3 from scapy.layers.ipsec import ESP
4 from scapy.layers.inet import IP, ICMP, UDP
5 from scapy.layers.inet6 import IPv6
6 from scapy.layers.l2 import Ether
7 from scapy.packet import Raw
9 from parameterized import parameterized
10 from framework import VppTestRunner
11 from template_ipsec import IpsecTra46Tests, IpsecTun46Tests, TemplateIpsec, \
12 IpsecTcpTests, IpsecTun4Tests, IpsecTra4Tests, config_tra_params, \
13 config_tun_params, IPsecIPv4Params, IPsecIPv6Params, \
14 IpsecTra4, IpsecTun4, IpsecTra6, IpsecTun6, \
15 IpsecTun6HandoffTests, IpsecTun4HandoffTests, \
17 from vpp_ipsec import VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSA,\
19 from vpp_ip_route import VppIpRoute, VppRoutePath
20 from vpp_ip import DpoProto
21 from vpp_papi import VppEnum
24 engines_supporting_chain_bufs = ["openssl"]
25 engines = ["ia32", "ipsecmb", "openssl"]
28 class ConfigIpsecESP(TemplateIpsec):
30 tra4_encrypt_node_name = "esp4-encrypt"
31 tra4_decrypt_node_name = ["esp4-decrypt", "esp4-decrypt-post"]
32 tra6_encrypt_node_name = "esp6-encrypt"
33 tra6_decrypt_node_name = ["esp6-decrypt", "esp6-decrypt-post"]
34 tun4_encrypt_node_name = "esp4-encrypt"
35 tun4_decrypt_node_name = ["esp4-decrypt", "esp4-decrypt-post"]
36 tun6_encrypt_node_name = "esp6-encrypt"
37 tun6_decrypt_node_name = ["esp6-decrypt", "esp6-decrypt-post"]
41 super(ConfigIpsecESP, cls).setUpClass()
44 def tearDownClass(cls):
45 super(ConfigIpsecESP, cls).tearDownClass()
48 super(ConfigIpsecESP, self).setUp()
51 super(ConfigIpsecESP, self).tearDown()
53 def config_network(self, params):
55 self.tun_if = self.pg0
56 self.tra_if = self.pg2
57 self.logger.info(self.vapi.ppcli("show int addr"))
59 self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
60 self.tra_spd.add_vpp_config()
61 self.net_objs.append(self.tra_spd)
62 self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
63 self.tun_spd.add_vpp_config()
64 self.net_objs.append(self.tun_spd)
66 b = VppIpsecSpdItfBinding(self, self.tun_spd,
69 self.net_objs.append(b)
71 b = VppIpsecSpdItfBinding(self, self.tra_spd,
74 self.net_objs.append(b)
77 self.config_esp_tra(p)
78 config_tra_params(p, self.encryption_type)
80 self.config_esp_tun(p)
81 config_tun_params(p, self.encryption_type, self.tun_if)
84 d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4
85 r = VppIpRoute(self, p.remote_tun_if_host, p.addr_len,
86 [VppRoutePath(self.tun_if.remote_addr[p.addr_type],
90 self.net_objs.append(r)
92 self.logger.info(self.vapi.ppcli("show ipsec all"))
94 def unconfig_network(self):
95 for o in reversed(self.net_objs):
99 def config_esp_tun(self, params):
100 addr_type = params.addr_type
101 scapy_tun_sa_id = params.scapy_tun_sa_id
102 scapy_tun_spi = params.scapy_tun_spi
103 vpp_tun_sa_id = params.vpp_tun_sa_id
104 vpp_tun_spi = params.vpp_tun_spi
105 auth_algo_vpp_id = params.auth_algo_vpp_id
106 auth_key = params.auth_key
107 crypt_algo_vpp_id = params.crypt_algo_vpp_id
108 crypt_key = params.crypt_key
109 remote_tun_if_host = params.remote_tun_if_host
110 addr_any = params.addr_any
111 addr_bcast = params.addr_bcast
112 e = VppEnum.vl_api_ipsec_spd_action_t
114 tun_flags = params.tun_flags
118 params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
119 auth_algo_vpp_id, auth_key,
120 crypt_algo_vpp_id, crypt_key,
121 self.vpp_esp_protocol,
122 self.tun_if.local_addr[addr_type],
123 self.tun_if.remote_addr[addr_type],
128 hop_limit=params.outer_hop_limit)
129 params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
130 auth_algo_vpp_id, auth_key,
131 crypt_algo_vpp_id, crypt_key,
132 self.vpp_esp_protocol,
133 self.tun_if.remote_addr[addr_type],
134 self.tun_if.local_addr[addr_type],
139 hop_limit=params.outer_hop_limit)
140 objs.append(params.tun_sa_in)
141 objs.append(params.tun_sa_out)
143 params.spd_policy_in_any = VppIpsecSpdEntry(self, self.tun_spd,
145 addr_any, addr_bcast,
146 addr_any, addr_bcast,
148 params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd,
150 addr_any, addr_bcast,
151 addr_any, addr_bcast,
154 objs.append(params.spd_policy_out_any)
155 objs.append(params.spd_policy_in_any)
157 objs.append(VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
158 remote_tun_if_host, remote_tun_if_host,
159 self.pg1.remote_addr[addr_type],
160 self.pg1.remote_addr[addr_type],
163 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
165 objs.append(VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
166 self.pg1.remote_addr[addr_type],
167 self.pg1.remote_addr[addr_type],
168 remote_tun_if_host, remote_tun_if_host,
170 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
172 objs.append(VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
173 remote_tun_if_host, remote_tun_if_host,
174 self.pg0.local_addr[addr_type],
175 self.pg0.local_addr[addr_type],
178 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
180 objs.append(VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
181 self.pg0.local_addr[addr_type],
182 self.pg0.local_addr[addr_type],
183 remote_tun_if_host, remote_tun_if_host,
185 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
189 self.net_objs = self.net_objs + objs
191 def config_esp_tra(self, params):
192 addr_type = params.addr_type
193 scapy_tra_sa_id = params.scapy_tra_sa_id
194 scapy_tra_spi = params.scapy_tra_spi
195 vpp_tra_sa_id = params.vpp_tra_sa_id
196 vpp_tra_spi = params.vpp_tra_spi
197 auth_algo_vpp_id = params.auth_algo_vpp_id
198 auth_key = params.auth_key
199 crypt_algo_vpp_id = params.crypt_algo_vpp_id
200 crypt_key = params.crypt_key
201 addr_any = params.addr_any
202 addr_bcast = params.addr_bcast
203 flags = (VppEnum.vl_api_ipsec_sad_flags_t.
