summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorNathan Skrzypczak <nathan.skrzypczak@gmail.com>2020-09-04 18:31:23 +0200
committerAndrew Yourtchenko <ayourtch@gmail.com>2020-09-09 20:44:08 +0000
commitc4781a32df89c6c29b5f4bbea5440cddbede19a0 (patch)
tree64c9ce6450b7754056cfe507a87595c77c00f5e4 /docs
parentf681e9f736d34a6fdb7e596f63dfa1f51025a98c (diff)
docs: Improve new plugin doc & add govpp API doc
Type: docs Change-Id: I5f20ac0232c5cdc3cf64015185b0d0fc5c4a3100 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Diffstat (limited to 'docs')
l---------docs/gettingstarted/developers/VPPAPI.md1
-rw-r--r--docs/gettingstarted/developers/add_plugin.rst84
-rw-r--r--docs/gettingstarted/developers/add_plugin_goapi.rst83
-rw-r--r--docs/gettingstarted/developers/index.rst2
4 files changed, 142 insertions, 28 deletions
diff --git a/docs/gettingstarted/developers/VPPAPI.md b/docs/gettingstarted/developers/VPPAPI.md
new file mode 120000
index 00000000000..a5404c116ee
--- /dev/null
+++ b/docs/gettingstarted/developers/VPPAPI.md
@@ -0,0 +1 @@
+../../../src/tools/vppapigen/VPPAPI.md \ No newline at end of file
diff --git a/docs/gettingstarted/developers/add_plugin.rst b/docs/gettingstarted/developers/add_plugin.rst
index 16952e8f036..19b935b746a 100644
--- a/docs/gettingstarted/developers/add_plugin.rst
+++ b/docs/gettingstarted/developers/add_plugin.rst
@@ -7,7 +7,7 @@ Adding a plugin
Overview
________
-
+
This section shows how a VPP developer can create a new plugin, and
add it to VPP. We assume that we are starting from the VPP <top-of-workspace>.
@@ -21,7 +21,7 @@ Create your new plugin
Change directory to **./src/plugins**, and run the plugin generator:
.. code-block:: console
-
+
$ cd ./src/plugins
$ ../../extras/emacs/make-plugin.sh
<snip>
@@ -36,7 +36,7 @@ Change directory to **./src/plugins**, and run the plugin generator:
Plugin name: myplugin
Dispatch type [dual or qs]: dual
(Shell command succeeded with no output)
-
+
OK...
The plugin generator script asks two questions: the name of the
@@ -65,9 +65,8 @@ Here are the generated files. We'll go through them in a moment.
$ cd ./myplugin
$ ls
- CMakeLists.txt myplugin.c myplugin_periodic.c setup.pg
- myplugin_all_api_h.h myplugin.h myplugin_test.c
- myplugin.api myplugin_msg_enum.h node.c
+ CMakeLists.txt myplugin.api myplugin.c myplugin.h
+ myplugin_periodic.c myplugin_test.c node.c setup.pg
Due to recent build system improvements, you **don't** need to touch
any other files to integrate your new plugin into the vpp build. Simply
@@ -92,7 +91,7 @@ As a quick sanity check, run vpp and make sure that
"myplugin_plugin.so" and "myplugin_test_plugin.so" are loaded:
.. code-block:: console
-
+
$ cd <top-of-workspace>
$ make run
<snip>
@@ -122,25 +121,21 @@ the copyright notice:
The rest of the build recipe is pretty simple:
-.. code-block:: console
+.. code-block:: CMake
add_vpp_plugin (myplugin
SOURCES
- myplugin.c
- node.c
+ myplugin.c
+ node.c
myplugin_periodic.c
myplugin.h
-
+
MULTIARCH_SOURCES
- node.c
-
+ node.c
+
API_FILES
myplugin.api
-
- INSTALL_HEADERS
- myplugin_all_api_h.h
- myplugin_msg_enum.h
-
+
API_TEST_SOURCES
myplugin_test.c
)
@@ -178,13 +173,13 @@ binary API message dispatcher, and to add its messages to vpp's global
Vpp itself uses dlsym(...) to track down the vlib_plugin_registration_t
generated by the VLIB_PLUGIN_REGISTER macro:
-.. code-block:: console
+.. code-block:: C
- VLIB_PLUGIN_REGISTER () =
+ VLIB_PLUGIN_REGISTER () =
{
.version = VPP_BUILD_VER,
.description = "myplugin plugin description goes here",
- };
+ };
Vpp only loads .so files from the plugin directory which contain an
instance of this data structure.
@@ -193,7 +188,7 @@ You can enable or disable specific vpp plugins from the command
line. By default, plugins are loaded. To change that behavior, set
