summaryrefslogtreecommitdiffstats
path: root/ipsec
diff options
context:
space:
mode:
authorMichal Cmarada <mcmarada@cisco.com>2019-02-11 09:35:12 +0100
committerMichal Cmarada <mcmarada@cisco.com>2019-02-12 11:38:26 +0100
commit57b514a71a9b71f752deadb30a05b32fcfd08714 (patch)
tree0cf8c67b7225e12d8f67a1d792fd27d4de936839 /ipsec
parent3751ef96ae1427cc8d5ecb9cbba705e837bb63ca (diff)
fix ipsec api changes
Change-Id: I76ebccbb27cfa7f543f6590b06c662e9742e7897 Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
Diffstat (limited to 'ipsec')
-rw-r--r--ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java62
-rw-r--r--ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java52
2 files changed, 89 insertions, 25 deletions
diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java
index 4755c7a82..78a80120a 100644
--- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java
+++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java
@@ -31,6 +31,8 @@ import io.fd.vpp.jvpp.core.dto.IpsecSaDetails;
import io.fd.vpp.jvpp.core.dto.IpsecSaDetailsReplyDump;
import io.fd.vpp.jvpp.core.dto.IpsecSaDump;
import io.fd.vpp.jvpp.core.future.FutureJVppCore;
+import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg;
+import io.fd.vpp.jvpp.core.types.IpsecIntegAlg;
import java.util.LinkedList;
import javax.annotation.Nonnull;
import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecStateSpdAugmentation;
@@ -84,16 +86,70 @@ public class IpsecStateCustomizer extends FutureJVppCustomizer
IpsecSaDetailsReplyDump reply = dumpSa.get();
for (IpsecSaDetails details : reply.ipsecSaDetails) {
SaBuilder saBuilder = new SaBuilder();
- saBuilder.setSpi(Integer.toUnsignedLong(details.spi))
+ saBuilder.setSpi(Integer.toUnsignedLong(details.entry.spi))
.setAntiReplayWindow(Long.valueOf(details.replayWindow).intValue())
- .setAuthenticationAlgorithm(IkeIntegrityAlgorithmT.forValue(details.integAlg))
- .setEncryptionAlgorithm(IkeEncryptionAlgorithmT.forValue(details.cryptoAlg));
+ .setAuthenticationAlgorithm(parseAuthAlgorithm(details.entry.integrityAlgorithm))
+ .setEncryptionAlgorithm(parseCryptoAlgorithm(details.entry.cryptoAlgorithm));
listSa.add(saBuilder.build());
}
builder.setSa(listSa);
}
}
+ private IkeEncryptionAlgorithmT parseCryptoAlgorithm(final IpsecCryptoAlg cryptoAlgorithm) {
+ switch (cryptoAlgorithm){
+ case IPSEC_API_CRYPTO_ALG_NONE:
+ return IkeEncryptionAlgorithmT.EncrNull;
+ case IPSEC_API_CRYPTO_ALG_AES_CBC_128:
+ return IkeEncryptionAlgorithmT.EncrAesCbc128;
+ case IPSEC_API_CRYPTO_ALG_AES_CBC_192:
+ return IkeEncryptionAlgorithmT.EncrAesCbc192;
+ case IPSEC_API_CRYPTO_ALG_AES_CBC_256:
+ return IkeEncryptionAlgorithmT.EncrAesCbc256;
+ case IPSEC_API_CRYPTO_ALG_AES_CTR_128:
+ // todo verify Cryptoalgorithms
+ return IkeEncryptionAlgorithmT.EncrAesCtr;
+ case IPSEC_API_CRYPTO_ALG_AES_CTR_192:
+ // todo verify Cryptoalgorithms
+ return IkeEncryptionAlgorithmT.EncrAesCtr;
+ case IPSEC_API_CRYPTO_ALG_AES_CTR_256:
+ // todo verify Cryptoalgorithms
+ return IkeEncryptionAlgorithmT.EncrAesCtr;
+ case IPSEC_API_CRYPTO_ALG_AES_GCM_128:
+ return IkeEncryptionAlgorithmT.EncrAesGcm8Icv;
+ case IPSEC_API_CRYPTO_ALG_AES_GCM_192:
+ return IkeEncryptionAlgorithmT.EncrAesGcm12Icv;
+ case IPSEC_API_CRYPTO_ALG_AES_GCM_256:
+ return IkeEncryptionAlgorithmT.EncrAesGcm16Icv;
+ case IPSEC_API_CRYPTO_ALG_DES_CBC:
