diff options
author | Peter Mikus <pmikus@cisco.com> | 2019-06-07 13:44:52 +0000 |
---|---|---|
committer | Peter Mikus <pmikus@cisco.com> | 2019-06-10 17:38:11 +0000 |
commit | f49a6734523f7e4ae26e357e4bd2c2df8c3de4d8 (patch) | |
tree | a1e629e4b63243f72a06a4493eec19c45aa8030f /tests/vpp/device | |
parent | 2c6e0991f266b1cc08fe69ab4ff051e11b0c1afc (diff) |
vpp_device: IPsec
- Remove VM ipsec tests as they are not interesting
- Remove duplicate (vpp_device/virl) VM tests
- Remove VM tunnel tests and use base tunnel (we do not need tunnel and VM)
Change-Id: I5d7b6d8a037878f81a6bdc0114af481b32141dde
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Diffstat (limited to 'tests/vpp/device')
4 files changed, 486 insertions, 0 deletions
diff --git a/tests/vpp/device/crypto/eth2p-ethip4ipsectnl-ip4base-dev.robot b/tests/vpp/device/crypto/eth2p-ethip4ipsectnl-ip4base-dev.robot new file mode 100644 index 0000000000..c6ac8f26e9 --- /dev/null +++ b/tests/vpp/device/crypto/eth2p-ethip4ipsectnl-ip4base-dev.robot @@ -0,0 +1,124 @@ +# Copyright (c) 2019 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/crypto/ipsec.robot +| ... +| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV +| ... | FUNCTEST | IP4FWD | IPSEC | IPSEC_TNL | IP4BASE +| ... +| Test Setup | Set up IPSec SW device functional test | IPv4 +| ... +| Test Teardown | Tear down VPP device test +| ... +| Documentation | *IPv4 IPsec tunnel mode test suite.* +| ... +| ... | *[Top] Network topologies:* TG-DUT1 2-node topology with one link\ +| ... | between nodes. +| ... | *[Cfg] DUT configuration:* On DUT1 create loopback interface, configure\ +| ... | loopback an physical interface IPv4 addresses, static ARP record, route\ +| ... | and IPsec manual keyed connection in tunnel mode. +| ... | *[Ver] TG verification:* ESP packet is sent from TG to DUT1. ESP packet\ +| ... | is received on TG from DUT1. +| ... | *[Ref] Applicable standard specifications:* RFC4303. + +*** Variables *** +| ${tg_spi}= | ${1000} +| ${dut_spi}= | ${1001} +| ${ESP_PROTO}= | ${50} +| ${tg_if_ip4}= | 192.168.100.2 +| ${dut_if_ip4}= | 192.168.100.3 +| ${tg_lo_ip4}= | 192.168.3.3 +| ${dut_lo_ip4}= | 192.168.4.4 +| ${ip4_plen}= | ${24} + +*** Test Cases *** +| tc01-eth2p-ethip4ipsectnl-ip4base-device-aes-128-cbc-sha-256-128 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-256-128 in tunnel\ +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA 256 128 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| tc02-eth2p-ethip4ipsectnl-ip4base-device-aes-256-cbc-sha-256-128 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-256-128 in tunnel\ +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 256 +| | ${auth_alg}= | Integ Alg SHA 256 128 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| tc03-eth2p-ethip4ipsectnl-ip4base-device-aes-128-cbc-sha-512-256 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-512-256 in tunnel\ +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA 512 256 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| tc04-eth2p-ethip4ipsectnl-ip4base-device-aes-256-cbc-sha-512-256 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-512-256 in tunnel\ +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 256 +| | ${auth_alg}= | Integ Alg SHA 512 256 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} diff --git a/tests/vpp/device/crypto/eth2p-ethip4ipsectpt-ip4base-dev.robot b/tests/vpp/device/crypto/eth2p-ethip4ipsectpt-ip4base-dev.robot new file mode 100644 index 0000000000..83507e5f14 --- /dev/null +++ b/tests/vpp/device/crypto/eth2p-ethip4ipsectpt-ip4base-dev.robot @@ -0,0 +1,116 @@ +# Copyright (c) 2019 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/crypto/ipsec.robot +| ... +| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV +| ... | FUNCTEST | IP4FWD | IPSEC | IPSEC_TPT | IP4BASE +| ... +| Test Setup | Set up IPSec SW device functional test | IPv4 +| ... +| Test Teardown | Tear down VPP device test +| ... +| Documentation | *IPv4 IPsec transport mode test suite.