1 # Copyright (c) 2019 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
15 | Resource | resources/libraries/robot/crypto/ipsec.robot
17 | Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV
18 | ... | FUNCTEST | IP4FWD | IPSEC | IPSEC_TNL | IP4BASE
20 | Test Setup | Set up IPSec SW device functional test | IPv4
22 | Test Teardown | Tear down VPP device test
24 | Documentation | *IPv4 IPsec tunnel mode test suite.*
26 | ... | *[Top] Network topologies:* TG-DUT1 2-node topology with one link\
27 | ... | between nodes.
28 | ... | *[Cfg] DUT configuration:* On DUT1 create loopback interface, configure\
29 | ... | loopback an physical interface IPv4 addresses, static ARP record, route\
30 | ... | and IPsec manual keyed connection in tunnel mode.
31 | ... | *[Ver] TG verification:* ESP packet is sent from TG to DUT1. ESP packet\
32 | ... | is received on TG from DUT1.
33 | ... | *[Ref] Applicable standard specifications:* RFC4303.
36 | ${tg_spi}= | ${1000}
37 | ${dut_spi}= | ${1001}
38 | ${ESP_PROTO}= | ${50}
39 | ${tg_if_ip4}= | 192.168.100.2
40 | ${dut_if_ip4}= | 192.168.100.3
41 | ${tg_lo_ip4}= | 192.168.3.3
42 | ${dut_lo_ip4}= | 192.168.4.4
43 | ${ip4_plen}= | ${24}
46 | tc01-eth2p-ethip4ipsectnl-ip4base-device-aes-128-cbc-sha-256-128
48 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
49 | | ... | algorithm AES-CBC-128 and integrity algorithm SHA-256-128 in tunnel\
51 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
53 | | ${encr_alg}= | Crypto Alg AES CBC 128
54 | | ${auth_alg}= | Integ Alg SHA 256 128
55 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
56 | | When Configure manual keyed connection for IPSec
57 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
58 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip}
59 | | ... | ${dut_tun_ip} | ${tg_tun_ip}
60 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
61 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
62 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
63 | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip}
64 | | ... | ${dut_tun_ip}
66 | tc02-eth2p-ethip4ipsectnl-ip4base-device-aes-256-cbc-sha-256-128
68 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
69 | | ... | algorithm AES-CBC-256 and integrity algorithm SHA-256-128 in tunnel\
71 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
73 | | ${encr_alg}= | Crypto Alg AES CBC 256
74 | | ${auth_alg}= | Integ Alg SHA 256 128
75 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
76 | | When Configure manual keyed connection for IPSec
77 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
78 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip}
79 | | ... | ${dut_tun_ip} | ${tg_tun_ip}
80 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
81 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
82 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
83 | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip}
84 | | ... | ${dut_tun_ip}
86 | tc03-eth2p-ethip4ipsectnl-ip4base-device-aes-128-cbc-sha-512-256
88 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
89 | | ... | algorithm AES-CBC-128 and integrity algorithm SHA-512-256 in tunnel\
91 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
93 | | ${encr_alg}= | Crypto Alg AES CBC 128
94 | | ${auth_alg}= | Integ Alg SHA 512 256
95 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
96 | | When Configure manual keyed connection for IPSec
97 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
98 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip}
99 | | ... | ${dut_tun_ip} | ${tg_tun_ip}
100 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
101 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
102 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
103 | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip}
104 | | ... | ${dut_tun_ip}
106 | tc04-eth2p-ethip4ipsectnl-ip4base-device-aes-256-cbc-sha-512-256
108 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
109 | | ... | algorithm AES-CBC-256 and integrity algorithm SHA-512-256 in tunnel\
111 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
113 | | ${encr_alg}= | Crypto Alg AES CBC 256
114 | | ${auth_alg}= | Integ Alg SHA 512 256
115 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
116 | | When Configure manual keyed connection for IPSec
117 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
118 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip}
119 | | ... | ${dut_tun_ip} | ${tg_tun_ip}
120 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
121 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
122 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
123 | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip}
124 | | ... | ${dut_tun_ip}
Code Review / csit.git / blob