diff options
author | Michal Cmarada <mcmarada@cisco.com> | 2019-02-11 09:35:12 +0100 |
---|---|---|
committer | Michal Cmarada <mcmarada@cisco.com> | 2019-02-12 11:38:26 +0100 |
commit | 57b514a71a9b71f752deadb30a05b32fcfd08714 (patch) | |
tree | 0cf8c67b7225e12d8f67a1d792fd27d4de936839 | |
parent | 3751ef96ae1427cc8d5ecb9cbba705e837bb63ca (diff) |
fix ipsec api changes
Change-Id: I76ebccbb27cfa7f543f6590b06c662e9742e7897
Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
-rw-r--r-- | ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java | 62 | ||||
-rw-r--r-- | ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java | 52 |
2 files changed, 89 insertions, 25 deletions
diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java index 4755c7a82..78a80120a 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java @@ -31,6 +31,8 @@ import io.fd.vpp.jvpp.core.dto.IpsecSaDetails; import io.fd.vpp.jvpp.core.dto.IpsecSaDetailsReplyDump; import io.fd.vpp.jvpp.core.dto.IpsecSaDump; import io.fd.vpp.jvpp.core.future.FutureJVppCore; +import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg; +import io.fd.vpp.jvpp.core.types.IpsecIntegAlg; import java.util.LinkedList; import javax.annotation.Nonnull; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecStateSpdAugmentation; @@ -84,16 +86,70 @@ public class IpsecStateCustomizer extends FutureJVppCustomizer IpsecSaDetailsReplyDump reply = dumpSa.get(); for (IpsecSaDetails details : reply.ipsecSaDetails) { SaBuilder saBuilder = new SaBuilder(); - saBuilder.setSpi(Integer.toUnsignedLong(details.spi)) + saBuilder.setSpi(Integer.toUnsignedLong(details.entry.spi)) .setAntiReplayWindow(Long.valueOf(details.replayWindow).intValue()) - .setAuthenticationAlgorithm(IkeIntegrityAlgorithmT.forValue(details.integAlg)) - .setEncryptionAlgorithm(IkeEncryptionAlgorithmT.forValue(details.cryptoAlg)); + .setAuthenticationAlgorithm(parseAuthAlgorithm(details.entry.integrityAlgorithm)) + .setEncryptionAlgorithm(parseCryptoAlgorithm(details.entry.cryptoAlgorithm)); listSa.add(saBuilder.build()); } builder.setSa(listSa); } } + private IkeEncryptionAlgorithmT parseCryptoAlgorithm(final IpsecCryptoAlg cryptoAlgorithm) { + switch (cryptoAlgorithm){ + case IPSEC_API_CRYPTO_ALG_NONE: + return IkeEncryptionAlgorithmT.EncrNull; + case IPSEC_API_CRYPTO_ALG_AES_CBC_128: + return IkeEncryptionAlgorithmT.EncrAesCbc128; + case IPSEC_API_CRYPTO_ALG_AES_CBC_192: + return IkeEncryptionAlgorithmT.EncrAesCbc192; + case IPSEC_API_CRYPTO_ALG_AES_CBC_256: + return IkeEncryptionAlgorithmT.EncrAesCbc256; + case IPSEC_API_CRYPTO_ALG_AES_CTR_128: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrAesCtr; + case IPSEC_API_CRYPTO_ALG_AES_CTR_192: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrAesCtr; + case IPSEC_API_CRYPTO_ALG_AES_CTR_256: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrAesCtr; + case IPSEC_API_CRYPTO_ALG_AES_GCM_128: + return IkeEncryptionAlgorithmT.EncrAesGcm8Icv; + case IPSEC_API_CRYPTO_ALG_AES_GCM_192: + return IkeEncryptionAlgorithmT.EncrAesGcm12Icv; + case IPSEC_API_CRYPTO_ALG_AES_GCM_256: + return IkeEncryptionAlgorithmT.EncrAesGcm16Icv; + case IPSEC_API_CRYPTO_ALG_DES_CBC: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrDes; + case IPSEC_API_CRYPTO_ALG_3DES_CBC: + return IkeEncryptionAlgorithmT.Encr3des; + } + return IkeEncryptionAlgorithmT.EncrNull; + } + + private IkeIntegrityAlgorithmT parseAuthAlgorithm(final IpsecIntegAlg integrityAlgorithm) { + switch (integrityAlgorithm){ + case IPSEC_API_INTEG_ALG_NONE: + return IkeIntegrityAlgorithmT.AuthNone; + case IPSEC_API_INTEG_ALG_MD5_96: + return IkeIntegrityAlgorithmT.AuthHmacMd596; + case IPSEC_API_INTEG_ALG_SHA1_96: + return IkeIntegrityAlgorithmT.AuthHmacSha196; + case IPSEC_API_INTEG_ALG_SHA_256_96: + return IkeIntegrityAlgorithmT.AuthHmacSha225696; + case IPSEC_API_INTEG_ALG_SHA_256_128: + return IkeIntegrityAlgorithmT.AuthHmacSha2256128; + case IPSEC_API_INTEG_ALG_SHA_384_192: + return IkeIntegrityAlgorithmT.AuthHmacSha2384192; + case IPSEC_API_INTEG_ALG_SHA_512_256: + return IkeIntegrityAlgorithmT.AuthHmacSha2512256; + } + return IkeIntegrityAlgorithmT.AuthNone; + } + @Override public void merge(@Nonnull final Builder<? extends DataObject> parentBuilder, @Nonnull final IpsecState readValue) { IpsecStateBuilder ipsecParentBuilder = (IpsecStateBuilder) parentBuilder; diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java index 9b8f9157f..46ebd89d8 100644 --- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java +++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java @@ -16,6 +16,9 @@ package io.fd.hc2vpp.ipsec.read; +import static io.fd.vpp.jvpp.core.types.IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_128; +import static io.fd.vpp.jvpp.core.types.IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96; +import static io.fd.vpp.jvpp.core.types.IpsecProto.IPSEC_API_PROTO_ESP; import static org.junit.Assert.assertEquals; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; @@ -29,8 +32,13 @@ import io.fd.honeycomb.translate.spi.read.ReaderCustomizer; import io.fd.vpp.jvpp.core.dto.IpsecSaDetails; import io.fd.vpp.jvpp.core.dto.IpsecSaDetailsReplyDump; import io.fd.vpp.jvpp.core.dto.IpsecSaDump; +import io.fd.vpp.jvpp.core.types.IpsecSadEntry; +import io.fd.vpp.jvpp.core.types.IpsecSadFlags; +import io.fd.vpp.jvpp.core.types.Key; import java.util.LinkedList; import org.junit.Test; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4AddressNoZone; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IkeEncryptionAlgorithmT; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecState; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecStateBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.state.grouping.Sa; @@ -40,18 +48,14 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest<IpsecState, I implements ByteDataTranslator, Ipv4Translator, Ipv6Translator { private static InstanceIdentifier<IpsecState> IPSEC_STATE_ID = InstanceIdentifier.create(IpsecState.class); - private static final String LOCAL_ADDR_START = "192.168.11.1"; - private static final String REMOTE_ADDR_START = "192.168.22.1"; - private static final String TUNNEL_SRC_ADDR = LOCAL_ADDR_START; - private static final String TUNNEL_DST_ADDR = REMOTE_ADDR_START; + private static final Ipv4AddressNoZone TUNNEL_SRC_ADDR = new Ipv4AddressNoZone("192.168.11.1"); + private static final Ipv4AddressNoZone TUNNEL_DST_ADDR = new Ipv4AddressNoZone("192.168.22.1"); private static final int REPLY_WINDOW = 88; private static final int