204 IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
205 e = VppEnum.vl_api_ipsec_spd_action_t
206 flags = params.flags | flags
210 params.tra_sa_in = VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
211 auth_algo_vpp_id, auth_key,
212 crypt_algo_vpp_id, crypt_key,
213 self.vpp_esp_protocol,
216 params.tra_sa_out = VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
217 auth_algo_vpp_id, auth_key,
218 crypt_algo_vpp_id, crypt_key,
219 self.vpp_esp_protocol,
222 objs.append(params.tra_sa_in)
223 objs.append(params.tra_sa_out)
225 objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
226 addr_any, addr_bcast,
227 addr_any, addr_bcast,
229 objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
230 addr_any, addr_bcast,
231 addr_any, addr_bcast,
234 objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
235 self.tra_if.local_addr[addr_type],
236 self.tra_if.local_addr[addr_type],
237 self.tra_if.remote_addr[addr_type],
238 self.tra_if.remote_addr[addr_type],
240 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
242 objs.append(VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id,
243 self.tra_if.local_addr[addr_type],
244 self.tra_if.local_addr[addr_type],
245 self.tra_if.remote_addr[addr_type],
246 self.tra_if.remote_addr[addr_type],
247 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
251 self.net_objs = self.net_objs + objs
254 class TemplateIpsecEsp(ConfigIpsecESP):
256 Basic test for ipsec esp sanity - tunnel and transport modes.
258 Below 4 cases are covered as part of this test
259 1) ipsec esp v4 transport basic test - IPv4 Transport mode
260 scenario using HMAC-SHA1-96 integrity algo
261 2) ipsec esp v4 transport burst test
262 Above test for 257 pkts
263 3) ipsec esp 4o4 tunnel basic test - IPv4 Tunnel mode
264 scenario using HMAC-SHA1-96 integrity algo
265 4) ipsec esp 4o4 tunnel burst test
266 Above test for 257 pkts
271 |pg2| <-------> |VPP|
276 --- encrypt --- plain ---
277 |pg0| <------- |VPP| <------ |pg1|
280 --- decrypt --- plain ---
281 |pg0| -------> |VPP| ------> |pg1|
287 super(TemplateIpsecEsp, cls).setUpClass()
290 def tearDownClass(cls):
291 super(TemplateIpsecEsp, cls).tearDownClass()
294 super(TemplateIpsecEsp, self).setUp()
295 self.config_network(self.params.values())
298 self.unconfig_network()
299 super(TemplateIpsecEsp, self).tearDown()
302 class TestIpsecEsp1(TemplateIpsecEsp, IpsecTra46Tests,
303 IpsecTun46Tests, IpsecTra6ExtTests):
304 """ Ipsec ESP - TUN & TRA tests """
308 super(TestIpsecEsp1, cls).setUpClass()
311 def tearDownClass(cls):
312 super(TestIpsecEsp1, cls).tearDownClass()
315 super(TestIpsecEsp1, self).setUp()
318 super(TestIpsecEsp1, self).tearDown()
320 def test_tun_46(self):
321 """ ipsec 4o6 tunnel """
322 # add an SPD entry to direct 2.2.2.2 to the v6 tunnel SA
323 p6 = self.ipv6_params
324 p4 = self.ipv4_params
326 p6.remote_tun_if_host4 = "2.2.2.2"
327 e = VppEnum.vl_api_ipsec_spd_action_t
329 VppIpsecSpdEntry(self,
332 self.pg1.remote_addr[p4.addr_type],
333 self.pg1.remote_addr[p4.addr_type],
334 p6.remote_tun_if_host4,
335 p6.remote_tun_if_host4,
338 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
339 is_outbound=1).add_vpp_config()
340 VppIpRoute(self, p6.remote_tun_if_host4, p4.addr_len,
341 [VppRoutePath(self.tun_if.remote_addr[p4.addr_type],
342 0xffffffff)]).add_vpp_config()
344 old_name = self.tun6_encrypt_node_name
345 self.tun6_encrypt_node_name = "esp4-encrypt"
347 self.verify_tun_46(p6, count=63)
348 self.tun6_encrypt_node_name = old_name
350 def test_tun_64(self):
351 """ ipsec 6o4 tunnel """
352 # add an SPD entry to direct 4444::4 to the v4 tunnel SA
353 p6 = self.ipv6_params
354 p4 = self.ipv4_params
356 p4.remote_tun_if_host6 = "4444::4"
357 e = VppEnum.vl_api_ipsec_spd_action_t
359 VppIpsecSpdEntry(self,
362 self.pg1.remote_addr[p6.addr_type],
363 self.pg1.remote_addr[p6.addr_type],
364 p4.remote_tun_if_host6,
365 p4.remote_tun_if_host6,
368 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
369 is_outbound=1).add_vpp_config()
370 d = DpoProto.DPO_PROTO_IP6
371 VppIpRoute(self, p4.remote_tun_if_host6, p6.addr_len,
372 [VppRoutePath(self.tun_if.remote_addr[p6.addr_type],
374 proto=d)]).add_vpp_config()
376 old_name = self.tun4_encrypt_node_name
377 self.tun4_encrypt_node_name = "esp6-encrypt"
378 self.verify_tun_64(p4, count=63)
379 self.tun4_encrypt_node_name = old_name
382 class TestIpsecEspTun(TemplateIpsecEsp, IpsecTun46Tests):
383 """ Ipsec ESP - TUN encap tests """
386 self.ipv4_params = IPsecIPv4Params()
387 self.ipv6_params = IPsecIPv6Params()
389 c = (VppEnum.vl_api_tunnel_encap_decap_flags_t.
