diff options
Diffstat (limited to 'tests/func/ipsec/ipsec_tunnel_mode_ipv4.robot')
-rw-r--r-- | tests/func/ipsec/ipsec_tunnel_mode_ipv4.robot | 134 |
1 files changed, 133 insertions, 1 deletions
diff --git a/tests/func/ipsec/ipsec_tunnel_mode_ipv4.robot b/tests/func/ipsec/ipsec_tunnel_mode_ipv4.robot index 2261ae638a..d59aae6e54 100644 --- a/tests/func/ipsec/ipsec_tunnel_mode_ipv4.robot +++ b/tests/func/ipsec/ipsec_tunnel_mode_ipv4.robot @@ -361,10 +361,142 @@ | | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} | | ... | ${dut_tun_ip} +| TC16: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Ref] RFC4303. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel\ +| | ... | mode. Then update SA keys - use new keys. +| | ... | [Ver] Send and receive ESP packet between TG and VPP node before\ +| | ... | and after SA keys update. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} +| | ${new_encr_key}= | Given Get Second Random String | ${encr_alg} | Crypto +| | ${new_auth_key}= | And Get Second Random String | ${auth_alg} | Integ +| | When VPP Update IPsec SA Keys | ${dut_node} | ${l_sa_id} | ${r_sa_id} +| | ... | ${new_encr_key} | ${new_auth_key} +| | Then Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${new_encr_key} | ${auth_alg} | ${new_auth_key} +| | ... | ${tg_spi} | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| TC17: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption alogrithms used +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Ref] RFC4303. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel +| | ... | mode. Then update SA keys - use new keys. +| | ... | [Ver] Send an ESP packet encrypted by encryption key different from\ +| | ... | encryption key stored on VPP node from TG to VPP node and expect no\ +| | ... | response to be received on TG before and after SA keys update. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | ${encr_key2}= | And Get Second Random String | ${encr_alg} | Crypto +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} +| | ${new_encr_key}= | Given Get Second Random String | ${encr_alg} | Crypto +| | ${new_auth_key}= | And Get Second Random String | ${auth_alg} | Integ +| | When VPP Update IPsec SA Keys | ${dut_node} | ${l_sa_id} | ${r_sa_id} +| | ... | ${new_encr_key} | ${new_auth_key} +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${new_auth_key} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| TC18: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different integrity alogrithms used +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Ref] RFC4303. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel\ +| | ... | mode. Then update SA keys - use new keys. +| | ... | [Ver] Send an ESP packet authenticated by integrity key different\ +| | ... | from integrity key stored on VPP node from TG to VPP node and expect\ +| | ... | no response to be received on TG before and after SA keys update. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | ${auth_key2}= | And Get Second Random String | ${auth_alg} | Integ +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key} | ${auth_alg} | ${auth_key2} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} +| | ${new_encr_key}= | Given Get Second Random String | ${encr_alg} | Crypto +| | ${new_auth_key}= | And Get Second Random String | ${auth_alg} | Integ +| | When VPP Update IPsec SA Keys | ${dut_node} | ${l_sa_id} | ${r_sa_id} +| | ... | ${new_encr_key} | ${new_auth_key} +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${new_encr_key} | ${auth_alg} | ${auth_key2} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + +| TC19: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption and integrity alogrithms used +| | [Documentation] +| | ... | [Top] TG-DUT1. +| | ... | [Ref] RFC4303. +| | ... | [Cfg] On DUT1 configure IPsec manual keyed connection with encryption\ +| | ... | algorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel\ +| | ... | mode. Then update SA keys - use new keys. +| | ... | [Ver] Send an ESP packet authenticated by integrity key and encrypted\ +| | ... | by encryption key different from integrity and encryption keys stored\ +| | ... | on VPP node from TG to VPP node and expect no response to be received\ +| | ... | on TG before and after SA keys update. +| | ${encr_alg}= | Crypto Alg AES CBC 128 +| | ${auth_alg}= | Integ Alg SHA1 96 +| | Given IPsec Generate Keys | ${encr_alg} | ${auth_alg} +| | When VPP Setup IPsec Manual Keyed Connection +| | ... | ${dut_node} | ${dut_if} | ${encr_alg} | ${encr_key} | ${auth_alg} +| | ... | ${auth_key} | ${dut_spi} | ${tg_spi} | ${dut_src_ip} | ${tg_src_ip} +| | ... | ${dut_tun_ip} | ${tg_tun_ip} +| | ${encr_key2}= | And Get Second Random String | ${encr_alg} | Crypto +| | ${auth_key2}= | And Get Second Random String | ${auth_alg} | Integ +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${auth_key2} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} +| | ${new_encr_key}= | Given Get Second Random String | ${encr_alg} | Crypto +| | ${new_auth_key}= | And Get Second Random String | ${auth_alg} | Integ +| | When VPP Update IPsec SA Keys | ${dut_node} | ${l_sa_id} | ${r_sa_id} +| | ... | ${new_encr_key} | ${new_auth_key} +| | Then Run Keyword And Expect Error | ESP packet Rx timeout +| | ... | Send And Receive IPsec Packet | ${tg_node} | ${tg_if} | ${dut_if_mac} +| | ... | ${encr_alg} | ${encr_key2} | ${auth_alg} | ${auth_key2} | ${tg_spi} +| | ... | ${dut_spi} | ${tg_src_ip} | ${dut_src_ip} | ${tg_tun_ip} +| | ... | ${dut_tun_ip} + *** Keywords *** | Get Second Random String | | [Arguments] | ${req_alg} | ${req_type} | | ${req_key_len}= | Run Keyword | Get ${req_type} Alg Key Len | ${req_alg} +| | ${key}= | Set Variable If | '${req_type}' == 'Crypto' | ${encr_key} +| | ... | '${req_type}' == 'Integ' | ${auth_key} | | :FOR | ${index} | IN RANGE | 100 | | | ${req_key}= | Generate Random String | ${req_key_len} -| | | Return From Keyword If | '${req_key}' != '${encr_key}' | ${req_key} +| | | Return From Keyword If | '${req_key}' != '${key}' | ${req_key} |