default_disabled in the macro VLIB_PLUGIN_REGISTER:
-.. code-block:: console
+.. code-block:: C
VLIB_PLUGIN_REGISTER () =
{
@@ -205,14 +200,14 @@ default_disabled in the macro VLIB_PLUGIN_REGISTER:
The boilerplate generator places the graph node dispatch function
onto the "device-input" feature arc. This may or may not be useful.
-.. code-block:: console
+.. code-block:: C
VNET_FEATURE_INIT (myplugin, static) =
{
.arc_name = "device-input",
.node_name = "myplugin",
.runs_before = VNET_FEATURES ("ethernet-input"),
- };
+ };
As given by the plugin generator, myplugin.c contains the binary API
message handler for a generic "please enable my feature on such and
@@ -243,20 +238,53 @@ node.c
This is the generated graph node dispatch function. You'll need to
rewrite it to solve the problem at hand. It will save considerable
time and aggravation to retain the **structure** of the node dispatch
-function.
+function.
Even for an expert, it's a waste of time to reinvent the *loop
structure*, enqueue patterns, and so forth. Simply tear out and
replace the specimen 1x, 2x, 4x packet processing code with code
relevant to the problem you're trying to solve.
+myplugin.api
+------------
+
+This contains the API message definition. Here we only have defined
+a single one named ``myplugin_enable_disable`` and an implicit
+``myplugin_enable_disable_reply`` containing only a return value due
+to the ``autoreply`` keyword.
+
+The syntax reference for ``.api`` files can be found at VPP API Language
+
+Addressing the binary API with this message will run the handler defined
+in ``myplugin.c`` as ``vl_api_myplugin_enable_disable_t_handler``.
+It will receive a message pointer ``*mp`` which is the struct defined
+in ``myplugin.api`` and should return another message pointer ``*rmp``,
+of the reply type. That's what ``REPLY_MACRO`` does.
+
+To be noted, all API messages are in net-endian and vpp is host-endian,
+so you will need to use :
+
+* ``u32 value = ntohl(mp->value);``
+* ``rmp->value = htonl(value);``
+
+You can now use this API with :ref:`GoLang bindings <add_plugin_goapi>`
+
+myplugin_periodic.c
+-------------------
+
+This defines a VPP process, a routine that will run indefinitely and
+be woken up intermittently, here to process plugin events.
+
+To be noted, vlib_processes aren't thread-safe, and data structures
+should be locked when shared between workers.
+
Plugin "Friends with Benefits"
------------------------------
In vpp VLIB_INIT_FUNCTION functions, It's reasonably common to see a
specific init function invoke other init functions:
-.. code-block:: console
+.. code-block:: C
if ((error = vlib_call_init_function (vm, some_other_init_function))
return error;
@@ -264,7 +292,7 @@ specific init function invoke other init functions:
In the case where one plugin needs to call a init function in another
plugin, use the vlib_call_plugin_init_function macro:
-.. code-block:: console
+.. code-block:: C
if ((error = vlib_call_plugin_init_function (vm, "otherpluginname", some_init_function))
return error;
@@ -274,7 +302,7 @@ This allows sequencing between plugin init functions.
If you wish to obtain a pointer to a symbol in another plugin, use the
vlib_plugin_get_symbol(...) API:
-.. code-block:: console
+.. code-block:: C
void *p = vlib_get_plugin_symbol ("plugin_name", "symbol");
diff --git a/docs/gettingstarted/developers/add_plugin_goapi.rst b/docs/gettingstarted/developers/add_plugin_goapi.rst
new file mode 100644
index 00000000000..dce35b8f0a2
--- /dev/null
+++ b/docs/gettingstarted/developers/add_plugin_goapi.rst
@@ -0,0 +1,83 @@
+.. _add_plugin_goapi:
+
+Add a plugin's GO API
+=====================
+
+In order to use your plugin's API with GO, you will need to use
+a GO client and GO definitions of the API messages that you defined