390 TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
391 c1 = c | (VppEnum.vl_api_tunnel_encap_decap_flags_t.
392 TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)
394 self.ipv4_params.tun_flags = c
395 self.ipv6_params.tun_flags = c1
397 super(TestIpsecEspTun, self).setUp()
399 def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54):
400 # set the DSCP + ECN - flags are set to copy only DSCP
401 return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
402 IP(src=src, dst=dst, tos=5) /
403 UDP(sport=4444, dport=4444) /
404 Raw(b'X' * payload_size)
405 for i in range(count)]
407 def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
408 # set the DSCP + ECN - flags are set to copy both
409 return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
410 IPv6(src=src, dst=dst, tc=5) /
411 UDP(sport=4444, dport=4444) /
412 Raw(b'X' * payload_size)
413 for i in range(count)]
415 def verify_encrypted(self, p, sa, rxs):
416 # just check that only the DSCP is copied
418 self.assertEqual(rx[IP].tos, 4)
420 def verify_encrypted6(self, p, sa, rxs):
421 # just check that the DSCP & ECN are copied
423 self.assertEqual(rx[IPv6].tc, 5)
426 class TestIpsecEspTun2(TemplateIpsecEsp, IpsecTun46Tests):
427 """ Ipsec ESP - TUN DSCP tests """
430 self.ipv4_params = IPsecIPv4Params()
431 self.ipv6_params = IPsecIPv6Params()
433 self.ipv4_params.dscp = VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF
434 self.ipv6_params.dscp = VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_AF11
436 super(TestIpsecEspTun2, self).setUp()
438 def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54):
439 return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
440 IP(src=src, dst=dst) /
441 UDP(sport=4444, dport=4444) /
442 Raw(b'X' * payload_size)
443 for i in range(count)]
445 def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
446 return [Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
447 IPv6(src=src, dst=dst) /
448 UDP(sport=4444, dport=4444) /
449 Raw(b'X' * payload_size)
450 for i in range(count)]
452 def verify_encrypted(self, p, sa, rxs):
453 # just check that only the DSCP is set
455 self.assertEqual(rx[IP].tos,
456 VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_EF << 2)
458 def verify_encrypted6(self, p, sa, rxs):
459 # just check that the DSCP is set
461 self.assertEqual(rx[IPv6].tc,
462 VppEnum.vl_api_ip_dscp_t.IP_API_DSCP_AF11 << 2)
465 class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):
466 """ Ipsec ESP - TCP tests """
470 class TestIpsecEspAsync(TemplateIpsecEsp):
471 """ Ipsec ESP - Aysnc tests """
473 worker_config = "workers 2"
476 super(TestIpsecEspAsync, self).setUp()
478 self.p_sync = IPsecIPv4Params()
480 self.p_sync.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
481 IPSEC_API_CRYPTO_ALG_AES_CBC_256)
482 self.p_sync.crypt_algo = 'AES-CBC' # scapy name
483 self.p_sync.crypt_key = b'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h'
485 self.p_sync.scapy_tun_sa_id += 0xf0000
486 self.p_sync.scapy_tun_spi += 0xf0000
487 self.p_sync.vpp_tun_sa_id += 0xf0000
488 self.p_sync.vpp_tun_spi += 0xf0000
489 self.p_sync.remote_tun_if_host = "2.2.2.2"
490 e = VppEnum.vl_api_ipsec_spd_action_t
492 self.p_sync.sa = VppIpsecSA(
494 self.p_sync.vpp_tun_sa_id,
495 self.p_sync.vpp_tun_spi,
496 self.p_sync.auth_algo_vpp_id,
497 self.p_sync.auth_key,
498 self.p_sync.crypt_algo_vpp_id,
499 self.p_sync.crypt_key,
500 self.vpp_esp_protocol,
501 self.tun_if.local_addr[self.p_sync.addr_type],
502 self.tun_if.remote_addr[self.p_sync.addr_type]).add_vpp_config()
503 self.p_sync.spd = VppIpsecSpdEntry(
506 self.p_sync.vpp_tun_sa_id,
507 self.pg1.remote_addr[self.p_sync.addr_type],
508 self.pg1.remote_addr[self.p_sync.addr_type],
509 self.p_sync.remote_tun_if_host,
510 self.p_sync.remote_tun_if_host,
513 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
514 is_outbound=1).add_vpp_config()
516 self.p_sync.remote_tun_if_host,
517 self.p_sync.addr_len,
519 self.tun_if.remote_addr[self.p_sync.addr_type],
520 0xffffffff)]).add_vpp_config()
521 config_tun_params(self.p_sync, self.encryption_type, self.tun_if)
523 self.p_async = IPsecIPv4Params()
525 self.p_async.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
526 IPSEC_API_CRYPTO_ALG_AES_GCM_256)
527 self.p_async.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
528 IPSEC_API_INTEG_ALG_NONE)
529 self.p_async.crypt_algo = 'AES-GCM' # scapy name
530 self.p_async.crypt_key = b'JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h'
531 self.p_async.auth_algo = 'NULL'
533 self.p_async.scapy_tun_sa_id += 0xe0000
534 self.p_async.scapy_tun_spi += 0xe0000
535 self.p_async.vpp_tun_sa_id += 0xe0000
536 self.p_async.vpp_tun_spi += 0xe0000
