diff options
author | Neale Ranns <nranns@cisco.com> | 2019-04-08 14:48:23 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-04-08 21:52:04 +0000 |
commit | 1091c4aa9bd96055e7a94d368bd6abf0c9f1b73d (patch) | |
tree | 621b3ec4e61c96b38aa5ece700d10e6e727f6d40 | |
parent | c5df8c71cc867d8120a25e4bd6d065aa63d9011c (diff) |
IPSEC TEST: various hash alogrithms
Change-Id: I925aa5bf9472e81f98072d63df499b19e6ddf43d
Signed-off-by: Neale Ranns <nranns@cisco.com>
-rw-r--r-- | src/vnet/ipsec/esp.h | 2 | ||||
-rw-r--r-- | test/template_ipsec.py | 4 | ||||
-rw-r--r-- | test/test_ipsec_ah.py | 95 |
3 files changed, 90 insertions, 11 deletions
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h index 4b67eb2134b..1e7f08277ca 100644 --- a/src/vnet/ipsec/esp.h +++ b/src/vnet/ipsec/esp.h @@ -57,7 +57,7 @@ typedef CLIB_PACKED (struct { #define ESP_SEQ_MAX (4294967295UL) #define ESP_MAX_BLOCK_SIZE (16) #define ESP_MAX_IV_SIZE (16) -#define ESP_MAX_ICV_SIZE (16) +#define ESP_MAX_ICV_SIZE (32) u8 *format_esp_header (u8 * s, va_list * args); diff --git a/test/template_ipsec.py b/test/template_ipsec.py index 6e6e37ba174..36e8da6635c 100644 --- a/test/template_ipsec.py +++ b/test/template_ipsec.py @@ -69,8 +69,8 @@ class IPsecIPv6Params(object): self.vpp_tra_spi = 4000 self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. - IPSEC_API_INTEG_ALG_SHA_256_128) - self.auth_algo = 'SHA2-256-128' # scapy name + IPSEC_API_INTEG_ALG_SHA1_96) + self.auth_algo = 'HMAC-SHA1-96' # scapy name self.auth_key = 'C91KUR9GYMm5GfkEvNjX' self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t. diff --git a/test/test_ipsec_ah.py b/test/test_ipsec_ah.py index 0fb084199d8..6788876dad2 100644 --- a/test/test_ipsec_ah.py +++ b/test/test_ipsec_ah.py @@ -207,8 +207,13 @@ class TemplateIpsecAh(TemplateIpsec): priority=10).add_vpp_config() -class TestIpsecAh1(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests): - """ Ipsec AH - TUN & TRA tests """ +class TestIpsecAh1(TemplateIpsecAh, IpsecTcpTests): + """ Ipsec AH - TCP tests """ + pass + + +class TestIpsecAh2(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests): + """ Ipsec AH w/ SHA1 """ tra4_encrypt_node_name = "ah4-encrypt" tra4_decrypt_node_name = "ah4-decrypt" tra6_encrypt_node_name = "ah6-encrypt" @@ -219,13 +224,8 @@ class TestIpsecAh1(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests): tun6_decrypt_node_name = "ah6-decrypt" -class TestIpsecAh2(TemplateIpsecAh, IpsecTcpTests): - """ Ipsec AH - TCP tests """ - pass - - class TestIpsecAh3(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests): - """ Ipsec AH w/ ESN - TCP tests """ + """ Ipsec AH w/ SHA1 & ESN """ tra4_encrypt_node_name = "ah4-encrypt" tra4_decrypt_node_name = "ah4-decrypt" @@ -245,5 +245,84 @@ class TestIpsecAh3(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests): p.flags = (VppEnum.vl_api_ipsec_sad_flags_t. IPSEC_API_SAD_FLAG_USE_ESN) + +class TestIpsecAh4(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests): + """ Ipsec AH w/ SHA256 """ + + tra4_encrypt_node_name = "ah4-encrypt" + tra4_decrypt_node_name = "ah4-decrypt" + tra6_encrypt_node_name = "ah6-encrypt" + tra6_decrypt_node_name = "ah6-decrypt" + tun4_encrypt_node_name = "ah4-encrypt" + tun4_decrypt_node_name = "ah4-decrypt" + tun6_encrypt_node_name = "ah6-encrypt" + tun6_decrypt_node_name = "ah6-decrypt" + + def setup_params(self): + self.ipv4_params = IPsecIPv4Params() + self.ipv6_params = IPsecIPv6Params() + self.ipv4_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA_256_128) + self.ipv4_params.auth_algo = 'SHA2-256-128' # scapy name + self.ipv6_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA_256_128) + self.ipv6_params.auth_algo = 'SHA2-256-128' # scapy name + + self.params = {self.ipv4_params.addr_type: self.ipv4_params, + self.ipv6_params.addr_type: self.ipv6_params} + + +class TestIpsecAh5(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests): + """ Ipsec AH w/ SHA384 """ + + tra4_encrypt_node_name = "ah4-encrypt" + tra4_decrypt_node_name = "ah4-decrypt" + tra6_encrypt_node_name = "ah6-encrypt" + tra6_decrypt_node_name = "ah6-decrypt" + tun4_encrypt_node_name = "ah4-encrypt" + tun4_decrypt_node_name = "ah4-decrypt" + tun6_encrypt_node_name = "ah6-encrypt" + tun6_decrypt_node_name = "ah6-decrypt" + + def setup_params(self): + self.ipv4_params = IPsecIPv4Params() + self.ipv6_params = IPsecIPv6Params() + self.ipv4_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA_384_192) + self.ipv4_params.auth_algo = 'SHA2-384-192' # scapy name + self.ipv6_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA_384_192) + self.ipv6_params.auth_algo = 'SHA2-384-192' # scapy name + + self.params = {self.ipv4_params.addr_type: self.ipv4_params, + self.ipv6_params.addr_type: self.ipv6_params} + + +class TestIpsecAh6(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests): + """ Ipsec AH w/ SHA512 """ + + tra4_encrypt_node_name = "ah4-encrypt" + tra4_decrypt_node_name = "ah4-decrypt" + tra6_encrypt_node_name = "ah6-encrypt" + tra6_decrypt_node_name = "ah6-decrypt" + tun4_encrypt_node_name = "ah4-encrypt" + tun4_decrypt_node_name = "ah4-decrypt" + tun6_encrypt_node_name = "ah6-encrypt" + tun6_decrypt_node_name = "ah6-decrypt" + + def setup_params(self): + self.ipv4_params = IPsecIPv4Params() + self.ipv6_params = IPsecIPv6Params() + self.ipv4_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA_512_256) + self.ipv4_params.auth_algo = 'SHA2-512-256' # scapy name + self.ipv6_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA_512_256) + self.ipv6_params.auth_algo = 'SHA2-512-256' # scapy name + + self.params = {self.ipv4_params.addr_type: self.ipv4_params, + self.ipv6_params.addr_type: self.ipv6_params} + + if __name__ == '__main__': unittest.main(testRunner=VppTestRunner) |