diff options
author | Jan Gelety <jgelety@cisco.com> | 2016-09-06 16:24:04 +0200 |
---|---|---|
committer | Jan Gelety <jgelety@cisco.com> | 2016-09-13 08:03:32 +0000 |
commit | 31caf8e1762387ae6f4eca121084e4c503e9116f (patch) | |
tree | 2b61ebb96b5d89825c508bdb816a5fff771e73b9 | |
parent | 2651b44058e124a0d59b219bf8225729aa758c15 (diff) |
CSIT-384: IPSEC IPv6 negative test cases
- use integrity and/or encryption key(s) different from
integrity and encryption keys stored on VPP node to create
tx packet on TG
Change-Id: I0f02523ec7649b8a1555869bdc4b7090b7585cac
Signed-off-by: Jan Gelety <jgelety@cisco.com>
(cherry picked from commit a99abcf3db216e8d47d5b79fbd657c16fa3599a4)
-rw-r--r-- | resources/libraries/robot/ipsec.robot | 2 | ||||
-rw-r--r-- | tests/func/ipsec/ipsec_transport_mode_ipv6.robot | 102 | ||||
-rw-r--r-- | tests/func/ipsec/ipsec_tunnel_mode_ipv6.robot | 105 |
3 files changed, 184 insertions, 25 deletions
diff --git a/resources/libraries/robot/ipsec.robot b/resources/libraries/robot/ipsec.robot index b393fa6249..d4a2e440e6 100644 --- a/resources/libraries/robot/ipsec.robot +++ b/resources/libraries/robot/ipsec.robot @@ -122,7 +122,7 @@ | | VPP Set If IPv6 Addr | ${dut_node} | ${dut_lo} | ${dut_lo_ip6} | ${ip6_plen} | | Add IP Neighbor | ${dut_node} | ${dut_if} | ${tg_if_ip6} | ${tg_if_mac} | | Vpp All RA Suppress Link Layer | ${nodes} -| | Vpp Route Add | ${dut_node} | ${tg_lo_ip6} | ${ip6_plen} | ${tg_if_ip6} +| | Vpp Route Add | ${dut_node} | ${tg_lo_ip6} | ${ip6_plen_rt} | ${tg_if_ip6} | | ... | ${dut_if} | | Set Test Variable | ${dut_tun_ip} | ${dut_if_ip6} | | Set Test Variable | ${dut_src_ip} | ${dut_lo_ip6} diff --git a/tests/func/ipsec/ipsec_transport_mode_ipv6.robot b/tests/func/ipsec/ipsec_transport_mode_ipv6.robot index 45a331e1d5..2e6b5dd688 100644 --- a/tests/func/ipsec/ipsec_transport_mode_ipv6.robot +++ b/tests/func/ipsec/ipsec_transport_mode_ipv6.robot @@ -21,6 +21,7 @@ | ... | AND | Setup Topology for IPv6 IPsec testing | Test Teardown | Run Keywords | VPP IPsec Show | ${dut_node} | ... | AND | Show Packet Trace on All DUTs | ${nodes} +| ... | AND | Show Vpp Errors on All DUTs | ... | AND | Show vpp trace dump on all DUTs | Documentation | *IPv6 IPsec transport mode test suite.* | ... @@ -42,6 +43,7 @@ | ${tg_lo_ip6}= | 3ffe:60::3 | ${dut_lo_ip6}= | 3ffe:60::4 | ${ip6_plen}= | ${64} +| ${ip6_plen_rt}= | ${128} *** Test Cases *** | TC01: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity @@ -58,7 +60,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -77,7 +79,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -96,7 +98,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -115,7 +117,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -133,7 +135,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -152,7 +154,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -171,7 +173,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -190,7 +192,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -208,7 +210,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -227,7 +229,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -246,7 +248,7 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} @@ -264,6 +266,82 @@ | | When VPP Setup IPsec Manual Keyed Connection | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +| TC13: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in transport\ +| | ... | mode. +| | ... | [Ver] Send an ESP packet encrypted by encryption key different from\ +| | ... | encryption key stored on VPP node from TG to VPP node and expect no\ +| | ... | response to be received on TG. +| | ... | [Ref] RFC4303. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | ${encr_key2}= | And Get Second Random String | ${encr_alg} | Crypto +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +| TC14: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in transport\ +| | ... | mode. +| | ... | [Ver] Send an ESP packet authenticated by integrity key different\ +| | ... | from integrity key stored on VPP node from TG to VPP node and expect\ +| | ... | no response to be received on TG. +| | ... | [Ref] RFC4303. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | ${auth_key2}= | And Get Second Random String | ${auth_alg} | Integ +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key2} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +| TC15: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in transport\ +| | ... | mode. +| | ... | [Ver] Send an ESP packet authenticated by integrity key and encrypted\ +| | ... | by encryption key different from integrity and encryption keys stored\ +| | ... | on VPP node from TG to VPP node and expect no response to be received\ +| | ... | on TG. +| | ... | [Ref] RFC4303. