test/test_ipsec_api.py

   1 import unittest
   2
   3 from framework import VppTestCase, VppTestRunner
   4 from template_ipsec import TemplateIpsec, IPsecIPv4Params
   5 from vpp_papi import VppEnum
   6
   7
   8 class IpsecApiTestCase(VppTestCase):
   9     """ IPSec API tests """
  10
  11     @classmethod
  12     def setUpClass(cls):
  13         super(IpsecApiTestCase, cls).setUpClass()
  14
  15     @classmethod
  16     def tearDownClass(cls):
  17         super(IpsecApiTestCase, cls).tearDownClass()
  18
  19     def setUp(self):
  20         super(IpsecApiTestCase, self).setUp()
  21         self.create_pg_interfaces([0])
  22         self.pg0.config_ip4()
  23         self.pg0.admin_up()
  24
  25         self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t.
  26                                  IPSEC_API_PROTO_ESP)
  27         self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t.
  28                                 IPSEC_API_PROTO_AH)
  29         self.ipv4_params = IPsecIPv4Params()
  30
  31     def tearDown(self):
  32         self.pg0.unconfig_ip4()
  33         self.pg0.admin_down()
  34         super(IpsecApiTestCase, self).tearDown()
  35
  36     def test_backend_dump(self):
  37         """ backend dump """
  38         d = self.vapi.ipsec_backend_dump()
  39         self.assert_equal(len(d), 2, "number of ipsec backends in dump")
  40         self.assert_equal(d[0].protocol, self.vpp_ah_protocol,
  41                           "ipsec protocol in dump entry")
  42         self.assert_equal(d[0].index, 0, "index in dump entry")
  43         self.assert_equal(d[0].active, 1, "active flag in dump entry")
  44         self.assert_equal(d[1].protocol, self.vpp_esp_protocol,
  45                           "ipsec protocol in dump entry")
  46         self.assert_equal(d[1].index, 0, "index in dump entry")
  47         self.assert_equal(d[1].active, 1, "active flag in dump entry")
  48
  49     def test_select_valid_backend(self):
  50         """ select valid backend """
  51         self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 0)
  52         self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 0)
  53
  54     def test_select_invalid_backend(self):
  55         """ select invalid backend """
  56         with self.vapi.assert_negative_api_retval():
  57             self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 200)
  58         with self.vapi.assert_negative_api_retval():
  59             self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 200)
  60
  61     def test_select_backend_in_use(self):
  62         """ attempt to change backend while sad configured """
  63         params = self.ipv4_params
  64         addr_type = params.addr_type
  65         is_ipv6 = params.is_ipv6
  66         scapy_tun_sa_id = params.scapy_tun_sa_id
  67         scapy_tun_spi = params.scapy_tun_spi
  68         auth_algo_vpp_id = params.auth_algo_vpp_id
  69         auth_key = params.auth_key
  70         crypt_algo_vpp_id = params.crypt_algo_vpp_id
  71         crypt_key = params.crypt_key
  72
  73         self.vapi.ipsec_sad_entry_add_del(
  74             is_add=1,
  75             entry={
  76                 'sad_id': scapy_tun_sa_id,
  77                 'spi': scapy_tun_spi,
  78                 'integrity_algorithm': auth_algo_vpp_id,
  79                 'integrity_key': {
  80                     'data': auth_key,
  81                     'length': len(auth_key),
  82                 },
  83                 'crypto_algorithm': crypt_algo_vpp_id,
  84                 'crypto_key': {
  85                     'data': crypt_key,
  86                     'length': len(crypt_key),
  87                 },
  88                 'protocol': self.vpp_ah_protocol,
  89                 'tunnel_src': self.pg0.local_addr[addr_type],
  90                 'tunnel_dst': self.pg0.remote_addr[addr_type]
  91             })
  92         with self.vapi.assert_negative_api_retval():
  93             self.vapi.ipsec_select_backend(
  94                 protocol=self.vpp_ah_protocol, index=0)
  95
  96         self.vapi.ipsec_sad_entry_add_del(
  97             is_add=0,
  98             entry={
  99                 'sad_id': scapy_tun_sa_id,
 100                 'spi': scapy_tun_spi,
 101                 'integrity_algorithm': auth_algo_vpp_id,
 102                 'integrity_key': {
 103                     'data': auth_key,
 104                     'length': len(auth_key),
 105                 },
 106                 'crypto_algorithm': crypt_algo_vpp_id,
 107                 'crypto_key': {
 108                     'data': crypt_key,
 109                     'length': len(crypt_key),
 110                 },
 111                 'protocol': self.vpp_ah_protocol,
 112                 'tunnel_src': self.pg0.local_addr[addr_type],
 113                 'tunnel_dst': self.pg0.remote_addr[addr_type]
 114             })
 115         self.vapi.ipsec_select_backend(
 116             protocol=self.vpp_ah_protocol, index=0)
 117
 118
 119 if __name__ == '__main__':
 120     unittest.main(testRunner=VppTestRunner)