ESP].spi == p.vpp_tun_spi: decrypted = p.vpp_tun_sa.decrypt(rx[IP]) elif rx[ESP].spi == self.p_sync.vpp_tun_spi: - decrypted = self.p_sync.scapy_tun_sa.decrypt(rx[IP]) + decrypted = self.p_sync.vpp_tun_sa.decrypt(rx[IP]) else: rx.show() self.assertTrue(False) @@ -807,12 +807,12 @@ class TestIpsecEspAsync(TemplateIpsecEsp): self.assertEqual(len(rxs), len(pkts)) for rx in rxs: - if rx[ESP].spi == p.scapy_tun_spi: + if rx[ESP].spi == p.vpp_tun_spi: decrypted = p.vpp_tun_sa.decrypt(rx[IP]) elif rx[ESP].spi == self.p_sync.vpp_tun_spi: - decrypted = self.p_sync.scapy_tun_sa.decrypt(rx[IP]) + decrypted = self.p_sync.vpp_tun_sa.decrypt(rx[IP]) elif rx[ESP].spi == self.p_async.vpp_tun_spi: - decrypted = self.p_async.scapy_tun_sa.decrypt(rx[IP]) + decrypted = self.p_async.vpp_tun_sa.decrypt(rx[IP]) else: rx.show() self.assertTrue(False) @@ -822,11 +822,6 @@ class TestIpsecEspAsync(TemplateIpsecEsp): self.p_async.spd.remove_vpp_config() self.p_async.sa.remove_vpp_config() - # async mode should have been disabled now that there are - # no async SAs. there's no API for this, so a reluctant - # screen scrape. - self.assertTrue("DISABLED" in self.vapi.cli("sh crypto async status")) - class TestIpsecEspHandoff( TemplateIpsecEsp, IpsecTun6HandoffTests, IpsecTun4HandoffTests @@ -1038,6 +1033,42 @@ class MyParameters: "salt": 2020, "key": b"JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h", }, + "AES-NULL-GMAC-128/NONE": { + "vpp-crypto": ( + VppEnum.vl_api_ipsec_crypto_alg_t.IPSEC_API_CRYPTO_ALG_AES_NULL_GMAC_128 + ), + "vpp-integ": ( + VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_NONE + ), + "scapy-crypto": "AES-NULL-GMAC", + "scapy-integ": "NULL", + "key": b"JPjyOWBeVEQiMe7h", + "salt": 0, + }, + "AES-NULL-GMAC-192/NONE": { + "vpp-crypto": ( + VppEnum.vl_api_ipsec_crypto_alg_t.IPSEC_API_CRYPTO_ALG_AES_NULL_GMAC_192 + ), + "vpp-integ": ( + VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_NONE + ), + "scapy-crypto": "AES-NULL-GMAC", + "scapy-integ": "NULL", + "key": b"JPjyOWBeVEQiMe7h01234567", + "salt": 1010, + }, + "AES-NULL-GMAC-256/NONE": { + "vpp-crypto": ( + VppEnum.vl_api_ipsec_crypto_alg_t.IPSEC_API_CRYPTO_ALG_AES_NULL_GMAC_256 + ), + "vpp-integ": ( + VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_NONE + ), + "scapy-crypto": "AES-NULL-GMAC", + "scapy-integ": "NULL", + "key": b"JPjyOWBeVEQiMe7h0123456787654321", + "salt": 2020, + }, } @@ -1187,7 +1218,8 @@ class RunTestIpsecEspAll(ConfigIpsecESP, IpsecTra4, IpsecTra6, IpsecTun4, IpsecT # GEN AES-GCM-192/NONE AES-GCM-256/NONE AES-CBC-128/MD5-96 \ # GEN AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96 \ # GEN 3DES-CBC/SHA1-96 NONE/SHA1-96 \ -# GEN AES-CTR-128/SHA1-96 AES-CTR-192/SHA1-96 AES-CTR-256/SHA1-96; do \ +# GEN AES-CTR-128/SHA1-96 AES-CTR-192/SHA1-96 AES-CTR-256/SHA1-96 \ +# GEN AES-NULL-GMAC-128/NONE AES-NULL-GMAC-192/NONE AES-NULL-GMAC-256/NONE; do \ # GEN echo -en "\n\nclass " # GEN echo -e "Test_${ENG}_${ESN}_${AR}_${ALG}(RunTestIpsecEspAll):" | # GEN sed -e 's/-/_/g' -e 's#/#_#g' ; @@ -2003,6 +2035,30 @@ class Test_openssl_ESNon_ARon_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): self.run_test() +class Test_openssl_ESNon_ARon_AES_NULL_GMAC_128_NONE(RunTestIpsecEspAll): + """openssl ESNon ARon AES-NULL-GMAC-128/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNon ARon AES-NULL-GMAC-128/NONE IPSec test""" + self.run_test() + + +class Test_openssl_ESNon_ARon_AES_NULL_GMAC_192_NONE(RunTestIpsecEspAll): + """openssl