537 self.p_async.remote_tun_if_host = "2.2.2.3"
539 iflags = VppEnum.vl_api_ipsec_sad_flags_t
540 self.p_async.flags = (iflags.IPSEC_API_SAD_FLAG_USE_ESN |
541 iflags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY |
542 iflags.IPSEC_API_SAD_FLAG_ASYNC)
544 self.p_async.sa = VppIpsecSA(
546 self.p_async.vpp_tun_sa_id,
547 self.p_async.vpp_tun_spi,
548 self.p_async.auth_algo_vpp_id,
549 self.p_async.auth_key,
550 self.p_async.crypt_algo_vpp_id,
551 self.p_async.crypt_key,
552 self.vpp_esp_protocol,
553 self.tun_if.local_addr[self.p_async.addr_type],
554 self.tun_if.remote_addr[self.p_async.addr_type],
555 flags=self.p_async.flags).add_vpp_config()
556 self.p_async.spd = VppIpsecSpdEntry(
559 self.p_async.vpp_tun_sa_id,
560 self.pg1.remote_addr[self.p_async.addr_type],
561 self.pg1.remote_addr[self.p_async.addr_type],
562 self.p_async.remote_tun_if_host,
563 self.p_async.remote_tun_if_host,
566 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
567 is_outbound=1).add_vpp_config()
569 self.p_async.remote_tun_if_host,
570 self.p_async.addr_len,
572 self.tun_if.remote_addr[self.p_async.addr_type],
573 0xffffffff)]).add_vpp_config()
574 config_tun_params(self.p_async, self.encryption_type, self.tun_if)
576 def test_dual_stream(self):
577 """ Alternating SAs """
578 p = self.params[self.p_sync.addr_type]
579 self.vapi.ipsec_set_async_mode(async_enable=True)
581 pkts = [(Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
582 IP(src=self.pg1.remote_ip4,
583 dst=self.p_sync.remote_tun_if_host) /
584 UDP(sport=4444, dport=4444) /
586 (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
587 IP(src=self.pg1.remote_ip4,
588 dst=p.remote_tun_if_host) /
589 UDP(sport=4444, dport=4444) /
593 rxs = self.send_and_expect(self.pg1, pkts, self.pg0)
595 self.assertEqual(len(rxs), len(pkts))
598 if rx[ESP].spi == p.scapy_tun_spi:
599 decrypted = p.vpp_tun_sa.decrypt(rx[IP])
600 elif rx[ESP].spi == self.p_sync.vpp_tun_spi:
601 decrypted = self.p_sync.scapy_tun_sa.decrypt(rx[IP])
604 self.assertTrue(False)
606 self.p_sync.spd.remove_vpp_config()
607 self.p_sync.sa.remove_vpp_config()
608 self.p_async.spd.remove_vpp_config()
609 self.p_async.sa.remove_vpp_config()
610 self.vapi.ipsec_set_async_mode(async_enable=False)
612 def test_sync_async_noop_stream(self):
613 """ Alternating SAs sync/async/noop """
614 p = self.params[self.p_sync.addr_type]
616 # first pin the default/noop SA to worker 0
617 pkts = [(Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
618 IP(src=self.pg1.remote_ip4,
619 dst=p.remote_tun_if_host) /
620 UDP(sport=4444, dport=4444) /
622 rxs = self.send_and_expect(self.pg1, pkts, self.pg0, worker=0)
624 self.logger.info(self.vapi.cli("sh ipsec sa"))
625 self.logger.info(self.vapi.cli("sh crypto async status"))
627 # then use all the other SAs on worker 1.
628 # some will handoff, other take the sync and async paths
629 pkts = [(Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
630 IP(src=self.pg1.remote_ip4,
631 dst=self.p_sync.remote_tun_if_host) /
632 UDP(sport=4444, dport=4444) /
634 (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
635 IP(src=self.pg1.remote_ip4,
636 dst=p.remote_tun_if_host) /
637 UDP(sport=4444, dport=4444) /
639 (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
640 IP(src=self.pg1.remote_ip4,
641 dst=self.p_async.remote_tun_if_host) /
642 UDP(sport=4444, dport=4444) /
646 rxs = self.send_and_expect(self.pg1, pkts, self.pg0, worker=1)
648 self.assertEqual(len(rxs), len(pkts))
651 if rx[ESP].spi == p.scapy_tun_spi:
652 decrypted = p.vpp_tun_sa.decrypt(rx[IP])
653 elif rx[ESP].spi == self.p_sync.vpp_tun_spi:
654 decrypted = self.p_sync.scapy_tun_sa.decrypt(rx[IP])
655 elif rx[ESP].spi == self.p_async.vpp_tun_spi:
656 decrypted = self.p_async.scapy_tun_sa.decrypt(rx[IP])
659 self.assertTrue(False)
661 self.p_sync.spd.remove_vpp_config()
662 self.p_sync.sa.remove_vpp_config()
663 self.p_async.spd.remove_vpp_config()
664 self.p_async.sa.remove_vpp_config()
666 # async mode should have been disabled now that there are
667 # no async SAs. there's no API for this, so a reluctant
669 self.assertTrue("DISABLED" in self.vapi.cli("sh crypto async status"))
672 class TestIpsecEspHandoff(TemplateIpsecEsp,
673 IpsecTun6HandoffTests,
674 IpsecTun4HandoffTests):
675 """ Ipsec ESP - handoff tests """
679 class TemplateIpsecEspUdp(ConfigIpsecESP):
686 super(TemplateIpsecEspUdp, cls).setUpClass()
689 def tearDownClass(cls):
690 super(TemplateIpsecEspUdp, cls).tearDownClass()
693 super(TemplateIpsecEspUdp, self).setUp()
695 self.tun_if = self.pg0
696 self.tra_if = self.pg2
697 self.logger.info(self.vapi.ppcli("show int addr"))
700 p.flags = (VppEnum.vl_api_ipsec_sad_flags_t.