+ // todo verify Cryptoalgorithms
+ return IkeEncryptionAlgorithmT.EncrDes;
+ case IPSEC_API_CRYPTO_ALG_3DES_CBC:
+ return IkeEncryptionAlgorithmT.Encr3des;
+ }
+ return IkeEncryptionAlgorithmT.EncrNull;
+ }
+
+ private IkeIntegrityAlgorithmT parseAuthAlgorithm(final IpsecIntegAlg integrityAlgorithm) {
+ switch (integrityAlgorithm){
+ case IPSEC_API_INTEG_ALG_NONE:
+ return IkeIntegrityAlgorithmT.AuthNone;
+ case IPSEC_API_INTEG_ALG_MD5_96:
+ return IkeIntegrityAlgorithmT.AuthHmacMd596;
+ case IPSEC_API_INTEG_ALG_SHA1_96:
+ return IkeIntegrityAlgorithmT.AuthHmacSha196;
+ case IPSEC_API_INTEG_ALG_SHA_256_96:
+ return IkeIntegrityAlgorithmT.AuthHmacSha225696;
+ case IPSEC_API_INTEG_ALG_SHA_256_128:
+ return IkeIntegrityAlgorithmT.AuthHmacSha2256128;
+ case IPSEC_API_INTEG_ALG_SHA_384_192:
+ return IkeIntegrityAlgorithmT.AuthHmacSha2384192;
+ case IPSEC_API_INTEG_ALG_SHA_512_256:
+ return IkeIntegrityAlgorithmT.AuthHmacSha2512256;
+ }
+ return IkeIntegrityAlgorithmT.AuthNone;
+ }
+
@Override
public void merge(@Nonnull final Builder<? extends DataObject> parentBuilder, @Nonnull final IpsecState readValue) {
IpsecStateBuilder ipsecParentBuilder = (IpsecStateBuilder) parentBuilder;
diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java
index 9b8f9157f..46ebd89d8 100644
--- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java
+++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java
@@ -16,6 +16,9 @@
package io.fd.hc2vpp.ipsec.read;
+import static io.fd.vpp.jvpp.core.types.IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_128;
+import static io.fd.vpp.jvpp.core.types.IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96;
+import static io.fd.vpp.jvpp.core.types.IpsecProto.IPSEC_API_PROTO_ESP;
import static org.junit.Assert.assertEquals;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
@@ -29,8 +32,13 @@ import io.fd.honeycomb.translate.spi.read.ReaderCustomizer;
import io.fd.vpp.jvpp.core.dto.IpsecSaDetails;
import io.fd.vpp.jvpp.core.dto.IpsecSaDetailsReplyDump;
import io.fd.vpp.jvpp.core.dto.IpsecSaDump;
+import io.fd.vpp.jvpp.core.types.IpsecSadEntry;
+import io.fd.vpp.jvpp.core.types.IpsecSadFlags;
+import io.fd.vpp.jvpp.core.types.Key;
import java.util.LinkedList;
import org.junit.Test;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4AddressNoZone;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IkeEncryptionAlgorithmT;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecState;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecStateBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.state.grouping.Sa;
@@ -40,18 +48,14 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest<IpsecState, I
implements ByteDataTranslator, Ipv4Translator, Ipv6Translator {
private static InstanceIdentifier<IpsecState> IPSEC_STATE_ID = InstanceIdentifier.create(IpsecState.class);
- private static final String LOCAL_ADDR_START = "192.168.11.1";
- private static final String REMOTE_ADDR_START = "192.168.22.1";
- private static final String TUNNEL_SRC_ADDR = LOCAL_ADDR_START;
- private static final String TUNNEL_DST_ADDR = REMOTE_ADDR_START;
+ private static final Ipv4AddressNoZone TUNNEL_SRC_ADDR = new Ipv4AddressNoZone("192.168.11.1");
+ private static final Ipv4AddressNoZone TUNNEL_DST_ADDR = new Ipv4AddressNoZone("192.168.22.1");
