aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeale Ranns <neale@graphiant.com>2021-06-28 13:31:28 +0000
committerBeno�t Ganne <bganne@cisco.com>2021-06-29 17:12:28 +0000
commit5b8911020ee5512d76c8daccaa199878ed7cbc01 (patch)
tree0c0960f5ffc12f1fe3d1a354a0736bd9ac374a07
parent3871bd3a07dfc775c29ea333d10c05ced2fea80e (diff)
ipsec: Fix setting the hi-sequence number for decrypt
Type: fix two problems; 1 - just because anti-reply is not enabled doesn't mean the high sequence number should not be used. - fix, there needs to be some means to detect a wrapped packet, so we use a window size of 2^30. 2 - The SA object was used as a scratch pad for the high-sequence number used during decryption. That means that once the batch has been processed the high-sequence number used is lost. This means it is not possible to distinguish this case: if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl)) { ... if (post_decrypt) { if (hi_seq_used == sa->seq_hi) /* the high sequence number used to succesfully decrypt this * packet is the same as the last-sequnence number of the SA. * that means this packet did not cause a wrap. * this packet is thus out of window and should be dropped */ return 1; else /* The packet decrypted with a different high sequence number * to the SA, that means it is the wrap packet and should be * accepted */ return 0; } - fix: don't use the SA as a scratch pad, use the 'packet_data' - the same place that is used as the scratch pad for the low sequence number. other consequences: - An SA doesn't have seq and last_seq, it has only seq; the sequence numnber of the last packet tx'd or rx'd. - there's 64bits of space available on the SA's first cache line. move the AES CTR mode IV there. - test the ESN/AR combinations to catch the bugs this fixes. This doubles the amount of tests, but without AR on they only run for 2 seconds. In the AR tests, the time taken to wait for packets that won't arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of these tests from 10-15 to about 5 sceonds. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
-rw-r--r--src/vnet/ipsec/ah_decrypt.c11
-rw-r--r--src/vnet/ipsec/esp.h7
-rw-r--r--src/vnet/ipsec/esp_decrypt.c135
-rw-r--r--src/vnet/ipsec/esp_encrypt.c16
-rw-r--r--src/vnet/ipsec/ipsec_api.c12
-rw-r--r--src/vnet/ipsec/ipsec_format.c5
-rw-r--r--src/vnet/ipsec/ipsec_sa.h178
-rw-r--r--test/template_ipsec.py213
-rw-r--r--test/test_ipsec_esp.py995
9 files changed, 1245 insertions, 327 deletions
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c
index d192fb6b80a..182ed3d231c 100644
--- a/src/vnet/ipsec/ah_decrypt.c
+++ b/src/vnet/ipsec/ah_decrypt.c
@@ -98,6 +98,7 @@ typedef struct
};
u32 sa_index;
u32 seq;
+ u32 seq_hi;
u8 icv_padding_len;
u8 icv_size;
u8 ip_hdr_size;
@@ -221,7 +222,8 @@ ah_decrypt_inline (vlib_main_t * vm,
pd->seq = clib_host_to_net_u32 (ah0->seq_no);
/* anti-replay check */
- if (ipsec_sa_anti_replay_check (sa0, pd->seq))
+ if (ipsec_sa_anti_replay_and_sn_advance (sa0, pd->seq, ~0, false,
+ &pd->seq_hi))
{
b[0]->error = node->errors[AH_DECRYPT_ERROR_REPLAY];
next[0] = AH_DECRYPT_NEXT_DROP;
@@ -257,7 +259,7 @@ ah_decrypt_inline (vlib_main_t * vm,
op->user_data = b - bufs;
if (ipsec_sa_is_set_USE_ESN (sa0))
{
- u32 seq_hi = clib_host_to_net_u32 (sa0->seq_hi);
+ u32 seq_hi = clib_host_to_net_u32 (pd->seq_hi);
op->len += sizeof (seq_hi);
clib_memcpy (op->src + b[0]->current_length, &seq_hi,
@@ -322,13 +324,14 @@ ah_decrypt_inline (vlib_main_t * vm,
if (PREDICT_TRUE (sa0->integ_alg != IPSEC_INTEG_ALG_NONE))
{
/* redo the anit-reply check. see esp_decrypt for details */
- if (ipsec_sa_anti_replay_check (sa0, pd->seq))
+ if (ipsec_sa_anti_replay_and_sn_advance (sa0, pd->seq, pd->seq_hi,
+ true, NULL))
{
b[0]->error = node->errors[AH_DECRYPT_ERROR_REPLAY];
next[0] = AH_DECRYPT_NEXT_DROP;
goto trace;
}
- ipsec_sa_anti_replay_advance (sa0, pd->seq);
+ ipsec_sa_anti_replay_advance (sa0, pd->seq, pd->seq_hi);
}
u16 ah_hdr_len = sizeof (ah_header_t) + pd->icv_size
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index a0643c3b939..d179233df49 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -118,7 +118,8 @@ esp_seq_advance (ipsec_sa_t * sa)
}
always_inline u16
-esp_aad_fill (u8 * data, const esp_header_t * esp, const ipsec_sa_t * sa)
+esp_aad_fill (u8 *data, const esp_header_t *esp, const ipsec_sa_t *sa,
+ u32 seq_hi)
{
esp_aead_t *aad;
@@ -128,7 +129,7 @@ esp_aad_fill (u8 * data, const esp_header_t * esp, const ipsec_sa_t * sa)
if (ipsec_sa_is_set_USE_ESN (sa))
{
/* SPI, seq-hi, seq-low */
- aad->data[1] = (u32) clib_host_to_net_u32 (sa->seq_hi);
+ aad->data[1] = (u32) clib_host_to_net_u32 (seq_hi);
aad->data[2] = esp->seq;
return 12;
}
@@ -199,7 +200,7 @@ typedef struct
i16 current_length;
u16 hdr_sz;
u16 is_chain;
- u32 protect_index;
+ u32 seq_hi;
} esp_decrypt_packet_data_t;
STATIC_ASSERT_SIZEOF (esp_decrypt_packet_data_t, 3 * sizeof (u64));
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index ec6d9811806..b700f2c9935 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -92,10 +92,14 @@ typedef struct
u32 seq;
u32 sa_seq;
u32 sa_seq_hi;
+ u32 pkt_seq_hi;
ipsec_crypto_alg_t crypto_alg;
ipsec_integ_alg_t integ_alg;
} esp_decrypt_trace_t;
+/* The number of byres in the hisequence number */
+#define N_HI_ESN_BYTES 4
+
/* packet trace format function */
static u8 *
format_esp_decrypt_trace (u8 * s, va_list * args)
@@ -104,11 +108,11 @@ format_esp_decrypt_trace (u8 * s, va_list * args)
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
esp_decrypt_trace_t *t = va_arg (*args, esp_decrypt_trace_t *);
- s =
- format (s,
- "esp: crypto %U integrity %U pkt-seq %d sa-seq %u sa-seq-hi %u",
- format_ipsec_crypto_alg, t->crypto_alg, format_ipsec_integ_alg,
- t->integ_alg, t->seq, t->sa_seq, t->sa_seq_hi);
+ s = format (s,
+ "esp: crypto %U integrity %U pkt-seq %d sa-seq %u sa-seq-hi %u "
+ "pkt-seq-hi %u",
+ format_ipsec_crypto_alg, t->crypto_alg, format_ipsec_integ_alg,
+ t->integ_alg, t->seq, t->sa_seq, t->sa_seq_hi, t->pkt_seq_hi);
return s;
}
@@ -235,40 +239,41 @@ esp_move_icv (vlib_main_t * vm, vlib_buffer_t * first,
return lb_curr;
}
-static_always_inline i16
-esp_insert_esn (vlib_main_t * vm, ipsec_sa_t * sa,
- esp_decrypt_packet_data2_t * pd2, u32 * data_len,
- u8 ** digest, u16 * len, vlib_buffer_t * b, u8 * payload)
+static_always_inline u16
+esp_insert_esn (vlib_main_t *vm, ipsec_sa_t *sa, esp_decrypt_packet_data_t *pd,
+ esp_decrypt_packet_data2_t *pd2, u32 *data_len, u8 **digest,
+ u16 *len, vlib_buffer_t *b, u8 *payload)
{
if (!ipsec_sa_is_set_USE_ESN (sa))
return 0;
-
/* shift ICV by 4 bytes to insert ESN */
- u32 seq_hi = clib_host_to_net_u32 (sa->seq_hi);
- u8 tmp[ESP_MAX_ICV_SIZE], sz = sizeof (sa->seq_hi);
+ u32 seq_hi = clib_host_to_net_u32 (pd->seq_hi);
+ u8 tmp[ESP_MAX_ICV_SIZE];
if (pd2->icv_removed)
{
u16 space_left = vlib_buffer_space_left_at_end (vm, pd2->lb);
- if (space_left >= sz)
+ if (space_left >= N_HI_ESN_BYTES)
{
- clib_memcpy_fast (vlib_buffer_get_tail (pd2->lb), &seq_hi, sz);
- *data_len += sz;
