aboutsummaryrefslogtreecommitdiffstats
path: root/resources
diff options
context:
space:
mode:
Diffstat (limited to 'resources')
-rw-r--r--resources/libraries/python/IPsecUtil.py24
-rw-r--r--resources/libraries/robot/ipsec.robot28
-rw-r--r--resources/templates/vat/ipsec/ipsec_sa_set_key.vat1
3 files changed, 51 insertions, 2 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index e033e04b48..70d44e0936 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -241,6 +241,30 @@ class IPsecUtil(object):
err_msg='Add SAD entry failed on {0}'.format(node['host']))
@staticmethod
+ def vpp_ipsec_sa_set_key(node, sa_id, crypto_key, integ_key):
+ """Update Security Association (SA) keys.
+
+ :param node: VPP node to update SA keys.
+ :param sa_id: SAD entry ID.
+ :param crypto_key: The encryption key string.
+ :param integ_key: The integrity key string.
+ :type node: dict
+ :type sa_id: int
+ :type crypto_key: str
+ :type integ_key: str
+ """
+ ckey = crypto_key.encode('hex')
+ ikey = integ_key.encode('hex')
+
+ out = VatExecutor.cmd_from_template(node,
+ "ipsec/ipsec_sa_set_key.vat",
+ sa_id=sa_id,
+ ckey=ckey, ikey=ikey)
+ VatJsonUtil.verify_vat_retval(
+ out[0],
+ err_msg='Update SA key failed on {0}'.format(node['host']))
+
+ @staticmethod
def vpp_ipsec_add_spd(node, spd_id):
"""Create Security Policy Database on the VPP node.
diff --git a/resources/libraries/robot/ipsec.robot b/resources/libraries/robot/ipsec.robot
index d4a2e440e6..92b292ede3 100644
--- a/resources/libraries/robot/ipsec.robot
+++ b/resources/libraries/robot/ipsec.robot
@@ -146,6 +146,10 @@
| | ... | - l_tunnel - Local tunnel IP address (optional). Type: string
| | ... | - r_tunnel - Remote tunnel IP address (optional). Type: string
| | ...
+| | ... | _NOTE:_ This KW sets following test case variables:
+| | ... | - l_sa_id
+| | ... | - r_sa_id
+| | ...
| | ... | *Example:*
| | ... | \| ${encr_alg}= \| Crypto Alg AES CBC 128 \|
| | ... | \| ${auth_alg}= \| Integ Alg SHA1 96 \|
@@ -156,8 +160,8 @@
| | [Arguments] | ${node} | ${interface} | ${crypto_alg} | ${crypto_key}
| | ... | ${integ_alg} | ${integ_key} | ${l_spi} | ${r_spi} | ${l_ip}
| | ... | ${r_ip} | ${l_tunnel}=${None} | ${r_tunnel}=${None}
-| | ${l_sa_id}= | Set Variable | ${10}
-| | ${r_sa_id}= | Set Variable | ${20}
+| | Set Test Variable | ${l_sa_id} | ${10}
+| | Set Test Variable | ${r_sa_id} | ${20}
| | ${spd_id}= | Set Variable | ${1}
| | ${p_hi}= | Set Variable | ${100}
| | ${p_lo}= | Set Variable | ${10}
@@ -182,6 +186,26 @@
| | ... | sa_id=${l_sa_id} | laddr_range=${l_ip}
| | ... | raddr_range=${r_ip} | inbound=${FALSE}
+| VPP Update IPsec SA Keys
+| | [Documentation] | Update IPsec SA keys on VPP node.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - VPP node to update SA keys. Type: dictionary
+| | ... | - l_sa_id - Local SA ID. Type: string
+| | ... | - r_sa_id - Remote SA ID. Type: string
+| | ... | - crypto_key - Encryption key. Type: string
+| | ... | - integ_key - Integrity key. Type: string
+| | ...
+| | ... | *Example:*
+| | ... | \| VPP Update IPsec SA Keys \| ${nodes['DUT1']} \
+| | ... | \| 10 \| 20 \| sixteenbytes_key \| twentybytessecretkey \|
+| | [Arguments] | ${node} | ${l_sa_id} | ${r_sa_id} | ${crypto_key}
+| | ... | ${integ_key}
+| | VPP IPsec SA Set Key | ${dut_node} | ${l_sa_id} | ${crypto_key}
+| | ... | ${integ_key}
+| | VPP IPsec SA Set Key | ${dut_node} | ${r_sa_id} | ${crypto_key}
+| | ... | ${integ_key}
+
| Send and Receive IPsec Packet
| | [Documentation] | Send IPsec packet from TG to DUT. Receive IPsec packet\
| | ... | from DUT on TG and verify ESP encapsulation.
diff --git a/resources/templates/vat/ipsec/ipsec_sa_set_key.vat b/resources/templates/vat/ipsec/ipsec_sa_set_key.vat
new file mode 100644
index 0000000000..96d570ef93
--- /dev/null
+++ b/resources/templates/vat/ipsec/ipsec_sa_set_key.vat
@@ -0,0 +1 @@
+ipsec_sa_set_key sa_id {sa_id} crypto_key {ckey} integ_key {ikey} \ No newline at end of file