* +| ... +| ... | *[Top] Network topologies:* TG-DUT1 2-node topology with one link\ +| ... | between nodes. +| ... | *[Cfg] DUT configuration:* On DUT1 create loopback interface, configure\ +| ... | loopback an physical interface IPv4 addresses, static ARP record, route\ +| ... | and IPsec manual keyed connection in transport mode. +| ... | *[Ver] TG verification:* ESP packet is sent from TG to DUT1. ESP packet\ +| ... | is received on TG from DUT1. +| ... | *[Ref] Applicable standard specifications:* RFC4303. + +*** Variables *** +| ${tg_spi}= | ${1000} +| ${dut_spi}= | ${1001} +| ${ESP_PROTO}= | ${50} +| ${tg_if_ip4}= | 192.168.100.2 +| ${dut_if_ip4}= | 192.168.100.3 +| ${tg_lo_ip4}= | 192.168.3.3 +| ${dut_lo_ip4}= | 192.168.4.4 +| ${ip4_plen}= | ${24} + +*** Test Cases *** +| tc01-eth2p-ethip4ipsectpt-ip4base-device-aes-128-cbc-sha-256-128 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-256-128 in transport +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA 256 128 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +| tc02-eth2p-ethip4ipsectpt-ip4base-device-aes-256-cbc-sha-256-128 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-256-128 in transport +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 256 +| | ${auth_alg}= | Integ Alg SHA 256 128 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +| tc03-eth2p-ethip4ipsectpt-ip4base-device-aes-128-cbc-sha-512-256 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-512-256 in transport +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA 512 256 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +| tc04-eth2p-ethip4ipsectpt-ip4base-device-aes-256-cbc-sha-512-256 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-512-256 in transport +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 256 +| | ${auth_alg}= | Integ Alg SHA 512 256 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
\ No newline at end of file diff --git a/tests/vpp/device/crypto/eth2p-ethip6ipsectnl-ip6base-dev.robot b/tests/vpp/device/crypto/eth2p-ethip6ipsectnl-ip6base-dev.robot new file mode 100644 index 0000000000..43f9dcf078 --- /dev/null +++ b/tests/vpp/device/crypto/eth2p-ethip6ipsectnl-ip6base-dev.robot @@ -0,0 +1,125 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/crypto/ipsec.robot +| ... +| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV +| ... | FUNCTEST | IP6FWD | IPSEC | IPSEC_TNL | IP6BASE +| ... +| Test Setup | Set up IPSec SW device functional test | IPv6 +| ... +| Test Teardown | Tear down VPP device test +| ... +| Documentation | *IPv6 IPsec tunnel mode test suite.* +| ... +| ... | *[Top] Network topologies:* TG-DUT1 2-node topology with one link\ +| ... | between nodes. +| ... | *[Cfg] DUT configuration:* On DUT1 create loopback interface, configure +| ... | loopback an physical interface IPv6 addresses, static ARP record, route +| ... | and IPsec manual keyed connection in tunnel mode. +| ... | *[Ver] TG verification:* ESP packet is sent from TG to DUT1. ESP packet +| ... | is received on TG from DUT1. +| ... | *[Ref] Applicable standard specifications:* RFC4303. + +*** Variables *** +| ${tg_spi}= | ${1000} +| ${dut_spi}= | ${1001} +| ${ESP_PROTO}= | ${50} +| ${tg_if_ip6}= | 3ffe:5f::1 +| ${dut_if_ip6}= | 3ffe:5f::2 +| ${tg_lo_ip6}= | 3ffe:60::3 +| ${dut_lo_ip6}= | 3ffe:60::4 +| ${ip6_plen}= | ${64} +| ${ip6_plen_rt}= | ${128} + +*** Test Cases *** +| tc01-eth2p-ethip6ipsectnl-ip6base-device-aes-128-cbc-sha-256-128 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-256-128 in tunnel\ +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA 256 128 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} | is_ipv6=${TRUE} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| tc02-eth2p-ethip6ipsectnl-ip6base-device-aes-256-cbc-sha-256-128 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-256-128 in tunnel\ +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 256 +| | ${auth_alg}= | Integ Alg SHA 256 128 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} | is_ipv6=${TRUE} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| tc03-eth2p-ethip6ipsectnl-ip6base-device-aes-128-cbc-sha-512-256 