701 IPSEC_API_SAD_FLAG_UDP_ENCAP)
702 p.nat_header = UDP(sport=5454, dport=4500)
704 self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
705 self.tra_spd.add_vpp_config()
706 VppIpsecSpdItfBinding(self, self.tra_spd,
707 self.tra_if).add_vpp_config()
709 self.config_esp_tra(p)
710 config_tra_params(p, self.encryption_type)
712 self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
713 self.tun_spd.add_vpp_config()
714 VppIpsecSpdItfBinding(self, self.tun_spd,
715 self.tun_if).add_vpp_config()
717 self.config_esp_tun(p)
718 self.logger.info(self.vapi.ppcli("show ipsec all"))
720 d = DpoProto.DPO_PROTO_IP4
721 VppIpRoute(self, p.remote_tun_if_host, p.addr_len,
722 [VppRoutePath(self.tun_if.remote_addr[p.addr_type],
724 proto=d)]).add_vpp_config()
727 super(TemplateIpsecEspUdp, self).tearDown()
729 def show_commands_at_teardown(self):
730 self.logger.info(self.vapi.cli("show hardware"))
733 class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests):
734 """ Ipsec NAT-T ESP UDP tests """
738 class MyParameters():
740 flag_esn = VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN
741 self.flags = [0, flag_esn]
742 # foreach crypto algorithm
744 'AES-GCM-128/NONE': {
745 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
746 IPSEC_API_CRYPTO_ALG_AES_GCM_128),
747 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
748 IPSEC_API_INTEG_ALG_NONE),
749 'scapy-crypto': "AES-GCM",
750 'scapy-integ': "NULL",
751 'key': b"JPjyOWBeVEQiMe7h",
753 'AES-GCM-192/NONE': {
754 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
755 IPSEC_API_CRYPTO_ALG_AES_GCM_192),
756 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
757 IPSEC_API_INTEG_ALG_NONE),
758 'scapy-crypto': "AES-GCM",
759 'scapy-integ': "NULL",
760 'key': b"JPjyOWBeVEQiMe7h01234567",
762 'AES-GCM-256/NONE': {
763 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
764 IPSEC_API_CRYPTO_ALG_AES_GCM_256),
765 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
766 IPSEC_API_INTEG_ALG_NONE),
767 'scapy-crypto': "AES-GCM",
768 'scapy-integ': "NULL",
769 'key': b"JPjyOWBeVEQiMe7h0123456787654321",
771 'AES-CBC-128/MD5-96': {
772 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
773 IPSEC_API_CRYPTO_ALG_AES_CBC_128),
774 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
775 IPSEC_API_INTEG_ALG_MD5_96),
776 'scapy-crypto': "AES-CBC",
777 'scapy-integ': "HMAC-MD5-96",
779 'key': b"JPjyOWBeVEQiMe7h"},
780 'AES-CBC-192/SHA1-96': {
781 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
782 IPSEC_API_CRYPTO_ALG_AES_CBC_192),
783 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
784 IPSEC_API_INTEG_ALG_SHA1_96),
785 'scapy-crypto': "AES-CBC",
786 'scapy-integ': "HMAC-SHA1-96",
788 'key': b"JPjyOWBeVEQiMe7hJPjyOWBe"},
789 'AES-CBC-256/SHA1-96': {
790 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
791 IPSEC_API_CRYPTO_ALG_AES_CBC_256),
792 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
793 IPSEC_API_INTEG_ALG_SHA1_96),
794 'scapy-crypto': "AES-CBC",
795 'scapy-integ': "HMAC-SHA1-96",
797 'key': b"JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"},
798 '3DES-CBC/SHA1-96': {
799 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
800 IPSEC_API_CRYPTO_ALG_3DES_CBC),
801 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
802 IPSEC_API_INTEG_ALG_SHA1_96),
803 'scapy-crypto': "3DES",
804 'scapy-integ': "HMAC-SHA1-96",
806 'key': b"JPjyOWBeVEQiMe7h00112233"},
808 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
809 IPSEC_API_CRYPTO_ALG_NONE),
810 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
811 IPSEC_API_INTEG_ALG_SHA1_96),
812 'scapy-crypto': "NULL",
813 'scapy-integ': "HMAC-SHA1-96",
815 'key': b"JPjyOWBeVEQiMe7h00112233"},
816 'AES-CTR-128/SHA1-96': {
817 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
818 IPSEC_API_CRYPTO_ALG_AES_CTR_128),
819 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
820 IPSEC_API_INTEG_ALG_SHA1_96),
821 'scapy-crypto': "AES-CTR",
822 'scapy-integ': "HMAC-SHA1-96",
824 'key': b"JPjyOWBeVEQiMe7h"},
825 'AES-CTR-192/SHA1-96': {
826 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
827 IPSEC_API_CRYPTO_ALG_AES_CTR_192),
828 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
829 IPSEC_API_INTEG_ALG_SHA1_96),
830 'scapy-crypto': "AES-CTR",
831 'scapy-integ': "HMAC-SHA1-96",
833 'key': b"JPjyOWBeVEQiMe7hJPjyOWBe"},
834 'AES-CTR-256/SHA1-96': {
835 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
836 IPSEC_API_CRYPTO_ALG_AES_CTR_256),
837 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
838 IPSEC_API_INTEG_ALG_SHA1_96),
839 'scapy-crypto': "AES-CTR",
840 'scapy-integ': "HMAC-SHA1-96",
842 'key': b"JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}}
845 class RunTestIpsecEspAll(ConfigIpsecESP,
846 IpsecTra4, IpsecTra6,
847 IpsecTun4, IpsecTun6):
848 """ Ipsec ESP all Algos """
851 def setUpConstants(cls):
852 test_args = str.split(cls.__doc__, " ")