+ clib_memcpy_fast (vlib_buffer_get_tail (pd2->lb), &seq_hi,
+ N_HI_ESN_BYTES);
+ *data_len += N_HI_ESN_BYTES;
}
else
- return sz;
+ return N_HI_ESN_BYTES;
len[0] = b->current_length;
}
else
{
clib_memcpy_fast (tmp, payload + len[0], ESP_MAX_ICV_SIZE);
- clib_memcpy_fast (payload + len[0], &seq_hi, sz);
- clib_memcpy_fast (payload + len[0] + sz, tmp, ESP_MAX_ICV_SIZE);
- *data_len += sz;
- *digest += sz;
+ clib_memcpy_fast (payload + len[0], &seq_hi, N_HI_ESN_BYTES);
+ clib_memcpy_fast (payload + len[0] + N_HI_ESN_BYTES, tmp,
+ ESP_MAX_ICV_SIZE);
+ *data_len += N_HI_ESN_BYTES;
+ *digest += N_HI_ESN_BYTES;
}
- return sz;
+ return N_HI_ESN_BYTES;
}
static_always_inline u8 *
@@ -284,14 +289,14 @@ esp_move_icv_esn (vlib_main_t * vm, vlib_buffer_t * first,
if (ipsec_sa_is_set_USE_ESN (sa))
{
- u8 sz = sizeof (sa->seq_hi);
- u32 seq_hi = clib_host_to_net_u32 (sa->seq_hi);
+ u32 seq_hi = clib_host_to_net_u32 (pd->seq_hi);
u16 space_left = vlib_buffer_space_left_at_end (vm, pd2->lb);
- if (space_left >= sz)
+ if (space_left >= N_HI_ESN_BYTES)
{
- clib_memcpy_fast (vlib_buffer_get_tail (pd2->lb), &seq_hi, sz);
- *len += sz;
+ clib_memcpy_fast (vlib_buffer_get_tail (pd2->lb), &seq_hi,
+ N_HI_ESN_BYTES);
+ *len += N_HI_ESN_BYTES;
}
else
{
@@ -299,7 +304,8 @@ esp_move_icv_esn (vlib_main_t * vm, vlib_buffer_t * first,
* (with ICV data) */
ASSERT (pd2->icv_removed);
vlib_buffer_t *tmp = vlib_get_buffer (vm, pd2->free_buffer_index);
- clib_memcpy_fast (vlib_buffer_get_current (tmp) - sz, &seq_hi, sz);
+ clib_memcpy_fast (vlib_buffer_get_current (tmp) - N_HI_ESN_BYTES,
+ &seq_hi, N_HI_ESN_BYTES);
extra_esn[0] = 1;
}
}
@@ -307,11 +313,12 @@ esp_move_icv_esn (vlib_main_t * vm, vlib_buffer_t * first,
}
static_always_inline int
-esp_decrypt_chain_integ (vlib_main_t * vm, ipsec_per_thread_data_t * ptd,
- esp_decrypt_packet_data2_t * pd2,
- ipsec_sa_t * sa0, vlib_buffer_t * b, u8 icv_sz,
- u8 * start_src, u32 start_len,
- u8 ** digest, u16 * n_ch, u32 * integ_total_len)
+esp_decrypt_chain_integ (vlib_main_t *vm, ipsec_per_thread_data_t *ptd,
+ const esp_decrypt_packet_data_t *pd,
+ esp_decrypt_packet_data2_t *pd2, ipsec_sa_t *sa0,
+ vlib_buffer_t *b, u8 icv_sz, u8 *start_src,
+ u32 start_len, u8 **digest, u16 *n_ch,
+ u32 *integ_total_len)
{
vnet_crypto_op_chunk_t *ch;
vlib_buffer_t *cb = vlib_get_buffer (vm, b->next_buffer);
@@ -334,19 +341,19 @@ esp_decrypt_chain_integ (vlib_main_t * vm, ipsec_per_thread_data_t * ptd,
ch->len = cb->current_length - icv_sz;
if (ipsec_sa_is_set_USE_ESN (sa0))
{
- u32 seq_hi = clib_host_to_net_u32 (sa0->seq_hi);
- u8 tmp[ESP_MAX_ICV_SIZE], sz = sizeof (sa0->seq_hi);
+ u32 seq_hi = clib_host_to_net_u32 (pd->seq_hi);
+ u8 tmp[ESP_MAX_ICV_SIZE];
u8 *esn;
vlib_buffer_t *tmp_b;
u16 space_left = vlib_buffer_space_left_at_end (vm, pd2->lb);
- if (space_left < sz)
+ if (space_left < N_HI_ESN_BYTES)
{
if (pd2->icv_removed)
{
/* use pre-data area from the last bufer
that was removed from the chain */
tmp_b = vlib_get_buffer (vm, pd2->free_buffer_index);
- esn = tmp_b->data - sz;
+ esn = tmp_b->data - N_HI_ESN_BYTES;
}
else
{
@@ -358,28 +365,29 @@ esp_decrypt_chain_integ (vlib_main_t * vm, ipsec_per_thread_data_t * ptd,
esn = tmp_b->data;
pd2->free_buffer_index = tmp_bi;
}
- clib_memcpy_fast (esn, &seq_hi, sz);
+ clib_memcpy_fast (esn, &seq_hi, N_HI_ESN_BYTES);
vec_add2 (ptd->chunks, ch, 1);
n_chunks += 1;
ch->src = esn;
- ch->len = sz;
+ ch->len = N_HI_ESN_BYTES;
}
else
{
if (pd2->icv_removed)
{
- clib_memcpy_fast (vlib_buffer_get_tail
- (pd2->lb), &seq_hi, sz);
+ clib_memcpy_fast (vlib_buffer_get_tail (pd2->lb),
+ &seq_hi, N_HI_ESN_BYTES);
}
else
{
clib_memcpy_fast (tmp, *digest, ESP_MAX_ICV_SIZE);
- clib_memcpy_fast (*digest, &seq_hi, sz);
- clib_memcpy_fast (*digest + sz, tmp, ESP_MAX_ICV_SIZE);
- *digest += sz;
+ clib_memcpy_fast (*digest, &seq_hi, N_HI_ESN_BYTES);
+ clib_memcpy_fast (*digest + N_HI_ESN_BYTES, tmp,
+ ESP_MAX_ICV_SIZE);
+ *digest += N_HI_ESN_BYTES;
}
- ch->len += sz;
+ ch->len += N_HI_ESN_BYTES;
}
}
total_len += ch->len;
@@ -540,7 +548,7 @@ esp_decrypt_prepare_sync_op (vlib_main_t * vm, vlib_node_runtime_t * node,
op->flags |= VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS;
op->chunk_index = vec_len (ptd->chunks);
- if (esp_decrypt_chain_integ (vm, ptd, pd2, sa0, b, icv_sz,
+ if (esp_decrypt_chain_integ (vm, ptd, pd, pd2, sa0, b, icv_sz,
payload, pd->current_length,
&op->digest, &op->n_chunks, 0) < 0)
{
@@ -550,7 +558,7 @@ esp_decrypt_prepare_sync_op (vlib_main_t * vm, vlib_node_runtime_t * node,
}
}
else
- esp_insert_esn (vm, sa0, pd2, &op->len, &op->digest, &len, b,
+ esp_insert_esn (vm, sa0, pd, pd2, &op->len, &op->digest, &len, b,
payload);
out:
vec_add_aligned (*(integ_ops[0]), op, 1, CLIB_CACHE_LINE_BYTES);
@@ -576,7 +584,7 @@ esp_decrypt_prepare_sync_op (vlib_main_t * vm, vlib_node_runtime_t * node,
/* constuct aad in a scratch space in front of the nonce */
esp_header_t *esp0 = (esp_header_t *) (payload - esp_sz);
op->aad = (u8 *) nonce - sizeof (esp_aead_t);
- op->aad_len = esp_aad_fill (op->aad, esp0, sa0);
+ op->aad_len = esp_aad_fill (op->aad, esp0, sa0, pd->seq_hi);
op->tag = payload + len;
op->tag_len = 16;
}
@@ -617,7 +625,6 @@ esp_decrypt_prepare_async_frame (vlib_main_t *vm, vlib_node_runtime_t *node,
vlib_buffer_t *b, u16 *next, u16 async_next)
{
const u8 esp_sz = sizeof (esp_header_t);
- u32 current_protect_index = vnet_buffer (b)->ipsec.protect_index;
esp_decrypt_packet_data_t *async_pd = &(esp_post_data (b))->decrypt_data;
esp_decrypt_packet_data2_t *async_pd2 = esp_post_data2 (b);
u8 *tag = payload + len, *iv = payload + esp_sz, *aad = 0;
@@ -671,16 +678,16 @@ esp_decrypt_prepare_async_frame (vlib_main_t *vm, vlib_node_runtime_t *node,
tag = vlib_buffer_get_tail (pd2->lb) - icv_sz;
flags |= VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS;
- if (esp_decrypt_chain_integ (vm, ptd, pd2, sa0, b, icv_sz, payload,
- pd->current_length, &tag,
- 0, &integ_len) < 0)
+ if (esp_decrypt_chain_integ (vm, ptd, pd, pd2, sa0, b, icv_sz,
+ payload, pd->current_length, &tag, 0,
+ &integ_len) < 0)
{
/* allocate buffer failed, will not add to frame and drop */
return (ESP_DECRYPT_ERROR_NO_BUFFERS);
}
}
else
- esp_insert_esn (vm, sa0, pd2, &integ_len, &tag, &len, b, payload);
+ esp_insert_esn (vm, sa0, pd, pd2, &integ_len, &tag, &len, b, payload);
}
else
key_index = sa0->crypto_key_index;
@@ -701,7 +708,7 @@ out:
/* constuct aad in a scratch space in front of the nonce */
esp_header_t *esp0 = (esp_header_t *) (payload - esp_sz);
aad = (u8 *) nonce - sizeof (esp_aead_t);
- esp_aad_fill (aad, esp0, sa0);
+ esp_aad_fill (aad, esp0, sa0, pd->seq_hi);
tag = payload + len;
}
else
@@ -730,7 +737,6 @@ out:
*async_pd = *pd;
*async_pd2 = *pd2;
- pd->protect_index = current_protect_index;
/* for AEAD integ_len - crypto_len will be negative, it is ok since it
* is ignored by the engine. */
@@ -776,14 +782,15 @@ esp_decrypt_post_crypto (vlib_main_t * vm, vlib_node_runtime_t * node,
* a sequence s, s+1, s+2, s+3, ... s+n and nothing will prevent any
* implementation, sequential or batching, from decrypting these.