SA_ID = 10; private static final int SPI = 1001; - private static final int CRYPTO_ALG = 1; private static final String CRYPTO_KEY = "123456789"; private static final int INTEG_ALG = 2; private static final String INTEG_KEY = "987654321"; - private static final int PROTOCOL = 1; private static final int LAST_SEQ_INB = 8; private static final int HOLD_DOWN = 88; @@ -65,24 +69,28 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest<IpsecState, I } @Override - protected void setUp() throws Exception { + protected void setUp() { final IpsecSaDetailsReplyDump saDetailsReply = new IpsecSaDetailsReplyDump(); LinkedList<IpsecSaDetails> saDetails = new LinkedList<>(); IpsecSaDetails saDetail = new IpsecSaDetails(); - saDetail.spi = SPI; - saDetail.saId = SA_ID; - saDetail.cryptoAlg = CRYPTO_ALG; - saDetail.cryptoKey = CRYPTO_KEY.getBytes(); - saDetail.integAlg = INTEG_ALG; - saDetail.integKey = INTEG_KEY.getBytes(); - saDetail.isTunnel = BYTE_TRUE; - saDetail.isTunnelIp6 = BYTE_FALSE; - saDetail.protocol = PROTOCOL; + saDetail.entry = new IpsecSadEntry(); + saDetail.entry.spi = SPI; + saDetail.entry.sadId = SA_ID; + saDetail.entry.cryptoAlgorithm = IPSEC_API_CRYPTO_ALG_AES_CBC_128; + saDetail.entry.cryptoKey = new Key(); + saDetail.entry.cryptoKey.data = CRYPTO_KEY.getBytes(); + saDetail.entry.cryptoKey.length = (byte) CRYPTO_KEY.getBytes().length; + saDetail.entry.integrityAlgorithm = IPSEC_API_INTEG_ALG_SHA1_96; + saDetail.entry.integrityKey = new Key(); + saDetail.entry.integrityKey.data = INTEG_KEY.getBytes(); + saDetail.entry.integrityKey.length = (byte) INTEG_KEY.getBytes().length; + saDetail.entry.protocol = IPSEC_API_PROTO_ESP; saDetail.lastSeqInbound = LAST_SEQ_INB; saDetail.replayWindow = REPLY_WINDOW; - saDetail.useAntiReplay = BYTE_TRUE; - saDetail.tunnelSrcAddr = ipv4AddressNoZoneToArray(TUNNEL_SRC_ADDR); - saDetail.tunnelDstAddr = ipv4AddressNoZoneToArray(TUNNEL_DST_ADDR); + saDetail.entry.flags = IpsecSadFlags.forValue(IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL.value + + IpsecSadFlags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY.value); + saDetail.entry.tunnelSrc = ipv4AddressNoZoneToAddress(TUNNEL_SRC_ADDR); + saDetail.entry.tunnelDst = ipv4AddressNoZoneToAddress(TUNNEL_DST_ADDR); saDetails.add(saDetail); saDetailsReply.ipsecSaDetails = saDetails; IpsecSaDump saDump = new IpsecSaDump(); @@ -98,15 +106,15 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest<IpsecState, I Sa sa = builder.getSa().get(0); assertEquals(sa.getAntiReplayWindow().intValue(), REPLY_WINDOW); assertEquals(sa.getAuthenticationAlgorithm().getIntValue(), INTEG_ALG); - assertEquals(sa.getEncryptionAlgorithm().getIntValue(), CRYPTO_ALG); + assertEquals(sa.getEncryptionAlgorithm(), IkeEncryptionAlgorithmT.EncrAesCbc128); assertEquals(sa.getSpi().intValue(), SPI); } @Test - public void testMerge() throws Exception { + public void testMerge() { final IpsecStateBuilder parentBuilder = new IpsecStateBuilder(); final IpsecStateBuilder builderForNewdata = new IpsecStateBuilder(); - builderForNewdata.setHoldDown(new Long(HOLD_DOWN)); + builderForNewdata.setHoldDown((long) HOLD_DOWN); getCustomizer().merge(parentBuilder, builderForNewdata.build()); assertEquals(parentBuilder.getHoldDown().intValue(), HOLD_DOWN); } |