aboutsummaryrefslogtreecommitdiffstats
path: root/tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot
diff options
context:
space:
mode:
authorPeter Mikus <pmikus@cisco.com>2019-06-07 13:44:52 +0000
committerPeter Mikus <pmikus@cisco.com>2019-06-10 17:38:11 +0000
commitf49a6734523f7e4ae26e357e4bd2c2df8c3de4d8 (patch)
treea1e629e4b63243f72a06a4493eec19c45aa8030f /tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot
parent2c6e0991f266b1cc08fe69ab4ff051e11b0c1afc (diff)
vpp_device: IPsec
- Remove VM ipsec tests as they are not interesting - Remove duplicate (vpp_device/virl) VM tests - Remove VM tunnel tests and use base tunnel (we do not need tunnel and VM) Change-Id: I5d7b6d8a037878f81a6bdc0114af481b32141dde Signed-off-by: Peter Mikus <pmikus@cisco.com>
Diffstat (limited to 'tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot')
-rw-r--r--tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot121
1 files changed, 121 insertions, 0 deletions
diff --git a/tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot b/tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot
new file mode 100644
index 0000000000..8fcc11c036
--- /dev/null
+++ b/tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot
@@ -0,0 +1,121 @@
+# Copyright (c) 2019 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*** Settings ***
+| Resource | resources/libraries/robot/crypto/ipsec.robot
+| ...
+| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV
+| ... | FUNCTEST | IP6FWD | IPSEC | IPSEC_TPT | IP6BASE
+| ...
+| Test Setup | Set up IPSec SW device functional test | IPv6
+| ...
+| Test Teardown | Tear down VPP device test
+| ...
+| Documentation | *IPv6 IPsec transport mode test suite.*
+| ...
+| ... | *[Top] Network topologies:* TG-DUT1 2-node topology with one link\
+| ... | between nodes.
+| ... | *[Cfg] DUT configuration:* On DUT1 create loopback interface, configure
+| ... | loopback an physical interface IPv6 addresses, static ARP record, route
+| ... | and IPsec manual keyed connection in transport mode.
+| ... | *[Ver] TG verification:* ESP packet is sent from TG to DUT1. ESP packet
+| ... | is received on TG from DUT1.
+| ... | *[Ref] Applicable standard specifications:* RFC4303.
+
+*** Variables ***
+| ${tg_spi}= | ${1000}
+| ${dut_spi}= | ${1001}
+| ${ESP_PROTO}= | ${50}
+| ${tg_if_ip6}= | 3ffe:5f::1
+| ${dut_if_ip6}= | 3ffe:5f::2
+| ${tg_lo_ip6}= | 3ffe:60::3
+| ${dut_lo_ip6}= | 3ffe:60::4
+| ${ip6_plen}= | ${64}
+| ${ip6_plen_rt}= | ${128}
+
+*** Test Cases ***
+| tc01-eth2p-ethip6ipsectpt-ip6base-device-aes-128-cbc-sha-256-128
+| | [Documentation]
+| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
+| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-256-128 in transport
+| | ... | mode.
+| | ... | [Ver] Send and receive ESP packet between TG and VPP node.
+| | ...
+| | ${encr_alg}= | Crypto Alg AES CBC 128
+| | ${auth_alg}= | Integ Alg SHA 256 128
+| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
+| | When Configure manual keyed connection for IPSec
+| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
+| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
+| | ... | is_ipv6=${TRUE}
+| | Then Send IPsec Packet and verify ESP encapsulation in received packet
+| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
+| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
+
+| tc02-eth2p-ethip6ipsectpt-ip6base-device-aes-256-cbc-sha-256-128
+| | [Documentation]
+| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
+| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-256-128 in transport
+| | ... | mode.
+| | ... | [Ver] Send and receive ESP packet between TG and VPP node.
+| | ...
+| | ${encr_alg}= | Crypto Alg AES CBC 256
+| | ${auth_alg}= | Integ Alg SHA 256 128
+| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
+| | When Configure manual keyed connection for IPSec
+| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
+| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
+| | ... | is_ipv6=${TRUE}
+| | Then Send IPsec Packet and verify ESP encapsulation in received packet
+| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
+| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
+
+| tc03-eth2p-ethip6ipsectpt-ip6base-device-aes-128-cbc-sha-512-256
+| | [Documentation]
+| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
+| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-512-256 in transport
+| | ... | mode.
+| | ... | [Ver] Send and receive ESP packet between TG and VPP node.
+| | ...
+| | ${encr_alg}= | Crypto Alg AES CBC 128
+| | ${auth_alg}= | Integ Alg SHA 512 256
+| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
+| | When Configure manual keyed connection for IPSec
+| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
+| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
+| | ... | is_ipv6=${TRUE}
+| | Then Send IPsec Packet and verify ESP encapsulation in received packet
+| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
+| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
+
+| tc04-eth2p-ethip6ipsectpt-ip6base-device-aes-256-cbc-sha-512-256
+| | [Documentation]
+| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\
+| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-512-256 in transport
+| | ... | mode.
+| | ... | [Ver] Send and receive ESP packet between TG and VPP node.
+| | ...
+| | ${encr_alg}= | Crypto Alg AES CBC 256
+| | ${auth_alg}= | Integ Alg SHA 512 256
+| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg}
+| | When Configure manual keyed connection for IPSec
+| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg}
+| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip}
+| | ... | is_ipv6=${TRUE}
+| | Then Send IPsec Packet and verify ESP encapsulation in received packet
+| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac}
+| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi}
+| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} \ No newline at end of file