From 57b514a71a9b71f752deadb30a05b32fcfd08714 Mon Sep 17 00:00:00 2001 From: Michal Cmarada Date: Mon, 11 Feb 2019 09:35:12 +0100 Subject: fix ipsec api changes Change-Id: I76ebccbb27cfa7f543f6590b06c662e9742e7897 Signed-off-by: Michal Cmarada --- .../fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java | 62 ++++++++++++++++++++-- .../ipsec/read/IpsecStateCustomizerTest.java | 52 ++++++++++-------- 2 files changed, 89 insertions(+), 25 deletions(-) (limited to 'ipsec') diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java index 4755c7a82..78a80120a 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizer.java @@ -31,6 +31,8 @@ import io.fd.vpp.jvpp.core.dto.IpsecSaDetails; import io.fd.vpp.jvpp.core.dto.IpsecSaDetailsReplyDump; import io.fd.vpp.jvpp.core.dto.IpsecSaDump; import io.fd.vpp.jvpp.core.future.FutureJVppCore; +import io.fd.vpp.jvpp.core.types.IpsecCryptoAlg; +import io.fd.vpp.jvpp.core.types.IpsecIntegAlg; import java.util.LinkedList; import javax.annotation.Nonnull; import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.ipsec.rev181213.IpsecStateSpdAugmentation; @@ -84,16 +86,70 @@ public class IpsecStateCustomizer extends FutureJVppCustomizer IpsecSaDetailsReplyDump reply = dumpSa.get(); for (IpsecSaDetails details : reply.ipsecSaDetails) { SaBuilder saBuilder = new SaBuilder(); - saBuilder.setSpi(Integer.toUnsignedLong(details.spi)) + saBuilder.setSpi(Integer.toUnsignedLong(details.entry.spi)) .setAntiReplayWindow(Long.valueOf(details.replayWindow).intValue()) - .setAuthenticationAlgorithm(IkeIntegrityAlgorithmT.forValue(details.integAlg)) - .setEncryptionAlgorithm(IkeEncryptionAlgorithmT.forValue(details.cryptoAlg)); + .setAuthenticationAlgorithm(parseAuthAlgorithm(details.entry.integrityAlgorithm)) + .setEncryptionAlgorithm(parseCryptoAlgorithm(details.entry.cryptoAlgorithm)); listSa.add(saBuilder.build()); } builder.setSa(listSa); } } + private IkeEncryptionAlgorithmT parseCryptoAlgorithm(final IpsecCryptoAlg cryptoAlgorithm) { + switch (cryptoAlgorithm){ + case IPSEC_API_CRYPTO_ALG_NONE: + return IkeEncryptionAlgorithmT.EncrNull; + case IPSEC_API_CRYPTO_ALG_AES_CBC_128: + return IkeEncryptionAlgorithmT.EncrAesCbc128; + case IPSEC_API_CRYPTO_ALG_AES_CBC_192: + return IkeEncryptionAlgorithmT.EncrAesCbc192; + case IPSEC_API_CRYPTO_ALG_AES_CBC_256: + return IkeEncryptionAlgorithmT.EncrAesCbc256; + case IPSEC_API_CRYPTO_ALG_AES_CTR_128: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrAesCtr; + case IPSEC_API_CRYPTO_ALG_AES_CTR_192: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrAesCtr; + case IPSEC_API_CRYPTO_ALG_AES_CTR_256: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrAesCtr; + case IPSEC_API_CRYPTO_ALG_AES_GCM_128: + return IkeEncryptionAlgorithmT.EncrAesGcm8Icv; + case IPSEC_API_CRYPTO_ALG_AES_GCM_192: + return IkeEncryptionAlgorithmT.EncrAesGcm12Icv; + case IPSEC_API_CRYPTO_ALG_AES_GCM_256: + return IkeEncryptionAlgorithmT.EncrAesGcm16Icv; + case IPSEC_API_CRYPTO_ALG_DES_CBC: + // todo verify Cryptoalgorithms + return IkeEncryptionAlgorithmT.EncrDes; + case IPSEC_API_CRYPTO_ALG_3DES_CBC: + return IkeEncryptionAlgorithmT.Encr3des; + } + return IkeEncryptionAlgorithmT.EncrNull; + } + + private IkeIntegrityAlgorithmT parseAuthAlgorithm(final IpsecIntegAlg integrityAlgorithm) { + switch (integrityAlgorithm){ + case IPSEC_API_INTEG_ALG_NONE: + return IkeIntegrityAlgorithmT.AuthNone; + case IPSEC_API_INTEG_ALG_MD5_96: + return IkeIntegrityAlgorithmT.AuthHmacMd596; + case IPSEC_API_INTEG_ALG_SHA1_96: + return IkeIntegrityAlgorithmT.AuthHmacSha196; + case IPSEC_API_INTEG_ALG_SHA_256_96: + return IkeIntegrityAlgorithmT.AuthHmacSha225696; + case IPSEC_API_INTEG_ALG_SHA_256_128: + return IkeIntegrityAlgorithmT.AuthHmacSha2256128; + case IPSEC_API_INTEG_ALG_SHA_384_192: + return IkeIntegrityAlgorithmT.AuthHmacSha2384192; + case IPSEC_API_INTEG_ALG_SHA_512_256: + return IkeIntegrityAlgorithmT.AuthHmacSha2512256; + } + return IkeIntegrityAlgorithmT.AuthNone; + } + @Override public void merge(@Nonnull final Builder parentBuilder, @Nonnull final IpsecState readValue) { IpsecStateBuilder ipsecParentBuilder = (IpsecStateBuilder) parentBuilder; diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java index 9b8f9157f..46ebd89d8 