*/
- if (ipsec_sa_anti_replay_check (sa0, pd->seq))
+ if (ipsec_sa_anti_replay_and_sn_advance (sa0, pd->seq, pd->seq_hi, true,
+ NULL))
{
b->error = node->errors[ESP_DECRYPT_ERROR_REPLAY];
next[0] = ESP_DECRYPT_NEXT_DROP;
return;
}
- ipsec_sa_anti_replay_advance (sa0, pd->seq);
+ ipsec_sa_anti_replay_advance (sa0, pd->seq, pd->seq_hi);
if (pd->is_chain)
{
@@ -968,12 +975,8 @@ esp_decrypt_post_crypto (vlib_main_t * vm, vlib_node_runtime_t * node,
*/
const ipsec_tun_protect_t *itp;
- if (is_async)
- itp = ipsec_tun_protect_get (pd->protect_index);
- else
- itp =
- ipsec_tun_protect_get (vnet_buffer (b)->
- ipsec.protect_index);
+ itp =
+ ipsec_tun_protect_get (vnet_buffer (b)->ipsec.protect_index);
if (PREDICT_TRUE (next_header == IP_PROTOCOL_IP_IN_IP))
{
@@ -1148,7 +1151,8 @@ esp_decrypt_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
pd->current_length = b[0]->current_length;
/* anti-reply check */
- if (ipsec_sa_anti_replay_check (sa0, pd->seq))
+ if (ipsec_sa_anti_replay_and_sn_advance (sa0, pd->seq, ~0, false,
+ &pd->seq_hi))
{
err = ESP_DECRYPT_ERROR_REPLAY;
esp_set_next_index (b[0], node, err, n_noop, noop_nexts,
@@ -1306,8 +1310,9 @@ esp_decrypt_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
tr->crypto_alg = sa0->crypto_alg;
tr->integ_alg = sa0->integ_alg;
tr->seq = pd->seq;
- tr->sa_seq = sa0->last_seq;
+ tr->sa_seq = sa0->seq;
tr->sa_seq_hi = sa0->seq_hi;
+ tr->pkt_seq_hi = pd->seq_hi;
}
/* next */
@@ -1374,7 +1379,7 @@ esp_decrypt_post_inline (vlib_main_t * vm,
tr->crypto_alg = sa0->crypto_alg;
tr->integ_alg = sa0->integ_alg;
tr->seq = pd->seq;
- tr->sa_seq = sa0->last_seq;
+ tr->sa_seq = sa0->seq;
tr->sa_seq_hi = sa0->seq_hi;
}
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 68aeb60885c..da9c56a7e03 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -379,7 +379,7 @@ esp_encrypt_chain_integ (vlib_main_t * vm, ipsec_per_thread_data_t * ptd,
always_inline void
esp_prepare_sync_op (vlib_main_t *vm, ipsec_per_thread_data_t *ptd,
vnet_crypto_op_t **crypto_ops,
- vnet_crypto_op_t **integ_ops, ipsec_sa_t *sa0,
+ vnet_crypto_op_t **integ_ops, ipsec_sa_t *sa0, u32 seq_hi,
u8 *payload, u16 payload_len, u8 iv_sz, u8 icv_sz, u32 bi,
vlib_buffer_t **b, vlib_buffer_t *lb, u32 hdr_len,
esp_header_t *esp)
@@ -408,7 +408,7 @@ esp_prepare_sync_op (vlib_main_t *vm, ipsec_per_thread_data_t *ptd,
{
/* constuct aad in a scratch space in front of the nonce */
op->aad = (u8 *) nonce - sizeof (esp_aead_t);
- op->aad_len = esp_aad_fill (op->aad, esp, sa0);
+ op->aad_len = esp_aad_fill (op->aad, esp, sa0, seq_hi);
op->tag = payload + op->len;
op->tag_len = 16;
}
@@ -465,8 +465,8 @@ esp_prepare_sync_op (vlib_main_t *vm, ipsec_per_thread_data_t *ptd,
}
else if (ipsec_sa_is_set_USE_ESN (sa0))
{
- u32 seq_hi = clib_net_to_host_u32 (sa0->seq_hi);
- clib_memcpy_fast (op->digest, &seq_hi, sizeof (seq_hi));
+ u32 tmp = clib_net_to_host_u32 (seq_hi);
+ clib_memcpy_fast (op->digest, &tmp, sizeof (seq_hi));
op->len += sizeof (seq_hi);
}
}
@@ -508,7 +508,7 @@ esp_prepare_async_frame (vlib_main_t *vm, ipsec_per_thread_data_t *ptd,
{
/* constuct aad in a scratch space in front of the nonce */
aad = (u8 *) nonce - sizeof (esp_aead_t);
- esp_aad_fill (aad, esp, sa);
+ esp_aad_fill (aad, esp, sa, sa->seq_hi);
key_index = sa->crypto_key_index;
}
else
@@ -956,9 +956,9 @@ esp_encrypt_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
async_next_node, lb);
}
else
- esp_prepare_sync_op (vm, ptd, crypto_ops, integ_ops, sa0, payload,
- payload_len, iv_sz, icv_sz, n_sync, b, lb,
- hdr_len, esp);
+ esp_prepare_sync_op (vm, ptd, crypto_ops, integ_ops, sa0, sa0->seq_hi,
+ payload, payload_len, iv_sz, icv_sz, n_sync, b,
+ lb, hdr_len, esp);
vlib_buffer_advance (b[0], 0LL - hdr_len);
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 73f4474a604..11bfa41b4f1 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -826,11 +826,11 @@ send_ipsec_sa_details (ipsec_sa_t * sa, void *arg)
}
mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
- mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
+ mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
if (ipsec_sa_is_set_USE_ESN (sa))
{
mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
- mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
+ mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
}
if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
@@ -913,11 +913,11 @@ send_ipsec_sa_v2_details (ipsec_sa_t * sa, void *arg)
mp->entry.dscp = ip_dscp_encode (sa->tunnel.t_dscp);
mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
- mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
+ mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
if (ipsec_sa_is_set_USE_ESN (sa))
{
mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
- mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
+ mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
}
if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
@@ -993,11 +993,11 @@ send_ipsec_sa_v3_details (ipsec_sa_t *sa, void *arg)
}
mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
- mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
+ mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
if (ipsec_sa_is_set_USE_ESN (sa))
{
mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
- mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
+ mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
}
if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
diff --git a/src/vnet/ipsec/ipsec_format.c b/src/vnet/ipsec/ipsec_format.c
index b67c11da1cd..5f7caab44e4 100644
--- a/src/vnet/ipsec/ipsec_format.c
+++ b/src/vnet/ipsec/ipsec_format.c
@@ -293,9 +293,8 @@ format_ipsec_sa (u8 * s, va_list * args)
s = format (s, "\n salt 0x%x", clib_net_to_host_u32 (sa->salt));
s = format (s, "\n thread-index:%d", sa->thread_index);
s = format (s, "\n seq %u seq-hi %u", sa->seq, sa->seq_hi);
- s = format (s, "\n last-seq %u last-seq-hi %u window %U",
- sa->last_seq, sa->last_seq_hi,
- format_ipsec_replay_window, sa->replay_window);
+ s = format (s, "\n window %U", format_ipsec_replay_window,
+ sa->replay_window);
s = format (s, "\n crypto alg %U",
format_ipsec_crypto_alg, sa->crypto_alg);
if (sa->crypto_alg && (flags & IPSEC_FORMAT_INSECURE))
diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index 7827ef18084..14461ad2cdd 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h
@@ -131,9 +131,8 @@ typedef struct
u32 spi;
u32 seq;
u32 seq_hi;
- u32 last_seq;
- u32 last_seq_hi;
u64 replay_window;
+ u64 ctr_iv_counter;
dpo_id_t dpo;
vnet_crypto_key_index_t crypto_key_index;
@@ -162,7 +161,6 @@ typedef struct
CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
- u64 ctr_iv_counter;
union
{
ip4_header_t ip4_hdr;
@@ -312,45 +310,104 @@ extern uword unformat_ipsec_key (unformat_input_t * input, va_list * args);
*/
#define IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND(_tl) (_tl - IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE + 1)
+always_inline int
+ipsec_sa_anti_replay_check (const ipsec_sa_t *sa, u32 seq)
+{
+ if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa) &&
+ sa->replay_window & (1ULL << (sa->seq - seq)))
+ return 1;
+ else
+ return 0;
+}
+
/*
* Anti replay check.
