fix ipsec api changes

Change-Id: I76ebccbb27cfa7f543f6590b06c662e9742e7897 Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
author: Michal Cmarada <mcmarada@cisco.com> 2019-02-11 09:35:12 +0100
committer: Michal Cmarada <mcmarada@cisco.com> 2019-02-12 11:38:26 +0100
commit: 57b514a71a9b71f752deadb30a05b32fcfd08714 (patch)
tree: 0cf8c67b7225e12d8f67a1d792fd27d4de936839 /ipsec/ipsec-impl
parent: 3751ef96ae1427cc8d5ecb9cbba705e837bb63ca (diff)
2 files changed, 89 insertions, 25 deletions
diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java
index 4755c7a82..78a80120a 100644
--- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java
+++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java
@@ -31,6 +31,8 @@ import io.fd.vpp.jvpp.core.dto.IpsecSaDetails;
 import io.fd.vpp.jvpp.core.dto.IpsecSaDetailsReplyDump;
 import io.fd.vpp.jvpp.core.dto.IpsecSaDump;
 import io.fd.vpp.jvpp.core.future.FutureJVppCore;
+import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg;
+import io.fd.vpp.jvpp.core.types.IpsecIntegAlg;
 import java.util.LinkedList;
 import javax.annotation.Nonnull;
 import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecStateSpdAugmentation;
@@ -84,16 +86,70 @@ public class IpsecStateCustomizer extends FutureJVppCustomizer
             IpsecSaDetailsReplyDump reply = dumpSa.get();
             for (IpsecSaDetails details : reply.ipsecSaDetails) {
                 SaBuilder saBuilder = new SaBuilder();
-                saBuilder.setSpi(Integer.toUnsignedLong(details.spi))
+                saBuilder.setSpi(Integer.toUnsignedLong(details.entry.spi))
                         .setAntiReplayWindow(Long.valueOf(details.replayWindow).intValue())
-                        .setAuthenticationAlgorithm(IkeIntegrityAlgorithmT.forValue(details.integAlg))
-                        .setEncryptionAlgorithm(IkeEncryptionAlgorithmT.forValue(details.cryptoAlg));
+                        .setAuthenticationAlgorithm(parseAuthAlgorithm(details.entry.integrityAlgorithm))
+                        .setEncryptionAlgorithm(parseCryptoAlgorithm(details.entry.cryptoAlgorithm));
                 listSa.add(saBuilder.build());
             }
             builder.setSa(listSa);
         }
     }
 
+    private IkeEncryptionAlgorithmT parseCryptoAlgorithm(final IpsecCryptoAlg cryptoAlgorithm) {
+        switch (cryptoAlgorithm){
+            case IPSEC_API_CRYPTO_ALG_NONE:
+                return IkeEncryptionAlgorithmT.EncrNull;
+            case IPSEC_API_CRYPTO_ALG_AES_CBC_128:
+                return  IkeEncryptionAlgorithmT.EncrAesCbc128;
+            case IPSEC_API_CRYPTO_ALG_AES_CBC_192:
+                return IkeEncryptionAlgorithmT.EncrAesCbc192;
+            case IPSEC_API_CRYPTO_ALG_AES_CBC_256:
+                return IkeEncryptionAlgorithmT.EncrAesCbc256;
+            case IPSEC_API_CRYPTO_ALG_AES_CTR_128:
+                // todo verify Cryptoalgorithms
+                return IkeEncryptionAlgorithmT.EncrAesCtr;
+            case IPSEC_API_CRYPTO_ALG_AES_CTR_192:
+                // todo verify Cryptoalgorithms
+                return IkeEncryptionAlgorithmT.EncrAesCtr;
+            case IPSEC_API_CRYPTO_ALG_AES_CTR_256:
+                // todo verify Cryptoalgorithms
+                return IkeEncryptionAlgorithmT.EncrAesCtr;
+            case IPSEC_API_CRYPTO_ALG_AES_GCM_128:
+                return IkeEncryptionAlgorithmT.EncrAesGcm8Icv;
+            case IPSEC_API_CRYPTO_ALG_AES_GCM_192:
+                return IkeEncryptionAlgorithmT.EncrAesGcm12Icv;
+            case IPSEC_API_CRYPTO_ALG_AES_GCM_256:
+                return IkeEncryptionAlgorithmT.EncrAesGcm16Icv;
+            case IPSEC_API_CRYPTO_ALG_DES_CBC:
+                // todo verify Cryptoalgorithms
+                return IkeEncryptionAlgorithmT.EncrDes;
+            case IPSEC_API_CRYPTO_ALG_3DES_CBC:
+                return IkeEncryptionAlgorithmT.Encr3des;
+        }
+        return IkeEncryptionAlgorithmT.EncrNull;
+    }
+
+    private IkeIntegrityAlgorithmT parseAuthAlgorithm(final IpsecIntegAlg integrityAlgorithm) {
+        switch (integrityAlgorithm){
+            case IPSEC_API_INTEG_ALG_NONE:
+                return IkeIntegrityAlgorithmT.AuthNone;
+            case IPSEC_API_INTEG_ALG_MD5_96:
+                return IkeIntegrityAlgorithmT.AuthHmacMd596;
+            case IPSEC_API_INTEG_ALG_SHA1_96:
+                return IkeIntegrityAlgorithmT.AuthHmacSha196;
+            case IPSEC_API_INTEG_ALG_SHA_256_96:
+                return IkeIntegrityAlgorithmT.AuthHmacSha225696;
+            case IPSEC_API_INTEG_ALG_SHA_256_128:
+                return IkeIntegrityAlgorithmT.AuthHmacSha2256128;
+            case IPSEC_API_INTEG_ALG_SHA_384_192:
+                return IkeIntegrityAlgorithmT.AuthHmacSha2384192;
+            case IPSEC_API_INTEG_ALG_SHA_512_256:
+                return IkeIntegrityAlgorithmT.AuthHmacSha2512256;
+        }
+        return IkeIntegrityAlgorithmT.AuthNone;
+    }
+
     @Override
     public void merge(@Nonnull final Builder<? extends DataObject> parentBuilder, @Nonnull final IpsecState readValue) {
         IpsecStateBuilder ipsecParentBuilder = (IpsecStateBuilder) parentBuilder;
diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java
index 9b8f9157f..46ebd89d8 100644
--- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java
+++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java
@@ -16,6 +16,9 @@
 