ESNon ARon AES-NULL-GMAC-192/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNon ARon AES-NULL-GMAC-192/NONE IPSec test""" + self.run_test() + + +class Test_openssl_ESNon_ARon_AES_NULL_GMAC_256_NONE(RunTestIpsecEspAll): + """openssl ESNon ARon AES-NULL-GMAC-256/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNon ARon AES-NULL-GMAC-256/NONE IPSec test""" + self.run_test() + + class Test_openssl_ESNon_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll): """openssl ESNon ARoff AES-GCM-128/NONE IPSec test""" @@ -2091,6 +2147,30 @@ class Test_openssl_ESNon_ARoff_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): self.run_test() +class Test_openssl_ESNon_ARoff_AES_NULL_GMAC_128_NONE(RunTestIpsecEspAll): + """openssl ESNon ARoff AES-NULL-GMAC-128/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNon ARoff AES-NULL-GMAC-128/NONE IPSec test""" + self.run_test() + + +class Test_openssl_ESNon_ARoff_AES_NULL_GMAC_192_NONE(RunTestIpsecEspAll): + """openssl ESNon ARoff AES-NULL-GMAC-192/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNon ARoff AES-NULL-GMAC-192/NONE IPSec test""" + self.run_test() + + +class Test_openssl_ESNon_ARoff_AES_NULL_GMAC_256_NONE(RunTestIpsecEspAll): + """openssl ESNon ARoff AES-NULL-GMAC-256/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNon ARoff AES-NULL-GMAC-256/NONE IPSec test""" + self.run_test() + + class Test_openssl_ESNoff_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll): """openssl ESNoff ARon AES-GCM-128/NONE IPSec test""" @@ -2179,6 +2259,30 @@ class Test_openssl_ESNoff_ARon_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): self.run_test() +class Test_openssl_ESNoff_ARon_AES_NULL_GMAC_128_NONE(RunTestIpsecEspAll): + """openssl ESNoff ARon AES-NULL-GMAC-128/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNoff ARon AES-NULL-GMAC-128/NONE IPSec test""" + self.run_test() + + +class Test_openssl_ESNoff_ARon_AES_NULL_GMAC_192_NONE(RunTestIpsecEspAll): + """openssl ESNoff ARon AES-NULL-GMAC-192/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNoff ARon AES-NULL-GMAC-192/NONE IPSec test""" + self.run_test() + + +class Test_openssl_ESNoff_ARon_AES_NULL_GMAC_256_NONE(RunTestIpsecEspAll): + """openssl ESNoff ARon AES-NULL-GMAC-256/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNoff ARon AES-NULL-GMAC-256/NONE IPSec test""" + self.run_test() + + class Test_openssl_ESNoff_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll): """openssl ESNoff ARoff AES-GCM-128/NONE IPSec test""" @@ -2267,6 +2371,30 @@ class Test_openssl_ESNoff_ARoff_AES_CTR_256_SHA1_96(RunTestIpsecEspAll): self.run_test() +class Test_openssl_ESNoff_ARoff_AES_NULL_GMAC_128_NONE(RunTestIpsecEspAll): + """openssl ESNoff ARoff AES-NULL-GMAC-128/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNoff ARoff AES-NULL-GMAC-128/NONE IPSec test""" + self.run_test() + + +class Test_openssl_ESNoff_ARoff_AES_NULL_GMAC_192_NONE(RunTestIpsecEspAll): + """openssl ESNoff ARoff AES-NULL-GMAC-192/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNoff ARoff AES-NULL-GMAC-192/NONE IPSec test""" + self.run_test() + + +class Test_openssl_ESNoff_ARoff_AES_NULL_GMAC_256_NONE(RunTestIpsecEspAll): + """openssl ESNoff ARoff AES-NULL-GMAC-256/NONE IPSec test""" + + def test_ipsec(self): + """openssl ESNoff ARoff AES-NULL-GMAC-256/NONE IPSec test""" + self.run_test() + + class Test_async_ESNon_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll): """async ESNon ARon AES-GCM-128/NONE IPSec test"""