private static final int REPLY_WINDOW = 88;
private static final int SA_ID = 10;
private static final int SPI = 1001;
- private static final int CRYPTO_ALG = 1;
private static final String CRYPTO_KEY = "123456789";
private static final int INTEG_ALG = 2;
private static final String INTEG_KEY = "987654321";
- private static final int PROTOCOL = 1;
private static final int LAST_SEQ_INB = 8;
private static final int HOLD_DOWN = 88;
@@ -65,24 +69,28 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest<IpsecState, I
}
@Override
- protected void setUp() throws Exception {
+ protected void setUp() {
final IpsecSaDetailsReplyDump saDetailsReply = new IpsecSaDetailsReplyDump();
LinkedList<IpsecSaDetails> saDetails = new LinkedList<>();
IpsecSaDetails saDetail = new IpsecSaDetails();
- saDetail.spi = SPI;
- saDetail.saId = SA_ID;
- saDetail.cryptoAlg = CRYPTO_ALG;
- saDetail.cryptoKey = CRYPTO_KEY.getBytes();
- saDetail.integAlg = INTEG_ALG;
- saDetail.integKey = INTEG_KEY.getBytes();
- saDetail.isTunnel = BYTE_TRUE;
- saDetail.isTunnelIp6 = BYTE_FALSE;
- saDetail.protocol = PROTOCOL;
+ saDetail.entry = new IpsecSadEntry();
+ saDetail.entry.spi = SPI;
+ saDetail.entry.sadId = SA_ID;
+ saDetail.entry.cryptoAlgorithm = IPSEC_API_CRYPTO_ALG_AES_CBC_128;
+ saDetail.entry.cryptoKey = new Key();
+ saDetail.entry.cryptoKey.data = CRYPTO_KEY.getBytes();
+ saDetail.entry.cryptoKey.length = (byte) CRYPTO_KEY.getBytes().length;
+ saDetail.entry.integrityAlgorithm = IPSEC_API_INTEG_ALG_SHA1_96;
+ saDetail.entry.integrityKey = new Key();
+ saDetail.entry.integrityKey.data = INTEG_KEY.getBytes();
+ saDetail.entry.integrityKey.length = (byte) INTEG_KEY.getBytes().length;
+ saDetail.entry.protocol = IPSEC_API_PROTO_ESP;
saDetail.lastSeqInbound = LAST_SEQ_INB;
saDetail.replayWindow = REPLY_WINDOW;
- saDetail.useAntiReplay = BYTE_TRUE;
- saDetail.tunnelSrcAddr = ipv4AddressNoZoneToArray(TUNNEL_SRC_ADDR);
- saDetail.tunnelDstAddr = ipv4AddressNoZoneToArray(TUNNEL_DST_ADDR);
+ saDetail.entry.flags = IpsecSadFlags.forValue(IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL.value +
+ IpsecSadFlags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY.value);
+ saDetail.entry.tunnelSrc = ipv4AddressNoZoneToAddress(TUNNEL_SRC_ADDR);
+ saDetail.entry.tunnelDst = ipv4AddressNoZoneToAddress(TUNNEL_DST_ADDR);
saDetails.add(saDetail);
saDetailsReply.ipsecSaDetails = saDetails;
IpsecSaDump saDump = new IpsecSaDump();
@@ -98,15 +106,15 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest<IpsecState, I
Sa sa = builder.getSa().get(0);
assertEquals(sa.getAntiReplayWindow().intValue(), REPLY_WINDOW);
assertEquals(sa.getAuthenticationAlgorithm().getIntValue(), INTEG_ALG);
- assertEquals(sa.getEncryptionAlgorithm().getIntValue(), CRYPTO_ALG);
+ assertEquals(sa.getEncryptionAlgorithm(), IkeEncryptionAlgorithmT.EncrAesCbc128);
assertEquals(sa.getSpi().intValue(), SPI);
}
@Test
- public void testMerge() throws Exception {
+ public void testMerge() {
final IpsecStateBuilder parentBuilder = new IpsecStateBuilder();
final IpsecStateBuilder builderForNewdata = new IpsecStateBuilder();
- builderForNewdata.setHoldDown(new Long(HOLD_DOWN));
+ builderForNewdata.setHoldDown((long) HOLD_DOWN);
getCustomizer().merge(parentBuilder, builderForNewdata.build());
assertEquals(parentBuilder.getHoldDown().intValue(), HOLD_DOWN);
}