* inputs need to be in host byte order.
+ *
+ * The function runs in two contexts. pre and post decrypt.
+ * Pre-decrypt it:
+ * 1 - determines if a packet is a replay - a simple check in the window
+ * 2 - returns the hi-seq number that should be used to decrypt.
+ * post-decrypt:
+ * Checks whether the packet is a replay or falls out of window
+ *
+ * This funcion should be called even without anti-replay enabled to ensure
+ * the high sequence number is set.
*/
always_inline int
-ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq)
+ipsec_sa_anti_replay_and_sn_advance (const ipsec_sa_t *sa, u32 seq,
+ u32 hi_seq_used, bool post_decrypt,
+ u32 *hi_seq_req)
{
- u32 diff, tl, th;
-
- if ((sa->flags & IPSEC_SA_FLAG_USE_ANTI_REPLAY) == 0)
- return 0;
+ ASSERT ((post_decrypt == false) == (hi_seq_req != 0));
if (!ipsec_sa_is_set_USE_ESN (sa))
{
- if (PREDICT_TRUE (seq > sa->last_seq))
+ if (hi_seq_req)
+ /* no ESN, therefore the hi-seq is always 0 */
+ *hi_seq_req = 0;
+
+ if (!ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
return 0;
- diff = sa->last_seq - seq;
+ if (PREDICT_TRUE (seq > sa->seq))
+ return 0;
+
+ u32 diff = sa->seq - seq;
if (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE > diff)
- return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
+ return ((sa->replay_window & (1ULL << diff)) ? 1 : 0);
else
return 1;
return 0;
}
- tl = sa->last_seq;
- th = sa->last_seq_hi;
- diff = tl - seq;
-
- if (PREDICT_TRUE (tl >= (IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX)))
+ if (!ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
+ {
+ /* there's no AR configured for this SA, but in order
+ * to know whether a packet has wrapped the hi ESN we need
+ * to know whether it is out of window. if we use the default
+ * lower bound then we are effectively forcing AR because
+ * out of window packets will get the increased hi seq number
+ * and will thus fail to decrypt. IOW we need a window to know
+ * if the SN has wrapped, but we don't want a window to check for
+ * anti replay. to resolve the contradiction we use a huge window.
+ * if the packet is not within 2^30 of the current SN, we'll consider
+ * it a wrap.
+ */
+ if (hi_seq_req)
+ {
+ if (seq >= sa->seq)
+ /* The packet's sequence number is larger that the SA's.
+ * that can't be a warp - unless we lost more than
+ * 2^32 packets ... how could we know? */
+ *hi_seq_req = sa->seq_hi;
+ else
+ {
+ /* The packet's SN is less than the SAs, so either the SN has
+ * wrapped or the SN is just old. */
+ if (sa->seq - seq > (1 << 30))
+ /* It's really really really old => it wrapped */
+ *hi_seq_req = sa->seq_hi + 1;
+ else
+ *hi_seq_req = sa->seq_hi;
+ }
+ }
+ /*
+ * else
+ * this is post-decrpyt and since it decrypted we accept it
+ */
+ return 0;
+ }
+ if (PREDICT_TRUE (sa->seq >= (IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX)))
{
/*
* the last sequence number VPP recieved is more than one
* window size greater than zero.
* Case A from RFC4303 Appendix A.
*/
- if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl))
+ if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (sa->seq))
{
/*
* the received sequence number is lower than the lower bound
@@ -358,8 +415,28 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq)
* the high sequence number has wrapped. if it decrypts corrently
* then it's the latter.
*/
- sa->seq_hi = th + 1;
- return 0;
+ if (post_decrypt)
+ {
+ if (hi_seq_used == sa->seq_hi)
+ /* the high sequence number used to succesfully decrypt this
+ * packet is the same as the last-sequnence number of the SA.
+ * that means this packet did not cause a wrap.
+ * this packet is thus out of window and should be dropped */
+ return 1;
+ else
+ /* The packet decrypted with a different high sequence number
+ * to the SA, that means it is the wrap packet and should be
+ * accepted */
+ return 0;
+ }
+ else
+ {
+ /* pre-decrypt it might be the might that casues a wrap, we
+ * need to decrpyt to find out */
+ if (hi_seq_req)
+ *hi_seq_req = sa->seq_hi + 1;
+ return 0;
+ }
}
else
{
@@ -367,13 +444,14 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq)
* the recieved sequence number greater than the low
* end of the window.
*/
- sa->seq_hi = th;
- if (seq <= tl)
+ if (hi_seq_req)
+ *hi_seq_req = sa->seq_hi;
+ if (seq <= sa->seq)
/*
* The recieved seq number is within bounds of the window
* check if it's a duplicate
*/
- return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
+ return (ipsec_sa_anti_replay_check (sa, seq));
else
/*
* The received sequence number is greater than the window
@@ -393,19 +471,20 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq)
* RHS will be a larger number.
* Case B from RFC4303 Appendix A.
*/
- if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl))
+ if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (sa->seq))
{
/*
* the sequence number is less than the lower bound.
*/
- if (seq <= tl)
+ if (seq <= sa->seq)
{
/*
* the packet is within the window upper bound.
* check for duplicates.
*/
- sa->seq_hi = th;
- return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
+ if (hi_seq_req)
+ *hi_seq_req = sa->seq_hi;
+ return (ipsec_sa_anti_replay_check (sa, seq));
}
else
{
@@ -418,7 +497,8 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq)
* wrapped the high sequence again. If it were the latter then
* we've lost close to 2^32 packets.
*/
- sa->seq_hi = th;
+ if (hi_seq_req)
+ *hi_seq_req = sa->seq_hi;
return 0;
}
}
@@ -431,73 +511,79 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq)
* However, since TL is the other side of 0 to the received
* packet, the SA has moved on to a higher sequence number.
*/
- sa->seq_hi = th - 1;
- return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
+ if (hi_seq_req)
+ *hi_seq_req = sa->seq_hi - 1;
+ return (ipsec_sa_anti_replay_check (sa, seq));
}
}
+ /* unhandled case */
+ ASSERT (0);
return 0;
}
/*
* Anti replay window advance
* inputs need to be in host byte order.
+ * This function both advances the anti-replay window and the sequence number
+ * We always need to move on the SN but the window updates are only needed
+ * if AR is on.
+ * However, updating the window is trivial, so we do it anyway to save
+ * the branch cost.