 package io.fd.hc2vpp.ipsec.read;
 
+import static io.fd.vpp.jvpp.core.types.IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_128;
+import static io.fd.vpp.jvpp.core.types.IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96;
+import static io.fd.vpp.jvpp.core.types.IpsecProto.IPSEC_API_PROTO_ESP;
 import static org.junit.Assert.assertEquals;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
@@ -29,8 +32,13 @@ import io.fd.honeycomb.translate.spi.read.ReaderCustomizer;
 import io.fd.vpp.jvpp.core.dto.IpsecSaDetails;
 import io.fd.vpp.jvpp.core.dto.IpsecSaDetailsReplyDump;
 import io.fd.vpp.jvpp.core.dto.IpsecSaDump;
+import io.fd.vpp.jvpp.core.types.IpsecSadEntry;
+import io.fd.vpp.jvpp.core.types.IpsecSadFlags;
+import io.fd.vpp.jvpp.core.types.Key;
 import java.util.LinkedList;
 import org.junit.Test;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4AddressNoZone;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IkeEncryptionAlgorithmT;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecState;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecStateBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.state.grouping.Sa;
@@ -40,18 +48,14 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest<IpsecState, I
         implements ByteDataTranslator, Ipv4Translator, Ipv6Translator {
 
     private static InstanceIdentifier<IpsecState> IPSEC_STATE_ID = InstanceIdentifier.create(IpsecState.class);
-    private static final String LOCAL_ADDR_START = "192.168.11.1";
-    private static final String REMOTE_ADDR_START = "192.168.22.1";
-    private static final String TUNNEL_SRC_ADDR = LOCAL_ADDR_START;
-    private static final String TUNNEL_DST_ADDR = REMOTE_ADDR_START;
+    private static final Ipv4AddressNoZone TUNNEL_SRC_ADDR = new Ipv4AddressNoZone("192.168.11.1");
+    private static final Ipv4AddressNoZone TUNNEL_DST_ADDR = new Ipv4AddressNoZone("192.168.22.1");
     private static final int REPLY_WINDOW = 88;
     private static final int SA_ID = 10;
     private static final int SPI = 1001;
-    private static final int CRYPTO_ALG = 1;
     private static final String CRYPTO_KEY = "123456789";
     private static final int INTEG_ALG = 2;
     private static final String INTEG_KEY = "987654321";
-    private static final int PROTOCOL = 1;
     private static final int LAST_SEQ_INB = 8;
     private static final int HOLD_DOWN = 88;
 
@@ -65,24 +69,28 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest<IpsecState, I
     }
 