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-512-256 in tunnel\ +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA 512 256 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} | is_ipv6=${TRUE} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| tc04-eth2p-ethip6ipsectnl-ip6base-device-aes-256-cbc-sha-512-256 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-512-256 in tunnel\ +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 256 +| | ${auth_alg}= | Integ Alg SHA 512 256 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} | is_ipv6=${TRUE} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} diff --git a/tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot b/tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot new file mode 100644 index 0000000000..8fcc11c036 --- /dev/null +++ b/tests/vpp/device/crypto/eth2p-ethip6ipsectpt-ip6base-dev.robot @@ -0,0 +1,121 @@ +# Copyright (c) 2019 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/crypto/ipsec.robot +| ... +| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV +| ... | FUNCTEST | IP6FWD | IPSEC | IPSEC_TPT | IP6BASE +| ... +| Test Setup | Set up IPSec SW device functional test | IPv6 +| ... +| Test Teardown | Tear down VPP device test +| ... +| Documentation | *IPv6 IPsec transport mode test suite.* +| ... +| ... | *[Top] Network topologies:* TG-DUT1 2-node topology with one link\ +| ... | between nodes. +| ... | *[Cfg] DUT configuration:* On DUT1 create loopback interface, configure +| ... | loopback an physical interface IPv6 addresses, static ARP record, route +| ... | and IPsec manual keyed connection in transport mode. +| ... | *[Ver] TG verification:* ESP packet is sent from TG to DUT1. ESP packet +| ... | is received on TG from DUT1. +| ... | *[Ref] Applicable standard specifications:* RFC4303. + +*** Variables *** +| ${tg_spi}= | ${1000} +| ${dut_spi}= | ${1001} +| ${ESP_PROTO}= | ${50} +| ${tg_if_ip6}= | 3ffe:5f::1 +| ${dut_if_ip6}= | 3ffe:5f::2 +| ${tg_lo_ip6}= | 3ffe:60::3 +| ${dut_lo_ip6}= | 3ffe:60::4 +| ${ip6_plen}= | ${64} +| ${ip6_plen_rt}= | ${128} + +*** Test Cases *** +| tc01-eth2p-ethip6ipsectpt-ip6base-device-aes-128-cbc-sha-256-128 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-256-128 in transport +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA 256 128 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | ... | is_ipv6=${TRUE} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +| tc02-eth2p-ethip6ipsectpt-ip6base-device-aes-256-cbc-sha-256-128 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-256-128 in transport +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 256 +| | ${auth_alg}= | Integ Alg SHA 256 128 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | ... | is_ipv6=${TRUE} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +| tc03-eth2p-ethip6ipsectpt-ip6base-device-aes-128-cbc-sha-512-256 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA-512-256 in transport +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA 512 256 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | ... | is_ipv6=${TRUE} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip} + +| tc04-eth2p-ethip6ipsectpt-ip6base-device-aes-256-cbc-sha-512-256 +| | [Documentation] +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-256 and integrity algorithm SHA-512-256 in transport +| | ... | mode. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node. +| | ... +| | ${encr_alg}= | Crypto Alg AES CBC 256 +| | ${auth_alg}= | Integ Alg SHA 512 256 +| | Given Generate keys for IPSec | ${encr_alg} | ${auth_alg} +| | When Configure manual keyed connection for IPSec +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_tun_ip} | ${tg_tun_ip} +| | ... | is_ipv6=${TRUE} +| | Then Send IPsec Packet and verify ESP encapsulation in received packet +| | ... | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_tun_ip} | ${dut_tun_ip}
\ No newline at end of file |