CSIT-383: IPSEC IPv4 negative test cases
[csit.git] / tests / func / ipsec / ipsec_transport_mode_ipv4.robot
index 018447f..7fce8d5 100644 (file)
@@ -21,6 +21,7 @@
 | ...        | AND          | Setup Topology for IPv4 IPsec testing
 | Test Teardown | Run Keywords | VPP IPsec Show | ${dut_node}
 | ...           | AND          | Show Packet Trace on All DUTs | ${nodes}
+| ...           | AND          | Show Vpp Errors on All DUTs
 | ...           | AND          | Show vpp trace dump on all DUTs
 | Documentation | *IPv4 IPsec transport mode test suite.*
 | ...
@@ -58,7 +59,7 @@
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
@@ -77,7 +78,7 @@
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
@@ -96,7 +97,7 @@
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
 
 | | When VPP Setup IPsec Manual Keyed Connection
 | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
 | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
-| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
 | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
 | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
+
+
+| TC13: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used
+| | [Documentation]
+| | ... | [Top] TG-DUT1.
+| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
+| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in transport\
+| | ... | mode.
+| | ... | [Ver] Send an ESP packet encrypted by encryption key different from\
+| | ... | encryption key stored on VPP node from TG to VPP node and expect no\
+| | ... | response to be received on TG.
+| | ... | [Ref] RFC4303.
+| | ${encr_alg}= | Crypto Alg AES CBC 128
+| | ${auth_alg}= | Integ Alg SHA1 96
+| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg}
+| | ${encr_key2}= | And Get Second Random String | ${encr_alg} | Crypto
+| | When VPP Setup IPsec Manual Keyed Connection
+| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
+| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
+| | Then Run Keyword And Expect Error | ESP packet Rx timeout
+| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${auth_key} | ${tg_spi}
+| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
+
+| TC14: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used
+| | [Documentation]
+| | ... | [Top] TG-DUT1.
+| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
+| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in transport\
+| | ... | mode.
+| | ... | [Ver] Send an ESP packet authenticated by integrity key different\
+| | ... | from integrity key stored on VPP node from TG to VPP node and expect\
+| | ... | no response to be received on TG.
+| | ... | [Ref] RFC4303.
+| | ${encr_alg}= | Crypto Alg AES CBC 128
+| | ${auth_alg}= | Integ Alg SHA1 96
+| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg}
+| | ${auth_key2}= | And Get Second Random String | ${auth_alg} | Integ
+| | When VPP Setup IPsec Manual Keyed Connection
+| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
+| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
+| | Then Run Keyword And Expect Error | ESP packet Rx timeout
+| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key2} | ${tg_spi}
+| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
+
+| TC15: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used
+| | [Documentation]
+| | ... | [Top] TG-DUT1.
+| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
+| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in transport\
+| | ... | mode.
+| | ... | [Ver] Send an ESP packet authenticated by integrity key and encrypted\
+| | ... | by encryption key different from integrity and encryption keys stored\
+| | ... | on VPP node from TG to VPP node and expect no response to be received\
+| | ... | on TG.
+| | ... | [Ref] RFC4303.
+| | ${encr_alg}= | Crypto Alg AES CBC 128
+| | ${auth_alg}= | Integ Alg SHA1 96
+| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg}
+| | ${encr_key2}= | And Get Second Random String | ${encr_alg} | Crypto
+| | ${auth_key2}= | And Get Second Random String | ${auth_alg} | Integ
+| | When VPP Setup IPsec Manual Keyed Connection
+| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
+| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
+| | Then Run Keyword And Expect Error | ESP packet Rx timeout
+| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${auth_key2} | ${tg_spi}
+| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
+
+*** Keywords ***
+| Get Second Random String
+| | [Arguments] | ${req_alg} | ${req_type}
+| | ${req_key_len}= | Run Keyword | Get ${req_type} Alg Key Len | ${req_alg}
+| | :FOR | ${index} | IN RANGE | 100
+| | | ${req_key}= | Generate Random String | ${req_key_len}
+| | | Return From Keyword If | '${req_key}' != '${encr_key}' | ${req_key}

©2016 FD.io a Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation. Linux is a registered trademark of Linus Torvalds.
Please see our privacy policy and terms of use.