*/
always_inline void
-ipsec_sa_anti_replay_advance (ipsec_sa_t * sa, u32 seq)
+ipsec_sa_anti_replay_advance (ipsec_sa_t *sa, u32 seq, u32 hi_seq)
{
u32 pos;
- if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_ANTI_REPLAY) == 0)
- return;
- if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_ESN))
+ if (ipsec_sa_is_set_USE_ESN (sa))
{
- int wrap = sa->seq_hi - sa->last_seq_hi;
+ int wrap = hi_seq - sa->seq_hi;
- if (wrap == 0 && seq > sa->last_seq)
+ if (wrap == 0 && seq > sa->seq)
{
- pos = seq - sa->last_seq;
+ pos = seq - sa->seq;
if (pos < IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE)
sa->replay_window = ((sa->replay_window) << pos) | 1;
else
sa->replay_window = 1;
- sa->last_seq = seq;
+ sa->seq = seq;
}
else if (wrap > 0)
{
- pos = ~seq + sa->last_seq + 1;
+ pos = ~seq + sa->seq + 1;
if (pos < IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE)
sa->replay_window = ((sa->replay_window) << pos) | 1;
else
sa->replay_window = 1;
- sa->last_seq = seq;
- sa->last_seq_hi = sa->seq_hi;
+ sa->seq = seq;
+ sa->seq_hi = hi_seq;
}
else if (wrap < 0)
{
- pos = ~seq + sa->last_seq + 1;
+ pos = ~seq + sa->seq + 1;
sa->replay_window |= (1ULL << pos);
}
else
{
- pos = sa->last_seq - seq;
+ pos = sa->seq - seq;
sa->replay_window |= (1ULL << pos);
}
}
else
{
- if (seq > sa->last_seq)
+ if (seq > sa->seq)
{
- pos = seq - sa->last_seq;
+ pos = seq - sa->seq;
if (pos < IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE)
sa->replay_window = ((sa->replay_window) << pos) | 1;
else
sa->replay_window = 1;
- sa->last_seq = seq;
+ sa->seq = seq;
}
else
{
- pos = sa->last_seq - seq;
+ pos = sa->seq - seq;
sa->replay_window |= (1ULL << pos);
}
}
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index fd9d91f3cfb..57c84342cb7 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -324,6 +324,199 @@ class IpsecTra4(object):
return count
+ def verify_hi_seq_num(self):
+ p = self.params[socket.AF_INET]
+ saf = VppEnum.vl_api_ipsec_sad_flags_t
+ esn_on = p.vpp_tra_sa.esn_en
+ ar_on = p.flags & saf.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY
+
+ seq_cycle_node_name = \
+ ('/err/%s/sequence number cycled (packet dropped)' %
+ self.tra4_encrypt_node_name)
+ replay_count = self.get_replay_counts(p)
+ hash_failed_count = self.get_hash_failed_counts(p)
+ seq_cycle_count = self.statistics.get_err_counter(seq_cycle_node_name)
+
+ # a few packets so we get the rx seq number above the window size and
+ # thus can simulate a wrap with an out of window packet
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=seq))
+ for seq in range(63, 80)]
+ recv_pkts = self.send_and_expect(self.tra_if, pkts, self.tra_if)
+
+ # these 4 packets will all choose seq-num 0 to decrpyt since none
+ # are out of window when first checked. however, once #200 has
+ # decrypted it will move the window to 200 and has #81 is out of
+ # window. this packet should be dropped.
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=200)),
+ (Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=81)),
+ (Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=201)),
+ (Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=202))]
+
+ # if anti-replay is off then we won't drop #81
+ n_rx = 3 if ar_on else 4
+ self.send_and_expect(self.tra_if, pkts, self.tra_if, n_rx=n_rx)
+ # this packet is one before the wrap
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=203))]
+ recv_pkts = self.send_and_expect(self.tra_if, pkts, self.tra_if)
+
+ # move the window over half way to a wrap
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x80000001))]
+ recv_pkts = self.send_and_expect(self.tra_if, pkts, self.tra_if)
+
+ # anti-replay will drop old packets, no anti-replay will not
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x44000001))]
+
+ if ar_on:
+ self.send_and_assert_no_replies(self.tra_if, pkts)
+ else:
+ recv_pkts = self.send_and_expect(self.tra_if, pkts, self.tra_if)
+
+ if esn_on:
+ #
+ # validate wrapping the ESN
+ #
+
+ # wrap scapy's TX SA SN
+ p.scapy_tra_sa.seq_num = 0x100000005
+
+ # send a packet that wraps the window for both AR and no AR
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x100000005))]
+
+ rxs = self.send_and_expect(self.tra_if, pkts, self.tra_if)
+ for rx in rxs:
+ decrypted = p.vpp_tra_sa.decrypt(rx[0][IP])
+
+ # move the window forward to half way to the next wrap
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x180000005))]
+
+ rxs = self.send_and_expect(self.tra_if, pkts, self.tra_if)
+
+ # a packet less than 2^30 from the current position is:
+ # - AR: out of window and dropped
+ # - non-AR: accepted
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x170000005))]
+
+ if ar_on:
+ self.send_and_assert_no_replies(self.tra_if, pkts)
+ else:
+ self.send_and_expect(self.tra_if, pkts, self.tra_if)
+
+ # a packet more than 2^30 from the current position is:
+ # - AR: out of window and dropped
+ # - non-AR: considered a wrap, but since it's not a wrap
+ # it won't decrpyt and so will be dropped
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x130000005))]
+
+ self.send_and_assert_no_replies(self.tra_if, pkts)
+
+ # a packet less than 2^30 from the current position and is a
+ # wrap; (the seq is currently at 0x180000005).
+ # - AR: out of window so considered a wrap, so accepted
+ # - non-AR: not considered a wrap, so won't decrypt
+ p.scapy_tra_sa.seq_num = 0x260000005
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x260000005))]
+ if ar_on:
+ self.send_and_expect(self.tra_if, pkts, self.tra_if)
+ else:
+ self.send_and_assert_no_replies(self.tra_if, pkts)
+
+ #
+ # window positions are different now for AR/non-AR
+ # move non-AR forward
+ #
+ if not ar_on:
+ # a packet more than 2^30 from the current position and is a
+ # wrap; (the seq is currently at 0x180000005).
+ # - AR: accepted
+ # - non-AR: not considered a wrap, so won't decrypt
+
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x200000005)),
+ (Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x200000006))]
+ self.send_and_expect(self.tra_if, pkts, self.tra_if)
+
+ pkts = [(Ether(src=self.tra_if.remote_mac,
+ dst=self.tra_if.local_mac) /
+ p.scapy_tra_sa.encrypt(IP(src=self.tra_if.remote_ip4,
+ dst=self.tra_if.local_ip4) /
+ ICMP(),
+ seq_num=0x260000005))]
+ self.send_and_expect(self.tra_if, pkts, self.tra_if)
+
def verify_tra_anti_replay(self):
p = self.params[socket.AF_INET]
esn_en = p.vpp_tra_sa.esn_en
@@ -359,7 +552,7 @@ class IpsecTra4(object):
recv_pkts = self.send_and_expect(self.tra_if, pkts, self.tra_if)
# replayed packets are dropped
- self.send_and_assert_no_replies(self.tra_if, pkts)
+ self.send_and_assert_no_replies(self.tra_if, pkts, timeout=0.2)
replay_count += len(pkts)
self.assertEqual(self.get_replay_counts(p), replay_count)
@@ -393,7 +586,7 @@ class IpsecTra4(object):
recv_pkts = self.send_and_expect(self.tra_if, [pkt], self.tra_if)
# replayed packets are dropped
- self.send_and_assert_no_replies(self.tra_if, pkt * 3)
+ self.send_and_assert_no_replies(self.tra_if, pkt * 3, timeout=0.2)
replay_count += 3
self.assertEqual(self.get_replay_counts(p), replay_count)
@@ -420,7 +613,7 @@ class IpsecTra4(object):
dst=self.tra_if.local_ip4) /
ICMP(),
seq_num=350))
- self.send_and_assert_no_replies(self.tra_if, pkt * 17)
+ self.send_and_assert_no_replies(self.tra_if, pkt * 17, timeout=0.2)
hash_failed_count += 17
self.assertEqual(self.get_hash_failed_counts(p), hash_failed_count)
@@ -436,7 +629,7 @@ class IpsecTra4(object):
dst=self.tra_if.local_ip4) /
ICMP(),
seq_num=350))
- self.send_and_assert_no_replies(self.tra_if, pkt * 17)
+ self.send_and_assert_no_replies(self.tra_if, pkt * 17, timeout=0.2)
undersize_count += 17
self.assert_error_counter_equal(undersize_node_name,
@@ -462,7 +655,7 @@ class IpsecTra4(object):
dst=self.tra_if.local_ip4) /
ICMP(),
seq_num=17))
- self.send_and_assert_no_replies(self.tra_if, pkt * 17)
+ self.send_and_assert_no_replies(self.tra_if, pkt * 17, timeout=0.2)
if esn_en:
# an out of window error with ESN looks like a high sequence
@@ -526,6 +719,7 @@ class IpsecTra4(object):
ICMP(),
seq_num=0x100000005))
rx = self.send_and_expect(self.tra_if, [pkt], self.tra_if)
+
decrypted = p.vpp_tra_sa.decrypt(rx[0][IP])
#
@@ -544,7 +738,7 @@ class IpsecTra4(object):
#
# While in case A we cannot wrap the high sequence number again
- # becuase VPP will consider this packet to be one that moves the
+ # because VPP will consider this packet to be one that moves the
# window forward
#
pkt = (Ether(src=self.tra_if.remote_mac,
@@ -553,13 +747,14 @@ class IpsecTra4(object):
dst=self.tra_if.local_ip4) /
ICMP(),
seq_num=0x200000999))
- self.send_and_assert_no_replies(self.tra_if, [pkt], self.tra_if)
+ self.send_and_assert_no_replies(self.tra_if, [pkt], self.tra_if,
+ timeout=0.2)
hash_failed_count += 1
self.assertEqual(self.get_hash_failed_counts(p), hash_failed_count)
#
- # but if we move the wondow forward to case B, then we can wrap
+ # but if we move the window forward to case B, then we can wrap
# again
#
p.scapy_tra_sa.seq_num = 0x100000555
@@ -587,7 +782,7 @@ class IpsecTra4(object):