853 engine = test_args[0]
854 if engine == "async":
855 cls.worker_config = "workers 2"
856 super(RunTestIpsecEspAll, cls).setUpConstants()
859 super(RunTestIpsecEspAll, self).setUp()
860 test_args = str.split(self.__doc__, " ")
862 params = MyParameters()
863 self.engine = test_args[0]
864 self.flag = params.flags[0]
865 if test_args[1] == 'ESN':
866 self.flag = params.flags[1]
868 self.algo = params.algos[test_args[2]]
869 self.async_mode = False
870 if self.engine == "async":
871 self.async_mode = True
874 super(RunTestIpsecEspAll, self).tearDown()
877 self.run_a_test(self.engine, self.flag, self.algo)
879 def run_a_test(self, engine, flag, algo, payload_size=None):
881 self.vapi.cli("set ipsec async mode on")
883 self.vapi.cli("set crypto handler all %s" % engine)
885 self.logger.info(self.vapi.cli("show crypto async status"))
886 self.ipv4_params = IPsecIPv4Params()
887 self.ipv6_params = IPsecIPv6Params()
889 self.params = {self.ipv4_params.addr_type:
891 self.ipv6_params.addr_type:
894 for _, p in self.params.items():
895 p.auth_algo_vpp_id = algo['vpp-integ']
896 p.crypt_algo_vpp_id = algo['vpp-crypto']
897 p.crypt_algo = algo['scapy-crypto']
898 p.auth_algo = algo['scapy-integ']
899 p.crypt_key = algo['key']
900 p.salt = algo['salt']
901 p.flags = p.flags | flag
902 p.outer_flow_label = 243224
903 p.async_mode = self.async_mode
905 self.reporter.send_keep_alive(self)
908 # configure the SPDs. SAs, etc
910 self.config_network(self.params.values())
914 # An exhautsive 4o6, 6o4 is not necessary
917 self.verify_tra_basic6(count=NUM_PKTS)
918 self.verify_tra_basic4(count=NUM_PKTS)
919 self.verify_tun_66(self.params[socket.AF_INET6],
922 # Use an odd-byte payload size to check for correct padding.
924 # 49 + 2 == 51 which should pad +1 to 52 for 4 byte alignment, +5
925 # to 56 for 8 byte alignment, and +13 to 64 for 64 byte alignment.
926 # This should catch bugs where the code is incorrectly over-padding
927 # for algorithms that don't require it
928 psz = 49 - len(IP()/ICMP()) if payload_size is None else payload_size
929 self.verify_tun_44(self.params[socket.AF_INET],
930 count=NUM_PKTS, payload_size=psz)
933 1970, # results in 2 chained buffers entering decrypt node
934 # but leaving as simple buffer due to ICV removal (tra4)
935 2004, # footer+ICV will be added to 2nd buffer (tun4)
936 4010, # ICV ends up splitted accross 2 buffers in esp_decrypt
937 # for transport4; transport6 takes normal path
938 4020, # same as above but tra4 and tra6 are switched
940 if self.engine in engines_supporting_chain_bufs:
941 for sz in LARGE_PKT_SZ:
942 self.verify_tra_basic4(count=NUM_PKTS, payload_size=sz)
943 self.verify_tra_basic6(count=NUM_PKTS, payload_size=sz)
944 self.verify_tun_66(self.params[socket.AF_INET6],
945 count=NUM_PKTS, payload_size=sz)
946 self.verify_tun_44(self.params[socket.AF_INET],
947 count=NUM_PKTS, payload_size=sz)
950 # swap the handlers while SAs are up
954 self.vapi.cli("set crypto handler all %s" % e)
955 self.verify_tra_basic4(count=NUM_PKTS)
958 # remove the SPDs, SAs, etc
960 self.unconfig_network()
963 # reconfigure the network and SA to run the
966 self.config_network(self.params.values())
967 self.verify_tra_anti_replay()
968 self.unconfig_network()
971 # To generate test classes, do:
972 # grep '# GEN' test_ipsec_esp.py | sed -e 's/# GEN //g' | bash
974 # GEN for ENG in native ipsecmb openssl; do \
975 # GEN for FLG in noESN ESN; do for ALG in AES-GCM-128/NONE \
976 # GEN AES-GCM-192/NONE AES-GCM-256/NONE AES-CBC-128/MD5-96 \
977 # GEN AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96 \
978 # GEN 3DES-CBC/SHA1-96 NONE/SHA1-96 \
979 # GEN AES-CTR-128/SHA1-96 AES-CTR-192/SHA1-96 AES-CTR-256/SHA1-96; do \
980 # GEN [[ ${FLG} == "ESN" && ${ALG} == *"NONE" ]] && continue
981 # GEN echo -e "\n\nclass Test_${ENG}_${FLG}_${ALG}(RunTestIpsecEspAll):" |
982 # GEN sed -e 's/-/_/g' -e 's#/#_#g' ; \
983 # GEN echo ' """'$ENG $FLG $ALG IPSec test'"""' ;
984 # GEN echo " def test_ipsec(self):";
985 # GEN echo " self.run_test()";
986 # GEN done; done; done
988 # GEN for FLG in noESN ESN; do for ALG in \
989 # GEN AES-GCM-128/NONE AES-GCM-192/NONE AES-GCM-256/NONE \
990 # GEN AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96; do \
991 # GEN [[ ${FLG} == "ESN" && ${ALG} == *"NONE" ]] && continue
992 # GEN echo -e "\n\nclass Test_async_${FLG}_${ALG}(RunTestIpsecEspAll):" |
993 # GEN sed -e 's/-/_/g' -e 's#/#_#g' ; \
994 # GEN echo ' """'async $FLG $ALG IPSec test'"""' ;
995 # GEN echo " def test_ipsec(self):";
996 # GEN echo " self.run_test()";
1000 class Test_native_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
1001 """native noESN AES-GCM-128/NONE IPSec test"""
1002 def test_ipsec(self):
1006 class Test_native_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
1007 """native noESN AES-GCM-192/NONE IPSec test"""
1008 def test_ipsec(self):