+in ``myplugin.api`` (go bindings).
+
+These two things can be found in `govpp <https://github.com/FDio/govpp>`_
+
+* The API client lives in `./core`
+* The api-generator lives in `./binapigen`
+* A sample of its output (the go bindings) for VPP's latest version lives in `./binapi`
+
+To generate the go bindings for your plugin. Assuming :
+* ``/home/vpp`` is a VPP clone with your plugin in it.
+* ``/home/controlplane`` is a go controlplane repo
+
+.. code-block:: console
+
+ $ mkdir /home/controlplane/vpp-go-bindings
+ $ git clone https://github.com/FDio/govpp>
+ $ cd govpp
+ $ BINAPI_DIR=/home/controlplane/vpp-go-bindings VPP_DIR=/home/vpp make gen-binapi-from-code
+
+This will generate the go-bindings in ``/home/controlplane/vpp-go-bindings``
+For example ``vpp-go-bindings/myplugin/myplugin.ba.go`` will contain :
+
+.. code-block:: go
+
+ // MypluginEnableDisable defines message 'myplugin_enable_disable'.
+ type MypluginEnableDisable struct {
+ EnableDisable bool `binapi:"bool,name=enable_disable" json:"enable_disable,omitempty"`
+ SwIfIndex interface_types.InterfaceIndex `binapi:"interface_index,name=sw_if_index" json:"sw_if_index,omitempty"`
+ }
+
+
+You can then use the generated go bindings in your go code like this :
+
+.. code-block:: go
+
+ package main
+
+ import (
+ "fmt"
+ "git.fd.io/govpp.git"
+ "git.fd.io/govpp.git/binapi/interfaces"
+ "git.fd.io/govpp.git/binapi/vpe"
+
+ "myplugin.io/controlplane/vpp-go-bindings/myplugin/myplugin"
+ )
+
+ func main() {
+ // Connect to VPP
+ conn, _ := govpp.Connect("/run/vpp/api.sock")
+ defer conn.Disconnect()
+
+ // Open channel
+ ch, _ := conn.NewAPIChannel()
+ defer ch.Close()
+
+ request := &vpe.MypluginEnableDisable{
+ EnableDisable: true,
+ }
+ reply := &vpe.MypluginEnableDisableReply{}
+
+ err := ch.SendRequest(request).ReceiveReply(reply)
+ if err != nil {
+ fmt.Errorf("SendRequest: %w\n", err)
+ }
+ }
+
+As you will need to import (or ``go get "git.fd.io/govpp.git"``) to leverage the API
+client in your code, you might want to use the api-generator directly from the
+clone ``go build`` fetches for you. You can do this with :
+
+.. code-block:: console
+
+ $ export GOVPP_DIR=$(go list -f '{{.Dir}}' -m git.fd.io/govpp.git)
+ $ cd $GOVPP_DIR && go build -o /some/bin/dir ./cmd/binapi-generator
+ $ # instead of make gen-binapi-from-code you can rewrite the code to target
+ $ # your version ./binapi-generator
diff --git a/docs/gettingstarted/developers/index.rst b/docs/gettingstarted/developers/index.rst
index 378b9fb83c0..04d704319b2 100644
--- a/docs/gettingstarted/developers/index.rst
+++ b/docs/gettingstarted/developers/index.rst
@@ -22,6 +22,7 @@ The Developers section covers the following areas:
running_vpp
gdb_examples
add_plugin
+ add_plugin_goapi
gitreview
softwarearchitecture
infrastructure
@@ -42,3 +43,4 @@ The Developers section covers the following areas:
quic_plugin
cross_compile_macos.rst
cnat
+ VPPAPI.md
a> 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375
import os
import time
from socket import inet_pton
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import dh, padding
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.hazmat.primitives.ciphers import (
    Cipher,
    algorithms,
    modes,
)
from ipaddress import IPv4Address, IPv6Address, ip_address
import unittest
from config import config
from scapy.layers.ipsec import ESP
from scapy.layers.inet import IP, UDP, Ether
from scapy.layers.inet6 import IPv6
from scapy.packet import raw, Raw
from scapy.utils import long_converter
from framework import VppTestCase
from asfframework import (
    tag_fixme_vpp_workers,
    tag_fixme_ubuntu2204,
    tag_fixme_debian11,
    is_distro_ubuntu2204,
    is_distro_debian11,
    VppTestRunner,
)
from vpp_ikev2 import Profile, IDType, AuthMethod
from vpp_papi import VppEnum