100644 --- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java +++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/read/IpsecStateCustomizerTest.java @@ -16,6 +16,9 @@ package io.fd.hc2vpp.ipsec.read; +import static io.fd.vpp.jvpp.core.types.IpsecCryptoAlg.IPSEC_API_CRYPTO_ALG_AES_CBC_128; +import static io.fd.vpp.jvpp.core.types.IpsecIntegAlg.IPSEC_API_INTEG_ALG_SHA1_96; +import static io.fd.vpp.jvpp.core.types.IpsecProto.IPSEC_API_PROTO_ESP; import static org.junit.Assert.assertEquals; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; @@ -29,8 +32,13 @@ import io.fd.honeycomb.translate.spi.read.ReaderCustomizer; import io.fd.vpp.jvpp.core.dto.IpsecSaDetails; import io.fd.vpp.jvpp.core.dto.IpsecSaDetailsReplyDump; import io.fd.vpp.jvpp.core.dto.IpsecSaDump; +import io.fd.vpp.jvpp.core.types.IpsecSadEntry; +import io.fd.vpp.jvpp.core.types.IpsecSadFlags; +import io.fd.vpp.jvpp.core.types.Key; import java.util.LinkedList; import org.junit.Test; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4AddressNoZone; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IkeEncryptionAlgorithmT; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecState; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.IpsecStateBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ipsec.rev181214.ipsec.sa.state.grouping.Sa; @@ -40,18 +48,14 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest IPSEC_STATE_ID = InstanceIdentifier.create(IpsecState.class); - private static final String LOCAL_ADDR_START = "192.168.11.1"; - private static final String REMOTE_ADDR_START = "192.168.22.1"; - private static final String TUNNEL_SRC_ADDR = LOCAL_ADDR_START; - private static final String TUNNEL_DST_ADDR = REMOTE_ADDR_START; + private static final Ipv4AddressNoZone TUNNEL_SRC_ADDR = new Ipv4AddressNoZone("192.168.11.1"); + private static final Ipv4AddressNoZone TUNNEL_DST_ADDR = new Ipv4AddressNoZone("192.168.22.1"); private static final int REPLY_WINDOW = 88; private static final int SA_ID = 10; private static final int SPI = 1001; - private static final int CRYPTO_ALG = 1; private static final String CRYPTO_KEY = "123456789"; private static final int INTEG_ALG = 2; private static final String INTEG_KEY = "987654321"; - private static final int PROTOCOL = 1; private static final int LAST_SEQ_INB = 8; private static final int HOLD_DOWN = 88; @@ -65,24 +69,28 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest saDetails = new LinkedList<>(); IpsecSaDetails saDetail = new IpsecSaDetails(); - saDetail.spi = SPI; - saDetail.saId = SA_ID; - saDetail.cryptoAlg = CRYPTO_ALG; - saDetail.cryptoKey = CRYPTO_KEY.getBytes(); - saDetail.integAlg = INTEG_ALG; - saDetail.integKey = INTEG_KEY.getBytes(); - saDetail.isTunnel = BYTE_TRUE; - saDetail.isTunnelIp6 = BYTE_FALSE; - saDetail.protocol = PROTOCOL; + saDetail.entry = new IpsecSadEntry(); + saDetail.entry.spi = SPI; + saDetail.entry.sadId = SA_ID; + saDetail.entry.cryptoAlgorithm = IPSEC_API_CRYPTO_ALG_AES_CBC_128; + saDetail.entry.cryptoKey = new Key(); + saDetail.entry.cryptoKey.data = CRYPTO_KEY.getBytes(); + saDetail.entry.cryptoKey.length = (byte) CRYPTO_KEY.getBytes().length; + saDetail.entry.integrityAlgorithm = IPSEC_API_INTEG_ALG_SHA1_96; + saDetail.entry.integrityKey = new Key(); + saDetail.entry.integrityKey.data = INTEG_KEY.getBytes(); + saDetail.entry.integrityKey.length = (byte) INTEG_KEY.getBytes().length; + saDetail.entry.protocol = IPSEC_API_PROTO_ESP; saDetail.lastSeqInbound = LAST_SEQ_INB; saDetail.replayWindow = REPLY_WINDOW; - saDetail.useAntiReplay = BYTE_TRUE; - saDetail.tunnelSrcAddr = ipv4AddressNoZoneToArray(TUNNEL_SRC_ADDR); - saDetail.tunnelDstAddr = ipv4AddressNoZoneToArray(TUNNEL_DST_ADDR); + saDetail.entry.flags = IpsecSadFlags.forValue(IpsecSadFlags.IPSEC_API_SAD_FLAG_IS_TUNNEL.value + + IpsecSadFlags.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY.value); + saDetail.entry.tunnelSrc = ipv4AddressNoZoneToAddress(TUNNEL_SRC_ADDR); + saDetail.entry.tunnelDst = ipv4AddressNoZoneToAddress(TUNNEL_DST_ADDR); saDetails.add(saDetail); saDetailsReply.ipsecSaDetails = saDetails; IpsecSaDump saDump = new IpsecSaDump(); @@ -98,15 +106,15 @@ public class IpsecStateCustomizerTest extends ReaderCustomizerTest