1012 class Test_native_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
1013 """native noESN AES-GCM-256/NONE IPSec test"""
1014 def test_ipsec(self):
1018 class Test_native_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
1019 """native noESN AES-CBC-128/MD5-96 IPSec test"""
1020 def test_ipsec(self):
1024 class Test_native_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
1025 """native noESN AES-CBC-192/SHA1-96 IPSec test"""
1026 def test_ipsec(self):
1030 class Test_native_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
1031 """native noESN AES-CBC-256/SHA1-96 IPSec test"""
1032 def test_ipsec(self):
1036 class Test_native_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
1037 """native noESN 3DES-CBC/SHA1-96 IPSec test"""
1038 def test_ipsec(self):
1042 class Test_native_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
1043 """native noESN NONE/SHA1-96 IPSec test"""
1044 def test_ipsec(self):
1048 class Test_native_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
1049 """native noESN AES-CTR-128/SHA1-96 IPSec test"""
1050 def test_ipsec(self):
1054 class Test_native_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
1055 """native noESN AES-CTR-192/SHA1-96 IPSec test"""
1056 def test_ipsec(self):
1060 class Test_native_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
1061 """native noESN AES-CTR-256/SHA1-96 IPSec test"""
1062 def test_ipsec(self):
1066 class Test_native_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
1067 """native ESN AES-CBC-128/MD5-96 IPSec test"""
1068 def test_ipsec(self):
1072 class Test_native_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
1073 """native ESN AES-CBC-192/SHA1-96 IPSec test"""
1074 def test_ipsec(self):
1078 class Test_native_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
1079 """native ESN AES-CBC-256/SHA1-96 IPSec test"""
1080 def test_ipsec(self):
1084 class Test_native_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
1085 """native ESN 3DES-CBC/SHA1-96 IPSec test"""
1086 def test_ipsec(self):
1090 class Test_native_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
1091 """native ESN NONE/SHA1-96 IPSec test"""
1092 def test_ipsec(self):
1096 class Test_native_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
1097 """native ESN AES-CTR-128/SHA1-96 IPSec test"""
1098 def test_ipsec(self):
1102 class Test_native_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
1103 """native ESN AES-CTR-192/SHA1-96 IPSec test"""
1104 def test_ipsec(self):
1108 class Test_native_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
1109 """native ESN AES-CTR-256/SHA1-96 IPSec test"""
1110 def test_ipsec(self):
1114 class Test_ipsecmb_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
1115 """ipsecmb noESN AES-GCM-128/NONE IPSec test"""
1116 def test_ipsec(self):
1120 class Test_ipsecmb_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
1121 """ipsecmb noESN AES-GCM-192/NONE IPSec test"""
1122 def test_ipsec(self):
1126 class Test_ipsecmb_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
1127 """ipsecmb noESN AES-GCM-256/NONE IPSec test"""
1128 def test_ipsec(self):
1132 class Test_ipsecmb_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
1133 """ipsecmb noESN AES-CBC-128/MD5-96 IPSec test"""
1134 def test_ipsec(self):
1138 class Test_ipsecmb_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
1139 """ipsecmb noESN AES-CBC-192/SHA1-96 IPSec test"""
1140 def test_ipsec(self):
1144 class Test_ipsecmb_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
1145 """ipsecmb noESN AES-CBC-256/SHA1-96 IPSec test"""
1146 def test_ipsec(self):
1150 class Test_ipsecmb_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
1151 """ipsecmb noESN 3DES-CBC/SHA1-96 IPSec test"""
1152 def test_ipsec(self):
1156 class Test_ipsecmb_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
1157 """ipsecmb noESN NONE/SHA1-96 IPSec test"""
1158 def test_ipsec(self):
1162 class Test_ipsecmb_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
1163 """ipsecmb noESN AES-CTR-128/SHA1-96 IPSec test"""
1164 def test_ipsec(self):
1168 class Test_ipsecmb_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
1169 """ipsecmb noESN AES-CTR-192/SHA1-96 IPSec test"""
1170 def test_ipsec(self):
1174 class Test_ipsecmb_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
1175 """ipsecmb noESN AES-CTR-256/SHA1-96 IPSec test"""
1176 def test_ipsec(self):
1180 class Test_ipsecmb_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
1181 """ipsecmb ESN AES-CBC-128/MD5-96 IPSec test"""
1182 def test_ipsec(self):
1186 class Test_ipsecmb_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
1187 """ipsecmb ESN AES-CBC-192/SHA1-96 IPSec test"""
1188 def test_ipsec(self):
1192 class Test_ipsecmb_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
1193 """ipsecmb ESN AES-CBC-256/SHA1-96 IPSec test"""
1194 def test_ipsec(self):