try:
    text_type = unicode
except NameError:
    text_type = str

KEY_PAD = b"Key Pad for IKEv2"
SALT_SIZE = 4
GCM_ICV_SIZE = 16
GCM_IV_SIZE = 8


# defined in rfc3526
# tuple structure is (p, g, key_len)
DH = {
    "2048MODPgr": (
        long_converter(
            """
    FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
    29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
    EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
    E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
    EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D
    C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F
    83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
    670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B
    E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9
    DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510
    15728E5A 8AACAA68 FFFFFFFF FFFFFFFF"""
        ),
        2,
        256,
    ),
    "3072MODPgr": (
        long_converter(
            """
    FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
    29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
    EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
    E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
    EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D
    C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F
    83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
    670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B
    E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9
    DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510
    15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64
    ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7
    ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B
    F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C
    BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31
    43DB5BFC E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF"""
        ),
        2,
        384,
    ),
}


class CryptoAlgo(object):
    def __init__(self, name, cipher, mode):
        self.name = name
        self.cipher = cipher
        self.mode = mode
        if self.cipher is not None:
            self.bs = self.cipher.block_size // 8

            if self.name == "AES-GCM-16ICV":
                self.iv_len = GCM_IV_SIZE
            else:
                self.iv_len = self.bs

    def encrypt(self, data, key, aad=None):
        iv = os.urandom(self.iv_len)
        if aad is None:
            encryptor = Cipher(
                self.cipher(key), self.mode(iv), default_backend()
            ).encryptor()
            return iv + encryptor.update(data) + encryptor.finalize()
        else:
            salt = key[-SALT_SIZE:]
            nonce = salt + iv
            encryptor = Cipher(
                self.cipher(key[:-SALT_SIZE]), self.mode(nonce), default_backend()
            ).encryptor()
            encryptor.authenticate_additional_data(aad)
            data = encryptor.update(data) + encryptor.finalize()
            data += encryptor.tag[:GCM_ICV_SIZE]
            return iv + data

    def decrypt(self, data, key, aad=None, icv=None):
        if aad is None:
            iv = data[: self.iv_len]
            ct = data[self.iv_len :]
            decryptor = Cipher(
                algorithms.AES(key), self.mode(iv), default_backend()
            ).decryptor()
            return decryptor.update(ct) + decryptor.finalize()
        else:
            salt = key[-SALT_SIZE:]
            nonce = salt + data[:GCM_IV_SIZE]
            ct = data[GCM_IV_SIZE:]
            key = key[:-SALT_SIZE]
            decryptor = Cipher(
                algorithms.AES(key), self.mode(nonce, icv, len(icv)), default_backend()
            ).decryptor()
            decryptor.authenticate_additional_data(aad)
            return decryptor.update(ct) + decryptor.finalize()