     @Override
-    protected void setUp() throws Exception {
+    protected void setUp() {
         final IpsecSaDetailsReplyDump saDetailsReply = new IpsecSaDetailsReplyDump();
         LinkedList<IpsecSaDetails> saDetails = new LinkedList<>();
         IpsecSaDetails saDetail = new IpsecSaDetails();
-        saDetail.spi = SPI;
-        saDetail.saId = SA_ID;
-        saDetail.cryptoAlg = CRYPTO_ALG;
-        saDetail.cryptoKey = CRYPTO_KEY.getBytes();
-        saDetail.integAlg = INTEG_ALG;
-        saDetail.integKey = INTEG_KEY.getBytes();
-        saDetail.isTunnel = BYTE_TRUE;
-        saDetail.isTunnelIp6 = BYTE_FALSE;
-        saDetail.protocol = PROTOCOL;
+        saDetail.entry = new IpsecSadEntry();
+        saDetail.entry.spi = SPI;
+        saDetail.entry.sadId = SA_ID;
+        saDetail.entry.cryptoAlgorithm = IPSEC_API_CRYPTO_ALG_AES_CBC_128;
+        saDetail.entry.cryptoKey = new Key();
+        saDetail.entry.cryptoKey.data = CRYPTO_KEY.getBytes();
+        saDetail.entry.cryptoKey.length = (byte) CRYPTO_KEY.getBytes().length;
+        saDetail.entry.integrityAlgorithm = IPSEC_API_INTEG_ALG_SHA1_96;
+        saDetail.entry.integrityKey = new Key();
+        saDetail.entry.integrityKey.data = INTEG_KEY.getBytes();
+        saDetail.entry.integrityKey.length = (byte) INTEG_KEY.getBytes().length;
+        saDetail.entry.protocol = IPSEC_API_PROTO_ESP;
         saDetail.lastSeqInbound = LAST_SEQ_INB;
         saDetail.replayWindow = REPLY_WINDOW;
-        saDetail.useAntiReplay = BYTE_TRUE;
-        saDetail.tunnelSrcAddr = ipv4AddressNoZoneToArray(TUNNEL_SRC_ADDR);
-        saDetail.tunnelDstAddr = ipv4AddressNoZoneToArray(TUNNEL_DST_ADDR);
+        saDetail.entry.flags = IpsecSadFlags.forValue(IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL.value +
+                IpsecSadFlags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY.value);
+        saDetail.entry.tunnelSrc = ipv4AddressNoZoneToAddress(TUNNEL_SRC_ADDR);
+        saDetail.entry.tunnelDst = ipv4AddressNoZoneToAddress(TUNNEL_DST_ADDR);
         saDetails.add(saDetail);
         saDetailsReply.ipsecSaDetails = saDetails;
         IpsecSaDump saDump = new IpsecSaDump();
@@ -98,15 +106,15 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest<IpsecState, I
         Sa sa = builder.getSa().get(0);
         assertEquals(sa.getAntiReplayWindow().intValue(), REPLY_WINDOW);
         assertEquals(sa.getAuthenticationAlgorithm().getIntValue(), INTEG_ALG);
-        assertEquals(sa.getEncryptionAlgorithm().getIntValue(), CRYPTO_ALG);
+        assertEquals(sa.getEncryptionAlgorithm(), IkeEncryptionAlgorithmT.EncrAesCbc128);
         assertEquals(sa.getSpi().intValue(), SPI);
     }
 
     @Test
-    public void testMerge() throws Exception {
+    public void testMerge() {
         final IpsecStateBuilder parentBuilder = new IpsecStateBuilder();
         final IpsecStateBuilder builderForNewdata = new IpsecStateBuilder();
-        builderForNewdata.setHoldDown(new Long(HOLD_DOWN));
+        builderForNewdata.setHoldDown((long) HOLD_DOWN);
         getCustomizer().merge(parentBuilder, builderForNewdata.build());
         assertEquals(parentBuilder.getHoldDown().intValue(), HOLD_DOWN);
     }
author	Michal Cmarada <mcmarada@cisco.com>	2019-02-11 09:35:12 +0100
committer	Michal Cmarada <mcmarada@cisco.com>	2019-02-12 11:38:26 +0100
commit	57b514a71a9b71f752deadb30a05b32fcfd08714 (patch)
tree	0cf8c67b7225e12d8f67a1d792fd27d4de936839 /ipsec/ipsec-impl
parent	3751ef96ae1427cc8d5ecb9cbba705e837bb63ca (diff)