From 26589d440f332fe52238fa258d7d7b58df43eee5 Mon Sep 17 00:00:00 2001 From: Tibor Král Date: Wed, 14 Nov 2018 18:20:02 +0100 Subject: HC2VPP-87: Expose IPSEC management MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Ib13a2cdba5a0902581c455de67cc0ee64d20598d Signed-off-by: Tibor Král --- .../test/resources/ikev2/addDelProfile_after.json | 25 +++++++++++++++++ .../test/resources/ikev2/addDelProfile_before.json | 25 +++++++++++++++++ .../src/test/resources/ikev2/addIkev2Profile.json | 25 +++++++++++++++++ .../ikev2/identity/identity_local_ipv4.json | 8 ++++++ .../ikev2/identity/identity_local_rfc822.json | 8 ++++++ .../ikev2/identity/identity_remote_fqdn.json | 8 ++++++ .../ikev2/identity/identity_remote_ipv6.json | 8 ++++++ .../test/resources/sadEntries/addDelSadEntry.json | 32 ++++++++++++++++++++++ .../sadEntries/addDelSadEntry_Ipv6_after.json | 25 +++++++++++++++++ .../sadEntries/addDelSadEntry_Ipv6_before.json | 32 ++++++++++++++++++++++ .../src/test/resources/sadEntries/delSadEntry.json | 11 ++++++++ .../src/test/resources/spdEntries/addDelSpd.json | 31 +++++++++++++++++++++ .../test/resources/spdEntries/addDelSpd_after.json | 21 ++++++++++++++ .../resources/spdEntries/addDelSpd_before.json | 21 ++++++++++++++ 14 files changed, 280 insertions(+) create mode 100644 ipsec/ipsec-impl/src/test/resources/ikev2/addDelProfile_after.json create mode 100644 ipsec/ipsec-impl/src/test/resources/ikev2/addDelProfile_before.json create mode 100644 ipsec/ipsec-impl/src/test/resources/ikev2/addIkev2Profile.json create mode 100644 ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_local_ipv4.json create mode 100644 ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_local_rfc822.json create mode 100644 ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_remote_fqdn.json create mode 100644 ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_remote_ipv6.json create mode 100644 ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry.json create mode 100644 ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry_Ipv6_after.json create mode 100644 ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry_Ipv6_before.json create mode 100644 ipsec/ipsec-impl/src/test/resources/sadEntries/delSadEntry.json create mode 100644 ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd.json create mode 100644 ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd_after.json create mode 100644 ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd_before.json (limited to 'ipsec/ipsec-impl/src/test/resources') diff --git a/ipsec/ipsec-impl/src/test/resources/ikev2/addDelProfile_after.json b/ipsec/ipsec-impl/src/test/resources/ikev2/addDelProfile_after.json new file mode 100644 index 000000000..ac5f8c797 --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/ikev2/addDelProfile_after.json @@ -0,0 +1,25 @@ +{ + "ikev2": { + "policy": [ + { + "name": "testPolicy", + "lifetime": 0, + "connection-type": "both", + "authentication" : { + "rsa-signature" : "true" + }, + "certificate": "/home/localadmin/certs/server-cert.pem", + "traffic-selectors": [ + { + "ts-name":"TS1", + "protocol":0, + "remote-address-low":"192.168.124.0", + "remote-address-high":"192.168.124.255", + "remote-port-low":0, + "remote-port-high":65535 + } + ] + } + ] + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/ikev2/addDelProfile_before.json b/ipsec/ipsec-impl/src/test/resources/ikev2/addDelProfile_before.json new file mode 100644 index 000000000..3dfa39345 --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/ikev2/addDelProfile_before.json @@ -0,0 +1,25 @@ +{ + "ikev2": { + "policy": [ + { + "name": "testPolicy", + "lifetime": 0, + "connection-type": "both", + "authentication" : { + "preshared-key" : "true" + }, + "pre-shared-key": "0123456789012345", + "traffic-selectors": [ + { + "ts-name":"TS1", + "protocol":0, + "local-address-low":"192.168.124.0", + "local-address-high":"192.168.124.255", + "local-port-low":0, + "local-port-high":65535 + } + ] + } + ] + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/ikev2/addIkev2Profile.json b/ipsec/ipsec-impl/src/test/resources/ikev2/addIkev2Profile.json new file mode 100644 index 000000000..3dfa39345 --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/ikev2/addIkev2Profile.json @@ -0,0 +1,25 @@ +{ + "ikev2": { + "policy": [ + { + "name": "testPolicy", + "lifetime": 0, + "connection-type": "both", + "authentication" : { + "preshared-key" : "true" + }, + "pre-shared-key": "0123456789012345", + "traffic-selectors": [ + { + "ts-name":"TS1", + "protocol":0, + "local-address-low":"192.168.124.0", + "local-address-high":"192.168.124.255", + "local-port-low":0, + "local-port-high":65535 + } + ] + } + ] + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_local_ipv4.json b/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_local_ipv4.json new file mode 100644 index 000000000..f068bd78b --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_local_ipv4.json @@ -0,0 +1,8 @@ +{ + "identity" : { + "local": + { + "ipv4-address": "192.168.123.22" + } + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_local_rfc822.json b/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_local_rfc822.json new file mode 100644 index 000000000..6e152d9c4 --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_local_rfc822.json @@ -0,0 +1,8 @@ +{ + "identity" : { + "local": + { + "rfc822-address-string": "rfc822@example.com" + } + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_remote_fqdn.json b/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_remote_fqdn.json new file mode 100644 index 000000000..514f84116 --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_remote_fqdn.json @@ -0,0 +1,8 @@ +{ + "identity" : { + "remote": + { + "fqdn-string": "vpp.home" + } + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_remote_ipv6.json b/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_remote_ipv6.json new file mode 100644 index 000000000..0674d357f --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/ikev2/identity/identity_remote_ipv6.json @@ -0,0 +1,8 @@ +{ + "identity" : { + "remote": + { + "ipv6-address": "2001:DB8:0:0:8:800:200C:417A" + } + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry.json b/ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry.json new file mode 100644 index 000000000..c522ba2de --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry.json @@ -0,0 +1,32 @@ +{ + "sad": { + "sad-entries": [ + { + "spi": 1002, + "direction": "outbound", + "sa-id": 10, + "security-protocol": "esp", + "sa-mode": "tunnel", + "esp": { + "authentication": { + "hmac-sha1-96": { + "key-str": "0123456789012346" + } + }, + "encryption": { + "aes-128-cbc": { + "key-str": "9876543210987654" + } + } + }, + "source-address": { + "ipv4-address": "192.168.1.1" + }, + "destination-address": { + "ipv4-address": "192.168.1.2" + }, + "anti-replay-window": 0 + } + ] + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry_Ipv6_after.json b/ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry_Ipv6_after.json new file mode 100644 index 000000000..fa618a391 --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry_Ipv6_after.json @@ -0,0 +1,25 @@ +{ + "sad": { + "sad-entries": [ + { + "spi": 1002, + "direction": "inbound", + "sa-id": 10, + "security-protocol": "ah", + "sa-mode": "transport", + "ah": { + "hmac-md5-96": { + "key-str": "0123456789012346" + } + }, + "source-address": { + "ipv6-address": "2001::11" + }, + "destination-address": { + "ipv6-address": "2001::12" + }, + "anti-replay-window": 32 + } + ] + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry_Ipv6_before.json b/ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry_Ipv6_before.json new file mode 100644 index 000000000..a88a14600 --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/sadEntries/addDelSadEntry_Ipv6_before.json @@ -0,0 +1,32 @@ +{ + "sad": { + "sad-entries": [ + { + "spi": 1002, + "direction": "outbound", + "sa-id": 10, + "security-protocol": "esp", + "sa-mode": "tunnel", + "esp": { + "authentication": { + "hmac-sha1-96": { + "key-str": "0123456789012346" + } + }, + "encryption": { + "aes-128-cbc": { + "key-str": "9876543210987654" + } + } + }, + "source-address": { + "ipv6-address": "2001::1" + }, + "destination-address": { + "ipv6-address": "2001::10" + }, + "anti-replay-window": 32 + } + ] + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/sadEntries/delSadEntry.json b/ipsec/ipsec-impl/src/test/resources/sadEntries/delSadEntry.json new file mode 100644 index 000000000..23998d60f --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/sadEntries/delSadEntry.json @@ -0,0 +1,11 @@ +{ + "sad": { + "sad-entries": [ + { + "spi": 1002, + "direction": "outbound", + "sa-id": 10 + } + ] + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd.json b/ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd.json new file mode 100644 index 000000000..85fe81d0d --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd.json @@ -0,0 +1,31 @@ +{ + "ipsec" : { + "spd": [ + { + "spd-id": 10, + "spd-entries": [ + { + "name": "test", + "priority":100, + "direction":"outbound", + "operation":"bypass", + "laddr-start":"192.168.124.0", + "laddr-stop":"192.168.124.255", + "raddr-start":"192.168.125.0", + "raddr-stop":"192.168.125.255" + }, + { + "name": "TestSPDEntryIpv6", + "priority":100, + "direction":"inbound", + "operation":"bypass", + "laddr-start":"2001::1", + "laddr-stop":"2001::100", + "raddr-start":"2001::101", + "raddr-stop":"2001::200" + } + ] + } + ] + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd_after.json b/ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd_after.json new file mode 100644 index 000000000..600dde46a --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd_after.json @@ -0,0 +1,21 @@ +{ + "ipsec" : { + "spd": [ + { + "spd-entries": [ + { + "name": "TestSPDEntryUpdate", + "priority":80, + "direction":"inbound", + "operation":"bypass", + "laddr-start":"2001::1", + "laddr-stop":"2001::100", + "raddr-start":"2001::101", + "raddr-stop":"2001::200" + } + ], + "spd-id": 10 + } + ] + } +} diff --git a/ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd_before.json b/ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd_before.json new file mode 100644 index 000000000..be14bd6f9 --- /dev/null +++ b/ipsec/ipsec-impl/src/test/resources/spdEntries/addDelSpd_before.json @@ -0,0 +1,21 @@ +{ + "ipsec" : { + "spd": [ + { + "spd-entries": [ + { + "name": "TestSPDEntryUpdate", + "priority":100, + "direction":"outbound", + "operation":"discard", + "laddr-start":"192.168.124.0", + "laddr-stop":"192.168.124.255", + "raddr-start":"192.168.125.0", + "raddr-stop":"192.168.125.255" + } + ], + "spd-id": 10 + } + ] + } +} -- cgit 1.2.3-korg