    def pad(self, data):
        pad_len = (len(data) // self.bs + 1) * self.bs - len(data)
        data = data + b"\x00" * (pad_len - 1)
        return data + bytes([pad_len - 1])


class AuthAlgo(object):
    def __init__(self, name, mac, mod, key_len, trunc_len=None):
        self.name = name
        self.mac = mac
        self.mod = mod
        self.key_len = key_len
        self.trunc_len = trunc_len or key_len


CRYPTO_ALGOS = {
    "NULL": CryptoAlgo("NULL", cipher=None, mode=None),
    "AES-CBC": CryptoAlgo("AES-CBC", cipher=algorithms.AES, mode=modes.CBC),
    "AES-GCM-16ICV": CryptoAlgo("AES-GCM-16ICV", cipher=algorithms.AES, mode=modes.GCM),
}

AUTH_ALGOS = {
    "NULL": AuthAlgo("NULL", mac=None, mod=None, key_len=0, trunc_len=0),
    "HMAC-SHA1-96": AuthAlgo("HMAC-SHA1-96", hmac.HMAC, hashes.SHA1, 20, 12),
    "SHA2-256-128": AuthAlgo("SHA2-256-128", hmac.HMAC, hashes.SHA256, 32, 16),
    "SHA2-384-192": AuthAlgo("SHA2-384-192", hmac.HMAC, hashes.SHA256, 48, 24),
    "SHA2-512-256": AuthAlgo("SHA2-512-256", hmac.HMAC, hashes.SHA256, 64, 32),
}

PRF_ALGOS = {
    "NULL": AuthAlgo("NULL", mac=None, mod=None, key_len=0, trunc_len=0),
    "PRF_HMAC_SHA2_256": AuthAlgo("PRF_HMAC_SHA2_256", hmac.HMAC, hashes.SHA256, 32),
}

CRYPTO_IDS = {
    12: "AES-CBC",
    20: "AES-GCM-16ICV",
}

INTEG_IDS = {
    2: "HMAC-SHA1-96",
    12: "SHA2-256-128",
    13: "SHA2-384-192",
    14: "SHA2-512-256",
}


class IKEv2ChildSA(object):
    def __init__(self, local_ts, remote_ts, is_initiator):
        spi = os.urandom(4)
        if is_initiator:
            self.ispi = spi
            self.rspi = None
        else:
            self.rspi = spi
            self.ispi = None
        self.local_ts = local_ts
        self.remote_ts = remote_ts


class IKEv2SA(object):
    def __init__(
        self,
        test,
        is_initiator=True,
        i_id=None,
        r_id=None,
        spi=b"\x01\x02\x03\x04\x05\x06\x07\x08",
        id_type="fqdn",
        nonce=None,
        auth_data=None,
        local_ts=None,
        remote_ts=None,
        auth_method="shared-key",
        priv_key=None,
        i_natt=False,
        r_natt=False,
        udp_encap=False,
    ):
        self.udp_encap = udp_encap
        self.i_natt = i_natt
        self.r_natt = r_natt
        if i_natt or r_natt:
            self.sport = 4500
            self.dport = 4500
        else:
            self.sport = 500
            self.dport = 500
        self.msg_id = 0
        self.dh_params = None
        self.test = test
        self.priv_key = priv_key
        self.is_initiator = is_initiator
        nonce = nonce or os.urandom(32)
        self.auth_data = auth_data
        self.i_id = i_id
        self.r_id = r_id
        if isinstance(id_type, str):
            self.id_type = IDType.value(id_type)
        else:
            self.id_type = id_type
        self.auth_method = auth_method
        if self.is_initiator:
            self.rspi = 8 * b"\x00"
            self.ispi = spi
            self.i_nonce = nonce
        else:
            self.rspi = spi
            self.ispi = 8 * b"\x00"
            self.r_nonce = nonce
        self.child_sas = [IKEv2ChildSA(local_ts, remote_ts, self.is_initiator)]

    def new_msg_id(self):
        self.msg_id += 1
        return self.msg_id

    @property
    def my_dh_pub_key(self):
        if self.is_initiator:
            return self.i_dh_data
        return self.r_dh_data

