X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=blobdiff_plain;f=resources%2Flibraries%2Fpython%2FIPsecUtil.py;h=b08c2a6e48748752efa5235c7c00c06c09725ac3;hp=5c9a08fc31d0d55af4bb0dfadcc7e492aaff1969;hb=2ada04e25cf023118116a9949abaf192bf9b7920;hpb=5b179672b7954890072331a6fda1b88040f913ba

diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 5c9a08fc31..b08c2a6e48 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -17,7 +17,6 @@ import os
 from ipaddress import ip_network, ip_address
 
 from enum import Enum, IntEnum
-from robot.api import logger
 
 from resources.libraries.python.PapiExecutor import PapiExecutor
 from resources.libraries.python.topology import Topology
@@ -41,6 +40,7 @@ class CryptoAlg(Enum):
     AES_CBC_192 = ('aes-cbc-192', 'AES-CBC', 24)
     AES_CBC_256 = ('aes-cbc-256', 'AES-CBC', 32)
     AES_GCM_128 = ('aes-gcm-128', 'AES-GCM', 20)
+    AES_GCM_256 = ('aes-gcm-256', 'AES-GCM', 40)
 
     def __init__(self, alg_name, scapy_name, key_len):
         self.alg_name = alg_name
@@ -55,6 +55,7 @@ class IntegAlg(Enum):
     SHA_384_192 = ('sha-384-192', 'SHA2-384-192', 48)
     SHA_512_256 = ('sha-512-256', 'SHA2-512-256', 64)
     AES_GCM_128 = ('aes-gcm-128', 'AES-GCM', 20)
+    AES_GCM_256 = ('aes-gcm-256', 'AES-GCM', 40)
 
     def __init__(self, alg_name, scapy_name, key_len):
         self.alg_name = alg_name
@@ -134,6 +135,15 @@ class IPsecUtil(object):
         """
         return CryptoAlg.AES_GCM_128
 
+    @staticmethod
+    def crypto_alg_aes_gcm_256():
+        """Return encryption algorithm aes-gcm-256.
+
+        :returns: CryptoAlg enum AES_GCM_128 object.
+        :rtype: CryptoAlg
+        """
+        return CryptoAlg.AES_GCM_256
+
     @staticmethod
     def get_crypto_alg_key_len(crypto_alg):
         """Return encryption algorithm key length.
@@ -201,6 +211,15 @@ class IPsecUtil(object):
         """
         return IntegAlg.AES_GCM_128
 
+    @staticmethod
+    def integ_alg_aes_gcm_256():
+        """Return integrity algorithm AES-GCM-256.
+
+        :returns: IntegAlg enum AES_GCM_256 object.
+        :rtype: IntegAlg
+        """
+        return IntegAlg.AES_GCM_256
+
     @staticmethod
     def get_integ_alg_key_len(integ_alg):
         """Return integrity algorithm key length.
@@ -278,16 +297,8 @@ class IPsecUtil(object):
         err_msg = 'Failed to dump IPsec backends on host {host}'.format(
             host=node['host'])
         with PapiExecutor(node) as papi_exec:
-            papi_resp = papi_exec.add('ipsec_backend_dump').execute_should_pass(
+            papi_exec.add('ipsec_backend_dump').execute_should_pass(
                 err_msg, process_reply=False)
-        # After API change there is returned VPP internal enum object
-        # representing VPP IPSEC protocol instead of integer representation
-        # so JSON fails to decode it - we need to check if it is Python API
-        # bug or we need to adapt vpp_papi_provider to correctly encode
-        # such object into JSON
-        # logger.trace('IPsec backend dump\n{dump}'.
-        # format(dump=papi_resp.reply))
-        logger.trace('IPsec backend dump\n{dump}'.format(dump=papi_resp.stdout))
 
     @staticmethod
     def vpp_ipsec_add_sad_entry(node, sad_id, spi, crypto_alg, crypto_key,
@@ -369,7 +380,8 @@ class IPsecUtil(object):
             if tunnel_src is not None and tunnel_dst is not None else ''
 
         integ = 'integ-alg {0} integ-key {1}'.format(integ_alg.alg_name, ikey)\
-            if crypto_alg.alg_name != 'aes-gcm-128' else ''
+            if crypto_alg.alg_name != 'aes-gcm-128' and \
+               crypto_alg.alg_name != 'aes-gcm-256' else ''
 
         with open(tmp_filename, 'w') as tmp_file:
             for i in range(0, n_entries):