Code Review / csit.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
FIX: IPsec TNL mode
[csit.git] / resources / libraries / python / IPsecUtil.py
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 9ba1b3f..3346da2 100644 (file)
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -49,10 +49,9 @@ class PolicyAction(Enum):
 class CryptoAlg(Enum):
     """Encryption algorithms."""
     AES_CBC_128 = ('aes-cbc-128', 'AES-CBC', 16)
-    AES_CBC_192 = ('aes-cbc-192', 'AES-CBC', 24)
     AES_CBC_256 = ('aes-cbc-256', 'AES-CBC', 32)
-    AES_GCM_128 = ('aes-gcm-128', 'AES-GCM', 20)
-    AES_GCM_256 = ('aes-gcm-256', 'AES-GCM', 40)
+    AES_GCM_128 = ('aes-gcm-128', 'AES-GCM', 16)
+    AES_GCM_256 = ('aes-gcm-256', 'AES-GCM', 32)
 
     def __init__(self, alg_name, scapy_name, key_len):
         self.alg_name = alg_name
@@ -62,12 +61,10 @@ class CryptoAlg(Enum):
 
 class IntegAlg(Enum):
     """Integrity algorithm."""
-    SHA1_96 = ('sha1-96', 'HMAC-SHA1-96', 20)
     SHA_256_128 = ('sha-256-128', 'SHA2-256-128', 32)
-    SHA_384_192 = ('sha-384-192', 'SHA2-384-192', 48)
     SHA_512_256 = ('sha-512-256', 'SHA2-512-256', 64)
-    AES_GCM_128 = ('aes-gcm-128', 'AES-GCM', 20)
-    AES_GCM_256 = ('aes-gcm-256', 'AES-GCM', 40)
+    AES_GCM_128 = ('aes-gcm-128', 'AES-GCM', 16)
+    AES_GCM_256 = ('aes-gcm-256', 'AES-GCM', 32)
 
     def __init__(self, alg_name, scapy_name, key_len):
         self.alg_name = alg_name
@@ -120,15 +117,6 @@ class IPsecUtil(object):
         """
         return CryptoAlg.AES_CBC_128
 
-    @staticmethod
-    def crypto_alg_aes_cbc_192():
-        """Return encryption algorithm aes-cbc-192.
-
-        :returns: CryptoAlg enum AES_CBC_192 objec.
-        :rtype: CryptoAlg
-        """
-        return CryptoAlg.AES_CBC_192
-
     @staticmethod
     def crypto_alg_aes_cbc_256():
         """Return encryption algorithm aes-cbc-256.
@@ -178,15 +166,6 @@ class IPsecUtil(object):
         """
         return crypto_alg.scapy_name
 
-    @staticmethod
-    def integ_alg_sha1_96():
-        """Return integrity algorithm SHA1-96.
-
-        :returns: IntegAlg enum SHA1_96 object.
-        :rtype: IntegAlg
-        """
-        return IntegAlg.SHA1_96
-
     @staticmethod
     def integ_alg_sha_256_128():
         """Return integrity algorithm SHA-256-128.
@@ -196,15 +175,6 @@ class IPsecUtil(object):
         """
         return IntegAlg.SHA_256_128
 
-    @staticmethod
-    def integ_alg_sha_384_192():
-        """Return integrity algorithm SHA-384-192.
-
-        :returns: IntegAlg enum SHA_384_192 object.
-        :rtype: IntegAlg
-        """
-        return IntegAlg.SHA_384_192
-
     @staticmethod
     def integ_alg_sha_512_256():
         """Return integrity algorithm SHA-512-256.
@@ -633,7 +603,8 @@ class IPsecUtil(object):
                 tunnel = (
                     'exec ipsec policy add spd {spd_id} priority {priority} '
                     '{direction} action protect sa {sa_id} '
-                    'remote-ip-range {raddr_s} - {raddr_e}\n'.
+                    'remote-ip-range {raddr_s} - {raddr_e} '
+                    'local-ip-range 0.0.0.0 - 255.255.255.255\n'.
                     format(
                         spd_id=spd_id,
                         priority=priority,
@@ -840,10 +811,10 @@ class IPsecUtil(object):
             nodes['DUT1'], spd_id, interface1)
         IPsecUtil.vpp_ipsec_policy_add(
             nodes['DUT1'], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
-            proto=50)
+            proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
         IPsecUtil.vpp_ipsec_policy_add(
             nodes['DUT1'], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
-            proto=50)
+            proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
 
         IPsecUtil.vpp_ipsec_add_spd(
             nodes['DUT2'], spd_id)
@@ -851,10 +822,10 @@ class IPsecUtil(object):
             nodes['DUT2'], spd_id, interface2)
         IPsecUtil.vpp_ipsec_policy_add(
             nodes['DUT2'], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
-            proto=50)
+            proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
         IPsecUtil.vpp_ipsec_policy_add(
             nodes['DUT2'], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
-            proto=50)
+            proto=50, laddr_range='100.0.0.0/8', raddr_range='100.0.0.0/8')
 
         IPsecUtil.vpp_ipsec_add_sad_entries(
             nodes['DUT1'], n_tunnels, sa_id_1, spi_1, crypto_alg, crypto_key,
Integration tests