BFD: SHA1 authentication

Add authentication support to BFD feature. Out of three existing
authentication types, implement SHA1 (sole RFC requirement). Simple
password is insecure and MD5 is discouraged by the RFC, so ignore
those.
Add/change APIs to allow configuring BFD authentication keys
and their usage with BFD sessions.

Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415
Signed-off-by: Klement Sekera <ksekera@cisco.com>

1 files changed, 69 insertions, 8 deletions

diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py
index 90c954dc..72c18e6c 100644
--- a/test/vpp_papi_provider.py
+++ b/test/vpp_papi_provider.py
@@ -992,16 +992,57 @@ class VppPapiProvider(object):
         self.api(self.papi.control_ping)
 
     def bfd_udp_add(self, sw_if_index, desired_min_tx, required_min_rx,
-                    detect_mult, local_addr, peer_addr, is_ipv6=0):
-        return self.api(self.papi.bfd_udp_add,
+                    detect_mult, local_addr, peer_addr, is_ipv6=0,
+                    bfd_key_id=None, conf_key_id=None):
+        if bfd_key_id is None:
+            return self.api(self.papi.bfd_udp_add,
+                            {
+                                'sw_if_index': sw_if_index,
+                                'desired_min_tx': desired_min_tx,
+                                'required_min_rx': required_min_rx,
+                                'local_addr': local_addr,
+                                'peer_addr': peer_addr,
+                                'is_ipv6': is_ipv6,
+                                'detect_mult': detect_mult,
+                            })
+        else:
+            return self.api(self.papi.bfd_udp_add,
+                            {
+                                'sw_if_index': sw_if_index,
+                                'desired_min_tx': desired_min_tx,
+                                'required_min_rx': required_min_rx,
+                                'local_addr': local_addr,
+                                'peer_addr': peer_addr,
+                                'is_ipv6': is_ipv6,
+                                'detect_mult': detect_mult,
+                                'is_authenticated': 1,
+                                'bfd_key_id': bfd_key_id,
+                                'conf_key_id': conf_key_id,
+                            })
+
+    def bfd_udp_auth_activate(self, sw_if_index, local_addr, peer_addr,
+                              is_ipv6=0, bfd_key_id=None, conf_key_id=None,
+                              is_delayed=False):
+        return self.api(self.papi.bfd_udp_auth_activate,
                         {
                             'sw_if_index': sw_if_index,
-                            'desired_min_tx': desired_min_tx,
-                            'required_min_rx': required_min_rx,
                             'local_addr': local_addr,
                             'peer_addr': peer_addr,
                             'is_ipv6': is_ipv6,
-                            'detect_mult': detect_mult,
+                            'is_delayed': 1 if is_delayed else 0,
+                            'bfd_key_id': bfd_key_id,
+                            'conf_key_id': conf_key_id,
+                        })
+
+    def bfd_udp_auth_deactivate(self, sw_if_index, local_addr, peer_addr,
+                                is_ipv6=0, is_delayed=False):
+        return self.api(self.papi.bfd_udp_auth_deactivate,
+                        {
+                            'sw_if_index': sw_if_index,
+                            'local_addr': local_addr,
+                            'peer_addr': peer_addr,
+                            'is_ipv6': is_ipv6,
+                            'is_delayed': 1 if is_delayed else 0,
                         })
 
     def bfd_udp_del(self, sw_if_index, local_addr, peer_addr, is_ipv6=0):
@@ -1016,10 +1057,14 @@ class VppPapiProvider(object):
     def bfd_udp_session_dump(self):
         return self.api(self.papi.bfd_udp_session_dump, {})
 
-    def bfd_session_set_flags(self, bs_idx, admin_up_down):
-        return self.api(self.papi.bfd_session_set_flags, {
-            'bs_index': bs_idx,
+    def bfd_udp_session_set_flags(self, admin_up_down, sw_if_index, local_addr,
+                                  peer_addr, is_ipv6=0):
+        return self.api(self.papi.bfd_udp_session_set_flags, {
             'admin_up_down': admin_up_down,
+            'sw_if_index': sw_if_index,
+            'local_addr': local_addr,
+            'peer_addr': peer_addr,
+            'is_ipv6': is_ipv6,
         })
 
     def want_bfd_events(self, enable_disable=1):
@@ -1028,6 +1073,22 @@ class VppPapiProvider(object):
             'pid': os.getpid(),
         })
 
+    def bfd_auth_set_key(self, conf_key_id, auth_type, key):
+        return self.api(self.papi.bfd_auth_set_key, {
+            'conf_key_id': conf_key_id,
+            'auth_type': auth_type,
+            'key': key,
+            'key_len': len(key),
+        })
+
+    def bfd_auth_del_key(self, conf_key_id):
+        return self.api(self.papi.bfd_auth_del_key, {
+            'conf_key_id': conf_key_id,
+        })
+
+    def bfd_auth_keys_dump(self):
+        return self.api(self.papi.bfd_auth_keys_dump, {})
+
     def classify_add_del_table(
             self,
             is_add,