1 # Copyright (c) 2016 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
15 | Resource | resources/libraries/robot/crypto/ipsec.robot
17 | Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV
18 | ... | FUNCTEST | IP6FWD | IPSEC | IPSEC_TNL | IP6BASE
20 | Test Setup | Set up IPSec SW device functional test | IPv6
22 | Test Teardown | Tear down test | packet_trace
24 | Documentation | *IPv6 IPsec tunnel mode test suite.*
26 | ... | *[Top] Network topologies:* TG-DUT1 2-node topology with one link\
27 | ... | between nodes.
28 | ... | *[Cfg] DUT configuration:* On DUT1 create loopback interface, configure
29 | ... | loopback an physical interface IPv6 addresses, static ARP record, route
30 | ... | and IPsec manual keyed connection in tunnel mode.
31 | ... | *[Ver] TG verification:* ESP packet is sent from TG to DUT1. ESP packet
32 | ... | is received on TG from DUT1.
33 | ... | *[Ref] Applicable standard specifications:* RFC4303.
36 | ${tg_spi}= | ${1000}
37 | ${dut_spi}= | ${1001}
38 | ${ESP_PROTO}= | ${50}
39 | ${tg_if_ip6}= | 3ffe:5f::1
40 | ${dut_if_ip6}= | 3ffe:5f::2
41 | ${tg_lo_ip6}= | 3ffe:60::3
42 | ${dut_lo_ip6}= | 3ffe:60::4
43 | ${ip6_plen}= | ${64}
44 | ${ip6_plen_rt}= | ${128}
47 | tc01-eth2p-ethip6ipsectnl-ip6base-device-aes-128-cbc-sha-256-128
49 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
50 | | ... | algorithm AES-CBC-128 and integrity algorithm SHA-256-128 in tunnel\
52 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
54 | | ${encr_alg}= | Crypto Alg AES CBC 128
55 | | ${auth_alg}= | Integ Alg SHA 256 128
56 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
57 | | When Configure manual keyed connection for IPSec
58 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
59 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip}
60 | | ... | ${dut_tun_ip} | ${tg_tun_ip} | is_ipv6=${TRUE}
61 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
62 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
63 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
64 | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip}
65 | | ... | ${dut_tun_ip}
67 | tc02-eth2p-ethip6ipsectnl-ip6base-device-aes-256-cbc-sha-256-128
69 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
70 | | ... | algorithm AES-CBC-256 and integrity algorithm SHA-256-128 in tunnel\
72 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
74 | | ${encr_alg}= | Crypto Alg AES CBC 256
75 | | ${auth_alg}= | Integ Alg SHA 256 128
76 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
77 | | When Configure manual keyed connection for IPSec
78 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
79 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip}
80 | | ... | ${dut_tun_ip} | ${tg_tun_ip} | is_ipv6=${TRUE}
81 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
82 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
83 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
84 | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip}
85 | | ... | ${dut_tun_ip}
87 | tc03-eth2p-ethip6ipsectnl-ip6base-device-aes-128-cbc-sha-512-256
89 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
90 | | ... | algorithm AES-CBC-128 and integrity algorithm SHA-512-256 in tunnel\
92 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
94 | | ${encr_alg}= | Crypto Alg AES CBC 128
95 | | ${auth_alg}= | Integ Alg SHA 512 256
96 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
97 | | When Configure manual keyed connection for IPSec
98 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
99 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip}
100 | | ... | ${dut_tun_ip} | ${tg_tun_ip} | is_ipv6=${TRUE}
101 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
102 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
103 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
104 | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip}
105 | | ... | ${dut_tun_ip}
107 | tc04-eth2p-ethip6ipsectnl-ip6base-device-aes-256-cbc-sha-512-256
109 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
110 | | ... | algorithm AES-CBC-256 and integrity algorithm SHA-512-256 in tunnel\
112 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
114 | | ${encr_alg}= | Crypto Alg AES CBC 256
115 | | ${auth_alg}= | Integ Alg SHA 512 256
116 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
117 | | When Configure manual keyed connection for IPSec
118 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
119 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip}
120 | | ... | ${dut_tun_ip} | ${tg_tun_ip} | is_ipv6=${TRUE}
121 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
122 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
123 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
124 | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip}
125 | | ... | ${dut_tun_ip}
Code Review / csit.git / blob