X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ipsec_tun_if_esp.py;h=8f1bd7cb14f1c3a9afd0bed5ed6fc0b87e46e926;hb=c6eb5bc967d3d70016b4e4e182b3d68b1e558f60;hp=833bbd47bb362f061dcb28ce1ac3bcd103c5587c;hpb=47feb1146ec3b0e1cf2ebd83cd5211e1df261194;p=vpp.git diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py index 833bbd47bb3..8f1bd7cb14f 100644 --- a/test/test_ipsec_tun_if_esp.py +++ b/test/test_ipsec_tun_if_esp.py @@ -1,7 +1,6 @@ import unittest import socket import copy -import struct from scapy.layers.ipsec import ESP from scapy.layers.l2 import Ether, Raw, GRE @@ -218,7 +217,8 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4): p.crypt_algo_vpp_id, p.crypt_key, p.crypt_key, p.auth_algo_vpp_id, p.auth_key, - p.auth_key) + p.auth_key, + salt=p.salt) p.tun_if.add_vpp_config() p.tun_if.admin_up() p.tun_if.config_ip4() @@ -243,6 +243,55 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4): def tearDown(self): super(TestIpsec4TunIfEspAll, self).tearDown() + def rekey(self, p): + # + # change the key and the SPI + # + p.crypt_key = 'X' + p.crypt_key[1:] + p.scapy_tun_spi += 1 + p.scapy_tun_sa_id += 1 + p.vpp_tun_spi += 1 + p.vpp_tun_sa_id += 1 + p.tun_if.local_spi = p.vpp_tun_spi + p.tun_if.remote_spi = p.scapy_tun_spi + + config_tun_params(p, self.encryption_type, self.tun_if) + + p.tun_sa_in = VppIpsecSA(self, + p.scapy_tun_sa_id, + p.scapy_tun_spi, + p.auth_algo_vpp_id, + p.auth_key, + p.crypt_algo_vpp_id, + p.crypt_key, + self.vpp_esp_protocol, + self.tun_if.local_addr[p.addr_type], + self.tun_if.remote_addr[p.addr_type], + flags=p.flags, + salt=p.salt) + p.tun_sa_out = VppIpsecSA(self, + p.vpp_tun_sa_id, + p.vpp_tun_spi, + p.auth_algo_vpp_id, + p.auth_key, + p.crypt_algo_vpp_id, + p.crypt_key, + self.vpp_esp_protocol, + self.tun_if.remote_addr[p.addr_type], + self.tun_if.local_addr[p.addr_type], + flags=p.flags, + salt=p.salt) + p.tun_sa_in.add_vpp_config() + p.tun_sa_out.add_vpp_config() + + self.vapi.ipsec_tunnel_if_set_sa(sw_if_index=p.tun_if.sw_if_index, + sa_id=p.tun_sa_in.id, + is_outbound=1) + self.vapi.ipsec_tunnel_if_set_sa(sw_if_index=p.tun_if.sw_if_index, + sa_id=p.tun_sa_out.id, + is_outbound=0) + self.logger.info(self.vapi.cli("sh ipsec sa")) + def test_tun_44(self): """IPSEC tunnel all algos """ @@ -257,7 +306,7 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4): 'scapy-crypto': "AES-GCM", 'scapy-integ': "NULL", 'key': "JPjyOWBeVEQiMe7h", - 'salt': struct.pack("!L", 0)}, + 'salt': 3333}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_GCM_192), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. @@ -265,7 +314,7 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4): 'scapy-crypto': "AES-GCM", 'scapy-integ': "NULL", 'key': "JPjyOWBeVEQiMe7hJPjyOWBe", - 'salt': struct.pack("!L", 0)}, + 'salt': 0}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_GCM_256), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. @@ -273,14 +322,14 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4): 'scapy-crypto': "AES-GCM", 'scapy-integ': "NULL", 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h", - 'salt': struct.pack("!L", 0)}, + 'salt': 9999}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_128), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA1_96), 'scapy-crypto': "AES-CBC", 'scapy-integ': "HMAC-SHA1-96", - 'salt': '', + 'salt': 0, 'key': "JPjyOWBeVEQiMe7h"}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_192), @@ -288,7 +337,7 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4): IPSEC_API_INTEG_ALG_SHA1_96), 'scapy-crypto': "AES-CBC", 'scapy-integ': "HMAC-SHA1-96", - 'salt': '', + 'salt': 0, 'key': "JPjyOWBeVEQiMe7hJPjyOWBe"}, {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_256), @@ -296,7 +345,7 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4): IPSEC_API_INTEG_ALG_SHA1_96), 'scapy-crypto': "AES-CBC", 'scapy-integ': "HMAC-SHA1-96", - 'salt': '', + 'salt': 0, 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}] for engine in engines: @@ -314,7 +363,7 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4): p.crypt_algo = algo['scapy-crypto'] p.auth_algo = algo['scapy-integ'] p.crypt_key = algo['key'] - p.crypt_salt = algo['salt'] + p.salt = algo['salt'] self.config_network(p) @@ -324,7 +373,15 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4): c = p.tun_if.get_tx_stats() self.assertEqual(c['packets'], 127) + # + # rekey the tunnel + # + self.rekey(p) + self.verify_tun_44(p, count=127) + self.unconfig_network(p) + p.tun_sa_out.remove_vpp_config() + p.tun_sa_in.remove_vpp_config() class TestIpsec6MultiTunIfEsp(TemplateIpsec, IpsecTun6):