1 # Copyright (c) 2019 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
15 | Resource | resources/libraries/robot/crypto/ipsec.robot
17 | Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV
18 | ... | FUNCTEST | IP4FWD | IPSEC | IPSEC_TPT | IP4BASE
20 | Test Setup | Set up IPSec SW device functional test | IPv4
22 | Test Teardown | Tear down test | packet_trace
24 | Documentation | *IPv4 IPsec transport mode test suite.*
26 | ... | *[Top] Network topologies:* TG-DUT1 2-node topology with one link\
27 | ... | between nodes.
28 | ... | *[Cfg] DUT configuration:* On DUT1 create loopback interface, configure\
29 | ... | loopback an physical interface IPv4 addresses, static ARP record, route\
30 | ... | and IPsec manual keyed connection in transport mode.
31 | ... | *[Ver] TG verification:* ESP packet is sent from TG to DUT1. ESP packet\
32 | ... | is received on TG from DUT1.
33 | ... | *[Ref] Applicable standard specifications:* RFC4303.
36 | ${tg_spi}= | ${1000}
37 | ${dut_spi}= | ${1001}
38 | ${ESP_PROTO}= | ${50}
39 | ${tg_if_ip4}= | 192.168.100.2
40 | ${dut_if_ip4}= | 192.168.100.3
41 | ${tg_lo_ip4}= | 192.168.3.3
42 | ${dut_lo_ip4}= | 192.168.4.4
43 | ${ip4_plen}= | ${24}
46 | tc01-eth2p-ethip4ipsectpt-ip4base-device-aes-128-cbc-sha-256-128
48 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
49 | | ... | algorithm AES-CBC-128 and integrity algorithm SHA-256-128 in transport
51 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
53 | | ${encr_alg}= | Crypto Alg AES CBC 128
54 | | ${auth_alg}= | Integ Alg SHA 256 128
55 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
56 | | When Configure manual keyed connection for IPSec
57 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
58 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
59 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
60 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
61 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
62 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
64 | tc02-eth2p-ethip4ipsectpt-ip4base-device-aes-256-cbc-sha-256-128
66 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
67 | | ... | algorithm AES-CBC-256 and integrity algorithm SHA-256-128 in transport
69 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
71 | | ${encr_alg}= | Crypto Alg AES CBC 256
72 | | ${auth_alg}= | Integ Alg SHA 256 128
73 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
74 | | When Configure manual keyed connection for IPSec
75 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
76 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
77 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
78 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
79 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
80 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
82 | tc03-eth2p-ethip4ipsectpt-ip4base-device-aes-128-cbc-sha-512-256
84 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
85 | | ... | algorithm AES-CBC-128 and integrity algorithm SHA-512-256 in transport
87 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
89 | | ${encr_alg}= | Crypto Alg AES CBC 128
90 | | ${auth_alg}= | Integ Alg SHA 512 256
91 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
92 | | When Configure manual keyed connection for IPSec
93 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
94 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
95 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
96 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
97 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
98 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
100 | tc04-eth2p-ethip4ipsectpt-ip4base-device-aes-256-cbc-sha-512-256
102 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
103 | | ... | algorithm AES-CBC-256 and integrity algorithm SHA-512-256 in transport
105 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
107 | | ${encr_alg}= | Crypto Alg AES CBC 256
108 | | ${auth_alg}= | Integ Alg SHA 512 256
109 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
110 | | When Configure manual keyed connection for IPSec
111 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
112 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
113 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
114 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
115 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
116 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
Code Review / csit.git / blob