# without ESN TX sequence numbers can't wrap and packets are
# dropped from here on out.
#
- self.send_and_assert_no_replies(self.tra_if, pkts)
+ self.send_and_assert_no_replies(self.tra_if, pkts, timeout=0.2)
seq_cycle_count += len(pkts)
self.assert_error_counter_equal(seq_cycle_node_name,
seq_cycle_count)
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 41ac56efafd..6fd4ba15a32 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -50,6 +50,11 @@ class ConfigIpsecESP(TemplateIpsec):
def tearDown(self):
super(ConfigIpsecESP, self).tearDown()
+ def config_anti_replay(self, params):
+ saf = VppEnum.vl_api_ipsec_sad_flags_t
+ for p in params:
+ p.flags |= saf.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY
+
def config_network(self, params):
self.net_objs = []
self.tun_if = self.pg0
@@ -200,10 +205,8 @@ class ConfigIpsecESP(TemplateIpsec):
crypt_key = params.crypt_key
addr_any = params.addr_any
addr_bcast = params.addr_bcast
- flags = (VppEnum.vl_api_ipsec_sad_flags_t.
- IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
e = VppEnum.vl_api_ipsec_spd_action_t
- flags = params.flags | flags
+ flags = params.flags
salt = params.salt
objs = []
@@ -292,6 +295,7 @@ class TemplateIpsecEsp(ConfigIpsecESP):
def setUp(self):
super(TemplateIpsecEsp, self).setUp()
+ self.config_anti_replay(self.params.values())
self.config_network(self.params.values())
def tearDown(self):
@@ -698,7 +702,9 @@ class TemplateIpsecEspUdp(ConfigIpsecESP):
p = self.ipv4_params
p.flags = (VppEnum.vl_api_ipsec_sad_flags_t.
- IPSEC_API_SAD_FLAG_UDP_ENCAP)
+ IPSEC_API_SAD_FLAG_UDP_ENCAP |
+ VppEnum.vl_api_ipsec_sad_flags_t.
+ IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
p.nat_header = UDP(sport=5454, dport=4500)
self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
@@ -737,8 +743,10 @@ class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests):
class MyParameters():
def __init__(self):
- flag_esn = VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN
- self.flags = [0, flag_esn]
+ saf = VppEnum.vl_api_ipsec_sad_flags_t
+ flag_esn = saf.IPSEC_API_SAD_FLAG_USE_ESN
+ flag_ar = saf.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY
+ self.flags = [0, flag_esn, flag_ar]
# foreach crypto algorithm
self.algos = {
'AES-GCM-128/NONE': {
@@ -862,10 +870,12 @@ class RunTestIpsecEspAll(ConfigIpsecESP,
params = MyParameters()
self.engine = test_args[0]
self.flag = params.flags[0]
- if test_args[1] == 'ESN':
- self.flag = params.flags[1]
+ if test_args[1] == 'ESNon':
+ self.flag |= params.flags[1]
+ if test_args[2] == 'ARon':
+ self.flag |= params.flags[2]
- self.algo = params.algos[test_args[2]]
+ self.algo = params.algos[test_args[3]]
self.async_mode = False
if self.engine == "async":
self.async_mode = True
@@ -898,7 +908,7 @@ class RunTestIpsecEspAll(ConfigIpsecESP,
p.auth_algo = algo['scapy-integ']
p.crypt_key = algo['key']
p.salt = algo['salt']
- p.flags = p.flags | flag
+ p.flags = flag
p.outer_flow_label = 243224
p.async_mode = self.async_mode
@@ -947,24 +957,29 @@ class RunTestIpsecEspAll(ConfigIpsecESP,
count=NUM_PKTS, payload_size=sz)
#
- # swap the handlers while SAs are up
+ # reconfigure the network and SA to run the
+ # anti replay tests
#
- for e in engines:
- if e != engine:
- self.vapi.cli("set crypto handler all %s" % e)
- self.verify_tra_basic4(count=NUM_PKTS)
+ saf = VppEnum.vl_api_ipsec_sad_flags_t
+ if flag & saf.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY:
+ self.unconfig_network()
+ self.config_network(self.params.values())
+ self.verify_tra_anti_replay()
- #
- # remove the SPDs, SAs, etc
- #
self.unconfig_network()
+ self.config_network(self.params.values())
+ self.verify_hi_seq_num()
#
- # reconfigure the network and SA to run the
- # anti replay tests
+ # swap the handlers while SAs are up
#
+ self.unconfig_network()
self.config_network(self.params.values())
- self.verify_tra_anti_replay()
+ for e in engines:
+ if e != engine:
+ self.vapi.cli("set crypto handler all %s" % e)
+ self.verify_tra_basic4(count=NUM_PKTS)
+
self.unconfig_network()
#
@@ -972,480 +987,1094 @@ class RunTestIpsecEspAll(ConfigIpsecESP,
# grep '# GEN' test_ipsec_esp.py | sed -e 's/# GEN //g' | bash
#
# GEN for ENG in native ipsecmb openssl; do \
-# GEN for FLG in noESN ESN; do for ALG in AES-GCM-128/NONE \
+# GEN for ESN in ESNon ESNoff; do for AR in ARon ARoff; do \
+# GEN for ALG in AES-GCM-128/NONE \
# GEN AES-GCM-192/NONE AES-GCM-256/NONE AES-CBC-128/MD5-96 \
# GEN AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96 \
# GEN 3DES-CBC/SHA1-96 NONE/SHA1-96 \
# GEN AES-CTR-128/SHA1-96 AES-CTR-192/SHA1-96 AES-CTR-256/SHA1-96; do \
-# GEN echo -e "\n\nclass Test_${ENG}_${FLG}_${ALG}(RunTestIpsecEspAll):" |
-# GEN sed -e 's/-/_/g' -e 's#/#_#g' ; \
-# GEN echo ' """'$ENG $FLG $ALG IPSec test'"""' ;
+# GEN echo -en "\n\nclass "
+# GEN echo -e "Test_${ENG}_${ESN}_${AR}_${ALG}(RunTestIpsecEspAll):" |
+# GEN sed -e 's/-/_/g' -e 's#/#_#g' ;
+# GEN echo ' """'$ENG $ESN $AR $ALG IPSec test'"""' ;
# GEN echo " def test_ipsec(self):";
+# GEN echo ' """'$ENG $ESN $AR $ALG IPSec test'"""' ;
# GEN echo " self.run_test()";
-# GEN done; done; done
+# GEN done; done; done; done
#
-# GEN for FLG in noESN ESN; do for ALG in \
+# GEN for ESN in ESNon ESNoff; do for AR in ARon ARoff; do \
+# GEN for ALG in \
# GEN AES-GCM-128/NONE AES-GCM-192/NONE AES-GCM-256/NONE \
# GEN AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96; do \
-# GEN echo -e "\n\nclass Test_async_${FLG}_${ALG}(RunTestIpsecEspAll):" |
-# GEN sed -e 's/-/_/g' -e 's#/#_#g' ; \
-# GEN echo ' """'async $FLG $ALG IPSec test'"""' ;
+# GEN echo -en "\n\nclass "
+# GEN echo -e "Test_async_${ESN}_${AR}_${ALG}(RunTestIpsecEspAll):" |
+# GEN sed -e 's/-/_/g' -e 's#/#_#g' ;
+# GEN echo ' """'async $ESN $AR $ALG IPSec test'"""' ;
# GEN echo " def test_ipsec(self):";
+# GEN echo ' """'async $ESN $AR $ALG IPSec test'"""' ;
# GEN echo " self.run_test()";
-# GEN done; done;
+# GEN done; done; done;
+
+
+class Test_native_ESNon_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """native ESNon ARon AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon AES-GCM-128/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """native ESNon ARon AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon AES-GCM-192/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """native ESNon ARon AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon AES-GCM-256/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """native ESNon ARon AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon AES-CBC-128/MD5-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARon AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon AES-CBC-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARon AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon AES-CBC-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARon 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon 3DES-CBC/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_NONE_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARon NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon NONE/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARon AES-CTR-128/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon AES-CTR-128/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARon AES-CTR-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon AES-CTR-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARon_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARon AES-CTR-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARon AES-CTR-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """native ESNon ARoff AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff AES-GCM-128/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """native ESNon ARoff AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff AES-GCM-192/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """native ESNon ARoff AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff AES-GCM-256/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """native ESNon ARoff AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff AES-CBC-128/MD5-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARoff AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff AES-CBC-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARoff AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff AES-CBC-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARoff 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff 3DES-CBC/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_NONE_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARoff NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff NONE/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARoff AES-CTR-128/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff AES-CTR-128/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARoff AES-CTR-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff AES-CTR-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNon_ARoff_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """native ESNon ARoff AES-CTR-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNon ARoff AES-CTR-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """native ESNoff ARon AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon AES-GCM-128/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """native ESNoff ARon AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon AES-GCM-192/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """native ESNoff ARon AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon AES-GCM-256/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """native ESNoff ARon AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon AES-CBC-128/MD5-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARon AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon AES-CBC-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARon AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon AES-CBC-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARon 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon 3DES-CBC/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_NONE_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARon NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon NONE/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARon AES-CTR-128/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon AES-CTR-128/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARon AES-CTR-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon AES-CTR-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARon_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARon AES-CTR-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARon AES-CTR-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """native ESNoff ARoff AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff AES-GCM-128/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """native ESNoff ARoff AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff AES-GCM-192/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """native ESNoff ARoff AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff AES-GCM-256/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """native ESNoff ARoff AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff AES-CBC-128/MD5-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARoff AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff AES-CBC-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARoff AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff AES-CBC-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARoff 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff 3DES-CBC/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_NONE_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARoff NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff NONE/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARoff AES-CTR-128/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff AES-CTR-128/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARoff AES-CTR-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff AES-CTR-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_native_ESNoff_ARoff_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """native ESNoff ARoff AES-CTR-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """native ESNoff ARoff AES-CTR-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon AES-GCM-128/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon AES-GCM-192/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon AES-GCM-256/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon AES-CBC-128/MD5-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon AES-CBC-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon AES-CBC-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon 3DES-CBC/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_NONE_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon NONE/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon AES-CTR-128/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon AES-CTR-128/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon AES-CTR-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon AES-CTR-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARon_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARon AES-CTR-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARon AES-CTR-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff AES-GCM-128/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff AES-GCM-192/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff AES-GCM-256/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff AES-CBC-128/MD5-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff AES-CBC-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff AES-CBC-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff 3DES-CBC/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_NONE_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff NONE/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff AES-CTR-128/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff AES-CTR-128/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff AES-CTR-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff AES-CTR-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNon_ARoff_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNon ARoff AES-CTR-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNon ARoff AES-CTR-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon AES-GCM-128/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon AES-GCM-192/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon AES-GCM-256/NONE IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon AES-CBC-128/MD5-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon AES-CBC-192/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon AES-CBC-256/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon 3DES-CBC/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_NONE_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon NONE/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon AES-CTR-128/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon AES-CTR-128/SHA1-96 IPSec test"""
+ self.run_test()
+
+
+class Test_ipsecmb_ESNoff_ARon_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon AES-CTR-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ """ipsecmb ESNoff ARon AES-CTR-192/SHA1-96 IPSec test"""
+ self.run_test()
-class Test_native_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
- """native noESN AES-GCM-128/NONE IPSec test"""
+class Test_ipsecmb_ESNoff_ARon_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARon AES-CTR-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARon AES-CTR-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
- """native noESN AES-GCM-192/NONE IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff AES-GCM-128/NONE IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff AES-GCM-128/NONE IPSec test"""
self.run_test()
-class Test_native_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
- """native noESN AES-GCM-256/NONE IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff AES-GCM-192/NONE IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff AES-GCM-192/NONE IPSec test"""
self.run_test()
-class Test_native_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
- """native noESN AES-CBC-128/MD5-96 IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff AES-GCM-256/NONE IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff AES-GCM-256/NONE IPSec test"""
self.run_test()
-class Test_native_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
- """native noESN AES-CBC-192/SHA1-96 IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff AES-CBC-128/MD5-96 IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff AES-CBC-128/MD5-96 IPSec test"""
self.run_test()
-class Test_native_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
- """native noESN AES-CBC-256/SHA1-96 IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff AES-CBC-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff AES-CBC-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
- """native noESN 3DES-CBC/SHA1-96 IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff AES-CBC-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff AES-CBC-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
- """native noESN NONE/SHA1-96 IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff 3DES-CBC/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff 3DES-CBC/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
- """native noESN AES-CTR-128/SHA1-96 IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_NONE_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff NONE/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff NONE/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
- """native noESN AES-CTR-192/SHA1-96 IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff AES-CTR-128/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff AES-CTR-128/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
- """native noESN AES-CTR-256/SHA1-96 IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff AES-CTR-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff AES-CTR-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
- """native ESN AES-GCM-128/NONE IPSec test"""
+class Test_ipsecmb_ESNoff_ARoff_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESNoff ARoff AES-CTR-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """ipsecmb ESNoff ARoff AES-CTR-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
- """native ESN AES-GCM-192/NONE IPSec test"""
+class Test_openssl_ESNon_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """openssl ESNon ARon AES-GCM-128/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon AES-GCM-128/NONE IPSec test"""
self.run_test()
-class Test_native_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
- """native ESN AES-GCM-256/NONE IPSec test"""
+class Test_openssl_ESNon_ARon_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """openssl ESNon ARon AES-GCM-192/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon AES-GCM-192/NONE IPSec test"""
self.run_test()
-class Test_native_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
- """native ESN AES-CBC-128/MD5-96 IPSec test"""
+class Test_openssl_ESNon_ARon_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """openssl ESNon ARon AES-GCM-256/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon AES-GCM-256/NONE IPSec test"""
self.run_test()
-class Test_native_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
- """native ESN AES-CBC-192/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARon_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """openssl ESNon ARon AES-CBC-128/MD5-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon AES-CBC-128/MD5-96 IPSec test"""
self.run_test()
-class Test_native_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
- """native ESN AES-CBC-256/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARon_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARon AES-CBC-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon AES-CBC-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
- """native ESN 3DES-CBC/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARon_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARon AES-CBC-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon AES-CBC-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
- """native ESN NONE/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARon_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARon 3DES-CBC/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon 3DES-CBC/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
- """native ESN AES-CTR-128/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARon_NONE_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARon NONE/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon NONE/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
- """native ESN AES-CTR-192/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARon_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARon AES-CTR-128/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon AES-CTR-128/SHA1-96 IPSec test"""
self.run_test()
-class Test_native_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
- """native ESN AES-CTR-256/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARon_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARon AES-CTR-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon AES-CTR-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
- """ipsecmb noESN AES-GCM-128/NONE IPSec test"""
+class Test_openssl_ESNon_ARon_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARon AES-CTR-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARon AES-CTR-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
- """ipsecmb noESN AES-GCM-192/NONE IPSec test"""
+class Test_openssl_ESNon_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """openssl ESNon ARoff AES-GCM-128/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff AES-GCM-128/NONE IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
- """ipsecmb noESN AES-GCM-256/NONE IPSec test"""
+class Test_openssl_ESNon_ARoff_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """openssl ESNon ARoff AES-GCM-192/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff AES-GCM-192/NONE IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
- """ipsecmb noESN AES-CBC-128/MD5-96 IPSec test"""
+class Test_openssl_ESNon_ARoff_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """openssl ESNon ARoff AES-GCM-256/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff AES-GCM-256/NONE IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb noESN AES-CBC-192/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARoff_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """openssl ESNon ARoff AES-CBC-128/MD5-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff AES-CBC-128/MD5-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb noESN AES-CBC-256/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARoff_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARoff AES-CBC-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff AES-CBC-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb noESN 3DES-CBC/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARoff_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARoff AES-CBC-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff AES-CBC-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb noESN NONE/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARoff_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARoff 3DES-CBC/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff 3DES-CBC/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb noESN AES-CTR-128/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARoff_NONE_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARoff NONE/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff NONE/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb noESN AES-CTR-192/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARoff_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARoff AES-CTR-128/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff AES-CTR-128/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb noESN AES-CTR-256/SHA1-96 IPSec test"""
+class Test_openssl_ESNon_ARoff_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARoff AES-CTR-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff AES-CTR-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
- """ipsecmb ESN AES-GCM-128/NONE IPSec test"""
+class Test_openssl_ESNon_ARoff_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNon ARoff AES-CTR-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNon ARoff AES-CTR-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
- """ipsecmb ESN AES-GCM-192/NONE IPSec test"""
+class Test_openssl_ESNoff_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """openssl ESNoff ARon AES-GCM-128/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon AES-GCM-128/NONE IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
- """ipsecmb ESN AES-GCM-256/NONE IPSec test"""
