aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-04-08 14:48:23 +0000
committerDamjan Marion <dmarion@me.com>2019-04-08 21:52:04 +0000
commit1091c4aa9bd96055e7a94d368bd6abf0c9f1b73d (patch)
tree621b3ec4e61c96b38aa5ece700d10e6e727f6d40
parentc5df8c71cc867d8120a25e4bd6d065aa63d9011c (diff)
IPSEC TEST: various hash alogrithms
Change-Id: I925aa5bf9472e81f98072d63df499b19e6ddf43d Signed-off-by: Neale Ranns <nranns@cisco.com>
-rw-r--r--src/vnet/ipsec/esp.h2
-rw-r--r--test/template_ipsec.py4
-rw-r--r--test/test_ipsec_ah.py95
3 files changed, 90 insertions, 11 deletions
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index 4b67eb2134b..1e7f08277ca 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -57,7 +57,7 @@ typedef CLIB_PACKED (struct {
#define ESP_SEQ_MAX (4294967295UL)
#define ESP_MAX_BLOCK_SIZE (16)
#define ESP_MAX_IV_SIZE (16)
-#define ESP_MAX_ICV_SIZE (16)
+#define ESP_MAX_ICV_SIZE (32)
u8 *format_esp_header (u8 * s, va_list * args);
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index 6e6e37ba174..36e8da6635c 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -69,8 +69,8 @@ class IPsecIPv6Params(object):
self.vpp_tra_spi = 4000
self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
- IPSEC_API_INTEG_ALG_SHA_256_128)
- self.auth_algo = 'SHA2-256-128' # scapy name
+ IPSEC_API_INTEG_ALG_SHA1_96)
+ self.auth_algo = 'HMAC-SHA1-96' # scapy name
self.auth_key = 'C91KUR9GYMm5GfkEvNjX'
self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.
diff --git a/test/test_ipsec_ah.py b/test/test_ipsec_ah.py
index 0fb084199d8..6788876dad2 100644
--- a/test/test_ipsec_ah.py
+++ b/test/test_ipsec_ah.py
@@ -207,8 +207,13 @@ class TemplateIpsecAh(TemplateIpsec):
priority=10).add_vpp_config()
-class TestIpsecAh1(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
- """ Ipsec AH - TUN & TRA tests """
+class TestIpsecAh1(TemplateIpsecAh, IpsecTcpTests):
+ """ Ipsec AH - TCP tests """
+ pass
+
+
+class TestIpsecAh2(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
+ """ Ipsec AH w/ SHA1 """
tra4_encrypt_node_name = "ah4-encrypt"
tra4_decrypt_node_name = "ah4-decrypt"
tra6_encrypt_node_name = "ah6-encrypt"
@@ -219,13 +224,8 @@ class TestIpsecAh1(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
tun6_decrypt_node_name = "ah6-decrypt"
-class TestIpsecAh2(TemplateIpsecAh, IpsecTcpTests):
- """ Ipsec AH - TCP tests """
- pass
-
-
class TestIpsecAh3(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
- """ Ipsec AH w/ ESN - TCP tests """
+ """ Ipsec AH w/ SHA1 & ESN """
tra4_encrypt_node_name = "ah4-encrypt"
tra4_decrypt_node_name = "ah4-decrypt"
@@ -245,5 +245,84 @@ class TestIpsecAh3(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
p.flags = (VppEnum.vl_api_ipsec_sad_flags_t.
IPSEC_API_SAD_FLAG_USE_ESN)
+
+class TestIpsecAh4(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
+ """ Ipsec AH w/ SHA256 """
+
+ tra4_encrypt_node_name = "ah4-encrypt"
+ tra4_decrypt_node_name = "ah4-decrypt"
+ tra6_encrypt_node_name = "ah6-encrypt"
+ tra6_decrypt_node_name = "ah6-decrypt"
+ tun4_encrypt_node_name = "ah4-encrypt"
+ tun4_decrypt_node_name = "ah4-decrypt"
+ tun6_encrypt_node_name = "ah6-encrypt"
+ tun6_decrypt_node_name = "ah6-decrypt"
+
+ def setup_params(self):
+ self.ipv4_params = IPsecIPv4Params()
+ self.ipv6_params = IPsecIPv6Params()
+ self.ipv4_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA_256_128)
+ self.ipv4_params.auth_algo = 'SHA2-256-128' # scapy name
+ self.ipv6_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA_256_128)
+ self.ipv6_params.auth_algo = 'SHA2-256-128' # scapy name
+
+ self.params = {self.ipv4_params.addr_type: self.ipv4_params,
+ self.ipv6_params.addr_type: self.ipv6_params}
+
+
+class TestIpsecAh5(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
+ """ Ipsec AH w/ SHA384 """
+
+ tra4_encrypt_node_name = "ah4-encrypt"
+ tra4_decrypt_node_name = "ah4-decrypt"
+ tra6_encrypt_node_name = "ah6-encrypt"
+ tra6_decrypt_node_name = "ah6-decrypt"
+ tun4_encrypt_node_name = "ah4-encrypt"
+ tun4_decrypt_node_name = "ah4-decrypt"
+ tun6_encrypt_node_name = "ah6-encrypt"
+ tun6_decrypt_node_name = "ah6-decrypt"
+
+ def setup_params(self):
+ self.ipv4_params = IPsecIPv4Params()
+ self.ipv6_params = IPsecIPv6Params()
+ self.ipv4_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA_384_192)
+ self.ipv4_params.auth_algo = 'SHA2-384-192' # scapy name
+ self.ipv6_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA_384_192)
+ self.ipv6_params.auth_algo = 'SHA2-384-192' # scapy name
+
+ self.params = {self.ipv4_params.addr_type: self.ipv4_params,
+ self.ipv6_params.addr_type: self.ipv6_params}
+
+
+class TestIpsecAh6(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
+ """ Ipsec AH w/ SHA512 """
+
+ tra4_encrypt_node_name = "ah4-encrypt"
+ tra4_decrypt_node_name = "ah4-decrypt"
+ tra6_encrypt_node_name = "ah6-encrypt"
+ tra6_decrypt_node_name = "ah6-decrypt"
+ tun4_encrypt_node_name = "ah4-encrypt"
+ tun4_decrypt_node_name = "ah4-decrypt"
+ tun6_encrypt_node_name = "ah6-encrypt"
+ tun6_decrypt_node_name = "ah6-decrypt"
+
+ def setup_params(self):
+ self.ipv4_params = IPsecIPv4Params()
+ self.ipv6_params = IPsecIPv6Params()
+ self.ipv4_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA_512_256)
+ self.ipv4_params.auth_algo = 'SHA2-512-256' # scapy name
+ self.ipv6_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA_512_256)
+ self.ipv6_params.auth_algo = 'SHA2-512-256' # scapy name
+
+ self.params = {self.ipv4_params.addr_type: self.ipv4_params,
+ self.ipv6_params.addr_type: self.ipv6_params}
+
+
if __name__ == '__main__':
unittest.main(testRunner=VppTestRunner)