X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ipsec_esp.py;h=96787716fb48d1f0f2083557af13c5be16620e68;hb=22d009b4f7243c5c934421b4294ca2a58d870043;hp=566ed3474181c11bb5cc29e887aca0c5504b4e28;hpb=d8cfbebce78e26a6ef7f6693e7c90dc3c6435d51;p=vpp.git diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 566ed347418..96787716fb4 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -1,10 +1,9 @@ import socket import unittest -import struct from scapy.layers.ipsec import ESP from scapy.layers.inet import UDP -from framework import VppTestRunner +from framework import VppTestRunner, is_skip_aarch64_set, is_platform_aarch64 from template_ipsec import IpsecTra46Tests, IpsecTun46Tests, TemplateIpsec, \ IpsecTcpTests, IpsecTun4Tests, IpsecTra4Tests, config_tra_params, \ IPsecIPv4Params, IPsecIPv6Params, \ @@ -15,6 +14,8 @@ from vpp_ip_route import VppIpRoute, VppRoutePath from vpp_ip import DpoProto from vpp_papi import VppEnum +NUM_PKTS = 67 + class ConfigIpsecESP(TemplateIpsec): encryption_type = ESP @@ -75,8 +76,7 @@ class ConfigIpsecESP(TemplateIpsec): r = VppIpRoute(self, p.remote_tun_if_host, p.addr_len, [VppRoutePath(self.tun_if.remote_addr[p.addr_type], 0xffffffff, - proto=d)], - is_ip6=p.is_ipv6) + proto=d)]) r.add_vpp_config() self.net_objs.append(r) @@ -102,6 +102,7 @@ class ConfigIpsecESP(TemplateIpsec): addr_bcast = params.addr_bcast e = VppEnum.vl_api_ipsec_spd_action_t flags = params.flags + salt = params.salt objs = [] params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, @@ -110,14 +111,16 @@ class ConfigIpsecESP(TemplateIpsec): self.vpp_esp_protocol, self.tun_if.local_addr[addr_type], self.tun_if.remote_addr[addr_type], - flags=flags) + flags=flags, + salt=salt) params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.remote_addr[addr_type], self.tun_if.local_addr[addr_type], - flags=flags) + flags=flags, + salt=salt) objs.append(params.tun_sa_in) objs.append(params.tun_sa_out) @@ -185,18 +188,21 @@ class ConfigIpsecESP(TemplateIpsec): IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY) e = VppEnum.vl_api_ipsec_spd_action_t flags = params.flags | flags + salt = params.salt objs = [] params.tra_sa_in = VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - flags=flags) + flags=flags, + salt=salt) params.tra_sa_out = VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, - flags=flags) + flags=flags, + salt=salt) objs.append(params.tra_sa_in) objs.append(params.tra_sa_out) @@ -346,6 +352,8 @@ class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests): pass +@unittest.skipIf(is_skip_aarch64_set and is_platform_aarch64, + "test doesn't work on aarch64") class TestIpsecEspAll(ConfigIpsecESP, IpsecTra4, IpsecTra6, IpsecTun4, IpsecTun6): @@ -358,7 +366,7 @@ class TestIpsecEspAll(ConfigIpsecESP, super(TestIpsecEspAll, self).tearDown() def test_crypto_algs(self): - """All engines AES-[CBC, GCM]-[128, 192, 256] w/ & w/o ESN""" + """All engines AES-[CBC, GCM]-[128, 192, 256] 3DES-CBC w/ & w/o ESN""" # foreach VPP crypto engine engines = ["ia32", "ipsecmb", "openssl"] @@ -371,7 +379,15 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-crypto': "AES-GCM", 'scapy-integ': "NULL", 'key': "JPjyOWBeVEQiMe7h", - 'salt': struct.pack("!L", 0)}, + 'salt': 0}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_192), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': "JPjyOWBeVEQiMe7h01234567", + 'salt': 1010}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_GCM_256), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. @@ -379,14 +395,14 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-crypto': "AES-GCM", 'scapy-integ': "NULL", 'key': "JPjyOWBeVEQiMe7h0123456787654321", - 'salt': struct.pack("!L", 0)}, + 'salt': 2020}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_128), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA1_96), 'scapy-crypto': "AES-CBC", 'scapy-integ': "HMAC-SHA1-96", - 'salt': '', + 'salt': 0, 'key': "JPjyOWBeVEQiMe7h"}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_192), @@ -394,7 +410,7 @@ class TestIpsecEspAll(ConfigIpsecESP, IPSEC_API_INTEG_ALG_SHA1_96), 'scapy-crypto': "AES-CBC", 'scapy-integ': "HMAC-SHA1-96", - 'salt': '', + 'salt': 0, 'key': "JPjyOWBeVEQiMe7hJPjyOWBe"}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_256), @@ -402,8 +418,16 @@ class TestIpsecEspAll(ConfigIpsecESP, IPSEC_API_INTEG_ALG_SHA1_96), 'scapy-crypto': "AES-CBC", 'scapy-integ': "HMAC-SHA1-96", - 'salt': '', - 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}] + 'salt': 0, + 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_3DES_CBC), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "3DES", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': 0, + 'key': "JPjyOWBeVEQiMe7h00112233"}] # with and without ESN flags = [0, @@ -437,7 +461,7 @@ class TestIpsecEspAll(ConfigIpsecESP, p.crypt_algo = algo['scapy-crypto'] p.auth_algo = algo['scapy-integ'] p.crypt_key = algo['key'] - p.crypt_salt = algo['salt'] + p.salt = algo['salt'] p.flags = p.flags | flag # @@ -450,10 +474,12 @@ class TestIpsecEspAll(ConfigIpsecESP, # An exhautsive 4o6, 6o4 is not necessary # for each algo # - self.verify_tra_basic6(count=17) - self.verify_tra_basic4(count=17) - self.verify_tun_66(self.params[socket.AF_INET6], 17) - self.verify_tun_44(self.params[socket.AF_INET], 17) + self.verify_tra_basic6(count=NUM_PKTS) + self.verify_tra_basic4(count=NUM_PKTS) + self.verify_tun_66(self.params[socket.AF_INET6], + count=NUM_PKTS) + self.verify_tun_44(self.params[socket.AF_INET], + count=NUM_PKTS) # # remove the SPDs, SAs, etc