+class Test_openssl_ESNoff_ARon_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """openssl ESNoff ARon AES-GCM-192/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon AES-GCM-192/NONE IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
- """ipsecmb ESN AES-CBC-128/MD5-96 IPSec test"""
+class Test_openssl_ESNoff_ARon_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """openssl ESNoff ARon AES-GCM-256/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon AES-GCM-256/NONE IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb ESN AES-CBC-192/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARon_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARon AES-CBC-128/MD5-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon AES-CBC-128/MD5-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb ESN AES-CBC-256/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARon_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARon AES-CBC-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon AES-CBC-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb ESN 3DES-CBC/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARon_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARon AES-CBC-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon AES-CBC-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb ESN NONE/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARon_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARon 3DES-CBC/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon 3DES-CBC/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb ESN AES-CTR-128/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARon_NONE_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARon NONE/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon NONE/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb ESN AES-CTR-192/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARon_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARon AES-CTR-128/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon AES-CTR-128/SHA1-96 IPSec test"""
self.run_test()
-class Test_ipsecmb_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
- """ipsecmb ESN AES-CTR-256/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARon_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARon AES-CTR-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon AES-CTR-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
- """openssl noESN AES-GCM-128/NONE IPSec test"""
+class Test_openssl_ESNoff_ARon_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARon AES-CTR-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARon AES-CTR-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
- """openssl noESN AES-GCM-192/NONE IPSec test"""
+class Test_openssl_ESNoff_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff AES-GCM-128/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff AES-GCM-128/NONE IPSec test"""
self.run_test()
-class Test_openssl_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
- """openssl noESN AES-GCM-256/NONE IPSec test"""
+class Test_openssl_ESNoff_ARoff_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff AES-GCM-192/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff AES-GCM-192/NONE IPSec test"""
self.run_test()
-class Test_openssl_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
- """openssl noESN AES-CBC-128/MD5-96 IPSec test"""
+class Test_openssl_ESNoff_ARoff_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff AES-GCM-256/NONE IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff AES-GCM-256/NONE IPSec test"""
self.run_test()
-class Test_openssl_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
- """openssl noESN AES-CBC-192/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARoff_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff AES-CBC-128/MD5-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff AES-CBC-128/MD5-96 IPSec test"""
self.run_test()
-class Test_openssl_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
- """openssl noESN AES-CBC-256/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARoff_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff AES-CBC-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff AES-CBC-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
- """openssl noESN 3DES-CBC/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARoff_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff AES-CBC-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff AES-CBC-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
- """openssl noESN NONE/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARoff_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff 3DES-CBC/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff 3DES-CBC/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
- """openssl noESN AES-CTR-128/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARoff_NONE_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff NONE/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff NONE/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
- """openssl noESN AES-CTR-192/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARoff_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff AES-CTR-128/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff AES-CTR-128/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
- """openssl noESN AES-CTR-256/SHA1-96 IPSec test"""
+class Test_openssl_ESNoff_ARoff_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff AES-CTR-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff AES-CTR-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
- """openssl ESN AES-GCM-128/NONE IPSec test"""
+class Test_openssl_ESNoff_ARoff_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESNoff ARoff AES-CTR-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """openssl ESNoff ARoff AES-CTR-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
- """openssl ESN AES-GCM-192/NONE IPSec test"""
+class Test_async_ESNon_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """async ESNon ARon AES-GCM-128/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNon ARon AES-GCM-128/NONE IPSec test"""
self.run_test()
-class Test_openssl_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
- """openssl ESN AES-GCM-256/NONE IPSec test"""
+class Test_async_ESNon_ARon_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """async ESNon ARon AES-GCM-192/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNon ARon AES-GCM-192/NONE IPSec test"""
self.run_test()
-class Test_openssl_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
- """openssl ESN AES-CBC-128/MD5-96 IPSec test"""
+class Test_async_ESNon_ARon_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """async ESNon ARon AES-GCM-256/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNon ARon AES-GCM-256/NONE IPSec test"""
self.run_test()
-class Test_openssl_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
- """openssl ESN AES-CBC-192/SHA1-96 IPSec test"""
+class Test_async_ESNon_ARon_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """async ESNon ARon AES-CBC-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """async ESNon ARon AES-CBC-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
- """openssl ESN AES-CBC-256/SHA1-96 IPSec test"""
+class Test_async_ESNon_ARon_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """async ESNon ARon AES-CBC-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """async ESNon ARon AES-CBC-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
- """openssl ESN 3DES-CBC/SHA1-96 IPSec test"""
+class Test_async_ESNon_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """async ESNon ARoff AES-GCM-128/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNon ARoff AES-GCM-128/NONE IPSec test"""
self.run_test()
-class Test_openssl_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
- """openssl ESN NONE/SHA1-96 IPSec test"""
+class Test_async_ESNon_ARoff_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """async ESNon ARoff AES-GCM-192/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNon ARoff AES-GCM-192/NONE IPSec test"""
self.run_test()
-class Test_openssl_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
- """openssl ESN AES-CTR-128/SHA1-96 IPSec test"""
+class Test_async_ESNon_ARoff_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """async ESNon ARoff AES-GCM-256/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNon ARoff AES-GCM-256/NONE IPSec test"""
self.run_test()
-class Test_openssl_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
- """openssl ESN AES-CTR-192/SHA1-96 IPSec test"""
+class Test_async_ESNon_ARoff_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """async ESNon ARoff AES-CBC-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """async ESNon ARoff AES-CBC-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_openssl_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
- """openssl ESN AES-CTR-256/SHA1-96 IPSec test"""
+class Test_async_ESNon_ARoff_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """async ESNon ARoff AES-CBC-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """async ESNon ARoff AES-CBC-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_async_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
- """async noESN AES-GCM-128/NONE IPSec test"""
+class Test_async_ESNoff_ARon_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """async ESNoff ARon AES-GCM-128/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARon AES-GCM-128/NONE IPSec test"""
self.run_test()
-class Test_async_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
- """async noESN AES-GCM-192/NONE IPSec test"""
+class Test_async_ESNoff_ARon_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """async ESNoff ARon AES-GCM-192/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARon AES-GCM-192/NONE IPSec test"""
self.run_test()
-class Test_async_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
- """async noESN AES-GCM-256/NONE IPSec test"""
+class Test_async_ESNoff_ARon_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """async ESNoff ARon AES-GCM-256/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARon AES-GCM-256/NONE IPSec test"""
self.run_test()
-class Test_async_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
- """async noESN AES-CBC-192/SHA1-96 IPSec test"""
+class Test_async_ESNoff_ARon_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """async ESNoff ARon AES-CBC-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARon AES-CBC-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_async_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
- """async noESN AES-CBC-256/SHA1-96 IPSec test"""
+class Test_async_ESNoff_ARon_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """async ESNoff ARon AES-CBC-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARon AES-CBC-256/SHA1-96 IPSec test"""
self.run_test()
-class Test_async_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
- """async ESN AES-GCM-128/NONE IPSec test"""
+class Test_async_ESNoff_ARoff_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """async ESNoff ARoff AES-GCM-128/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARoff AES-GCM-128/NONE IPSec test"""
self.run_test()
-class Test_async_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
- """async ESN AES-GCM-192/NONE IPSec test"""
+class Test_async_ESNoff_ARoff_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """async ESNoff ARoff AES-GCM-192/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARoff AES-GCM-192/NONE IPSec test"""
self.run_test()
-class Test_async_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
- """async ESN AES-GCM-256/NONE IPSec test"""
+class Test_async_ESNoff_ARoff_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """async ESNoff ARoff AES-GCM-256/NONE IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARoff AES-GCM-256/NONE IPSec test"""
self.run_test()
-class Test_async_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
- """async ESN AES-CBC-192/SHA1-96 IPSec test"""
+class Test_async_ESNoff_ARoff_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """async ESNoff ARoff AES-CBC-192/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARoff AES-CBC-192/SHA1-96 IPSec test"""
self.run_test()
-class Test_async_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
- """async ESN AES-CBC-256/SHA1-96 IPSec test"""
+class Test_async_ESNoff_ARoff_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """async ESNoff ARoff AES-CBC-256/SHA1-96 IPSec test"""
def test_ipsec(self):
+ """async ESNoff ARoff AES-CBC-256/SHA1-96 IPSec test"""
self.run_test()