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | ${encr_key2}= | And Get Second Random String | ${encr_alg} | Crypto +| | ${auth_key2}= | And Get Second Random String | ${auth_alg} | Integ +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${auth_key2} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +*** Keywords *** +| Get Second Random String +| | [Arguments] | ${req_alg} | ${req_type} +| | ${req_key_len}= | Run Keyword | Get ${req_type} Alg Key Len | ${req_alg} +| | :FOR | ${index} | IN RANGE | 100 +| | | ${req_key}= | Generate Random String | ${req_key_len} +| | | Return From Keyword If | '${req_key}' != '${encr_key}' | ${req_key} diff --git a/tests/func/ipsec/ipsec_tunnel_mode_ipv6.robot b/tests/func/ipsec/ipsec_tunnel_mode_ipv6.robot index 1f241197a7..48e37832d9 100644 --- a/tests/func/ipsec/ipsec_tunnel_mode_ipv6.robot +++ b/tests/func/ipsec/ipsec_tunnel_mode_ipv6.robot @@ -21,6 +21,7 @@ | ... | AND | Setup Topology for IPv6 IPsec testing | Test Teardown | Run Keywords | VPP IPsec Show | ${dut_node} | ... | AND | Show Packet Trace on All DUTs | ${nodes} +| ... | AND | Show Vpp Errors on All DUTs | ... | AND | Show vpp trace dump on all DUTs | Documentation | *IPv6 IPsec tunnel mode test suite.* | ... @@ -42,6 +43,7 @@ | ${tg_lo_ip6}= | 3ffe:60::3 | ${dut_lo_ip6}= | 3ffe:60::4 | ${ip6_plen}= | ${64} +| ${ip6_plen_rt}= | ${128} *** Test Cases *** | TC01: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity @@ -58,7 +60,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -78,7 +80,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -98,7 +100,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -119,7 +121,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -139,7 +141,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -160,7 +162,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -181,7 +183,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -202,7 +204,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -222,7 +224,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -243,7 +245,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -264,7 +266,7 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} @@ -284,7 +286,86 @@ | | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} | | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} | | ... | ${dut_tun_ip} | ${tg_tun_ip} -| | Then Send and Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} | | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} + +| TC13: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. +| | ... | [Ver] Send an ESP packet encrypted by encryption key different from\ +| | ... | encryption key stored on VPP node from TG to VPP node and expect no\ +| | ... | response to be received on TG. +| | ... | [Ref] RFC4303. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | ${encr_key2}= | And Get Second Random String | ${encr_alg} | Crypto +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| TC14: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. +| | ... | [Ver] Send an ESP packet authenticated by integrity key different\ +| | ... | from integrity key stored on VPP node from TG to VPP node and expect\ +| | ... | no response to be received on TG. +| | ... | [Ref] RFC4303. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | ${auth_key2}= | And Get Second Random String | ${auth_alg} | Integ +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key2} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| TC15: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. +| | ... | [Ver] Send an ESP packet authenticated by integrity key and encrypted\ +| | ... | by encryption key different from integrity and encryption keys stored\ +| | ... | on VPP node from TG to VPP node and expect no response to be received\ +| | ... | on TG. +| | ... | [Ref] RFC4303. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | ${encr_key2}= | And Get Second Random String | ${encr_alg} | Crypto +| | ${auth_key2}= | And Get Second Random String | ${auth_alg} | Integ +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${auth_key2} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +*** Keywords *** +| Get Second Random String +| | [Arguments] | ${req_alg} | ${req_type} +| | ${req_key_len}= | Run Keyword | Get ${req_type} Alg Key Len | ${req_alg} +| | :FOR | ${index} | IN RANGE | 100 +| | | ${req_key}= | Generate Random String | ${req_key_len} +| | | Return From Keyword If | '${req_key}' != '${encr_key}' | ${req_key} |