1198 class Test_ipsecmb_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
1199 """ipsecmb ESN 3DES-CBC/SHA1-96 IPSec test"""
1200 def test_ipsec(self):
1204 class Test_ipsecmb_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
1205 """ipsecmb ESN NONE/SHA1-96 IPSec test"""
1206 def test_ipsec(self):
1210 class Test_ipsecmb_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
1211 """ipsecmb ESN AES-CTR-128/SHA1-96 IPSec test"""
1212 def test_ipsec(self):
1216 class Test_ipsecmb_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
1217 """ipsecmb ESN AES-CTR-192/SHA1-96 IPSec test"""
1218 def test_ipsec(self):
1222 class Test_ipsecmb_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
1223 """ipsecmb ESN AES-CTR-256/SHA1-96 IPSec test"""
1224 def test_ipsec(self):
1228 class Test_openssl_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
1229 """openssl noESN AES-GCM-128/NONE IPSec test"""
1230 def test_ipsec(self):
1234 class Test_openssl_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
1235 """openssl noESN AES-GCM-192/NONE IPSec test"""
1236 def test_ipsec(self):
1240 class Test_openssl_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
1241 """openssl noESN AES-GCM-256/NONE IPSec test"""
1242 def test_ipsec(self):
1246 class Test_openssl_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
1247 """openssl noESN AES-CBC-128/MD5-96 IPSec test"""
1248 def test_ipsec(self):
1252 class Test_openssl_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
1253 """openssl noESN AES-CBC-192/SHA1-96 IPSec test"""
1254 def test_ipsec(self):
1258 class Test_openssl_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
1259 """openssl noESN AES-CBC-256/SHA1-96 IPSec test"""
1260 def test_ipsec(self):
1264 class Test_openssl_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
1265 """openssl noESN 3DES-CBC/SHA1-96 IPSec test"""
1266 def test_ipsec(self):
1270 class Test_openssl_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
1271 """openssl noESN NONE/SHA1-96 IPSec test"""
1272 def test_ipsec(self):
1276 class Test_openssl_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
1277 """openssl noESN AES-CTR-128/SHA1-96 IPSec test"""
1278 def test_ipsec(self):
1282 class Test_openssl_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
1283 """openssl noESN AES-CTR-192/SHA1-96 IPSec test"""
1284 def test_ipsec(self):
1288 class Test_openssl_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
1289 """openssl noESN AES-CTR-256/SHA1-96 IPSec test"""
1290 def test_ipsec(self):
1294 class Test_openssl_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
1295 """openssl ESN AES-CBC-128/MD5-96 IPSec test"""
1296 def test_ipsec(self):
1300 class Test_openssl_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
1301 """openssl ESN AES-CBC-192/SHA1-96 IPSec test"""
1302 def test_ipsec(self):
1306 class Test_openssl_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
1307 """openssl ESN AES-CBC-256/SHA1-96 IPSec test"""
1308 def test_ipsec(self):
1312 class Test_openssl_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
1313 """openssl ESN 3DES-CBC/SHA1-96 IPSec test"""
1314 def test_ipsec(self):
1318 class Test_openssl_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
1319 """openssl ESN NONE/SHA1-96 IPSec test"""
1320 def test_ipsec(self):
1324 class Test_openssl_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
1325 """openssl ESN AES-CTR-128/SHA1-96 IPSec test"""
1326 def test_ipsec(self):
1330 class Test_openssl_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
1331 """openssl ESN AES-CTR-192/SHA1-96 IPSec test"""
1332 def test_ipsec(self):
1336 class Test_openssl_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
1337 """openssl ESN AES-CTR-256/SHA1-96 IPSec test"""
1338 def test_ipsec(self):
1342 class Test_async_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
1343 """async noESN AES-GCM-128/NONE IPSec test"""
1344 def test_ipsec(self):
1348 class Test_async_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
1349 """async noESN AES-GCM-192/NONE IPSec test"""
1350 def test_ipsec(self):
1354 class Test_async_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
1355 """async noESN AES-GCM-256/NONE IPSec test"""
1356 def test_ipsec(self):
1360 class Test_async_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
1361 """async noESN AES-CBC-192/SHA1-96 IPSec test"""
1362 def test_ipsec(self):
1366 class Test_async_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
1367 """async noESN AES-CBC-256/SHA1-96 IPSec test"""
1368 def test_ipsec(self):
1372 class Test_async_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
1373 """async ESN AES-CBC-192/SHA1-96 IPSec test"""
1374 def test_ipsec(self):
1378 class Test_async_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
1379 """async ESN AES-CBC-256/SHA1-96 IPSec test"""
1380 def test_ipsec(self):
Code Review / vpp.git / blob