1 # Copyright (c) 2019 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
15 | Resource | resources/libraries/robot/crypto/ipsec.robot
17 | Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV
18 | ... | FUNCTEST | IP6FWD | IPSEC | IPSEC_TPT | IP6BASE
20 | Test Setup | Set up IPSec SW device functional test | IPv6
22 | Test Teardown | Tear down test | packet_trace
24 | Documentation | *IPv6 IPsec transport mode test suite.*
26 | ... | *[Top] Network topologies:* TG-DUT1 2-node topology with one link\
27 | ... | between nodes.
28 | ... | *[Cfg] DUT configuration:* On DUT1 create loopback interface, configure
29 | ... | loopback an physical interface IPv6 addresses, static ARP record, route
30 | ... | and IPsec manual keyed connection in transport mode.
31 | ... | *[Ver] TG verification:* ESP packet is sent from TG to DUT1. ESP packet
32 | ... | is received on TG from DUT1.
33 | ... | *[Ref] Applicable standard specifications:* RFC4303.
36 | ${tg_spi}= | ${1000}
37 | ${dut_spi}= | ${1001}
38 | ${ESP_PROTO}= | ${50}
39 | ${tg_if_ip6}= | 3ffe:5f::1
40 | ${dut_if_ip6}= | 3ffe:5f::2
41 | ${tg_lo_ip6}= | 3ffe:60::3
42 | ${dut_lo_ip6}= | 3ffe:60::4
43 | ${ip6_plen}= | ${64}
44 | ${ip6_plen_rt}= | ${128}
47 | tc01-eth2p-ethip6ipsectpt-ip6base-device-aes-128-cbc-sha-256-128
49 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
50 | | ... | algorithm AES-CBC-128 and integrity algorithm SHA-256-128 in transport
52 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
54 | | ${encr_alg}= | Crypto Alg AES CBC 128
55 | | ${auth_alg}= | Integ Alg SHA 256 128
56 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
57 | | When Configure manual keyed connection for IPSec
58 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
59 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
60 | | ... | is_ipv6=${TRUE}
61 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
62 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
63 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
64 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
66 | tc02-eth2p-ethip6ipsectpt-ip6base-device-aes-256-cbc-sha-256-128
68 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
69 | | ... | algorithm AES-CBC-256 and integrity algorithm SHA-256-128 in transport
71 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
73 | | ${encr_alg}= | Crypto Alg AES CBC 256
74 | | ${auth_alg}= | Integ Alg SHA 256 128
75 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
76 | | When Configure manual keyed connection for IPSec
77 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
78 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
79 | | ... | is_ipv6=${TRUE}
80 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
81 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
82 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
83 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
85 | tc03-eth2p-ethip6ipsectpt-ip6base-device-aes-128-cbc-sha-512-256
87 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
88 | | ... | algorithm AES-CBC-128 and integrity algorithm SHA-512-256 in transport
90 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
92 | | ${encr_alg}= | Crypto Alg AES CBC 128
93 | | ${auth_alg}= | Integ Alg SHA 512 256
94 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
95 | | When Configure manual keyed connection for IPSec
96 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
97 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
98 | | ... | is_ipv6=${TRUE}
99 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
100 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
101 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
102 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
104 | tc04-eth2p-ethip6ipsectpt-ip6base-device-aes-256-cbc-sha-512-256
106 | | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
107 | | ... | algorithm AES-CBC-256 and integrity algorithm SHA-512-256 in transport
109 | | ... | [Ver] Send and receive ESP packet between TG and VPP node.
111 | | ${encr_alg}= | Crypto Alg AES CBC 256
112 | | ${auth_alg}= | Integ Alg SHA 512 256
113 | | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
114 | | When Configure manual keyed connection for IPSec
115 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
116 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
117 | | ... | is_ipv6=${TRUE}
118 | | Then Send IPsec Packet and verify ESP encapsulation in received packet
119 | | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
120 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
121 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
Code Review / csit.git / blob