    @property
    def peer_dh_pub_key(self):
        if self.is_initiator:
            return self.r_dh_data
        return self.i_dh_data

    @property
    def natt(self):
        return self.i_natt or self.r_natt

    def compute_secret(self):
        priv = self.dh_private_key
        peer = self.peer_dh_pub_key
        p, g, l = self.ike_group
        return pow(
            int.from_bytes(peer, "big"), int.from_bytes(priv, "big"), p
        ).to_bytes(l, "big")

    def generate_dh_data(self):
        # generate DH keys
        if self.ike_dh not in DH:
            raise NotImplementedError("%s not in DH group" % self.ike_dh)

        if self.dh_params is None:
            dhg = DH[self.ike_dh]
            pn = dh.DHParameterNumbers(dhg[0], dhg[1])
            self.dh_params = pn.parameters(default_backend())

        priv = self.dh_params.generate_private_key()
        pub = priv.public_key()
        x = priv.private_numbers().x
        self.dh_private_key = x.to_bytes(priv.key_size // 8, "big")
        y = pub.public_numbers().y

        if self.is_initiator:
            self.i_dh_data = y.to_bytes(pub.key_size // 8, "big")
        else:
            self.r_dh_data = y.to_bytes(pub.key_size // 8, "big")

    def complete_dh_data(self):
        self.dh_shared_secret = self.compute_secret()

    def calc_child_keys(self, kex=False):
        prf = self.ike_prf_alg.mod()
        s = self.i_nonce + self.r_nonce
        if kex:
            s = self.dh_shared_secret + s
        c = self.child_sas[0]

        encr_key_len = self.esp_crypto_key_len
        integ_key_len = self.esp_integ_alg.key_len
        salt_len = 0 if integ_key_len else 4

        l = integ_key_len * 2 + encr_key_len * 2 + salt_len * 2
        keymat = self.calc_prfplus(prf, self.sk_d, s, l)

        pos = 0
        c.sk_ei = keymat[pos : pos + encr_key_len]
        pos += encr_key_len

        if integ_key_len:
            c.sk_ai = keymat[pos : pos + integ_key_len]
            pos += integ_key_len
        else:
            c.salt_ei = keymat[pos : pos + salt_len]
            pos += salt_len

        c.sk_er = keymat[pos : pos + encr_key_len]
        pos += encr_key_len

        if integ_key_len:
            c.sk_ar = keymat[pos : pos + integ_key_len]
            pos += integ_key_len
        else:
            c.salt_er = keymat[pos : pos + salt_len]
            pos += salt_len

    def calc_prfplus(self, prf, key, seed, length):
        r = b""
        t = None
        x = 1
        while len(r) < length and x < 255:
            if t is not None:
                s = t
            else:
                s = b""
            s = s + seed + bytes([x])
            t = self.calc_prf(prf, key, s)
            r = r + t
            x = x + 1

        if x == 255:
            return None
        return r

    def calc_prf(self, prf, key, data):
        h = self.ike_prf_alg.mac(key, prf, backend=default_backend())
        h.update(data)
        return h.finalize()

    def calc_keys(self):
        prf = self.ike_prf_alg.mod()
        # SKEYSEED = prf(Ni | Nr, g^ir)
        s = self.i_nonce + self.r_nonce
        self.skeyseed = self.calc_prf(prf, s, self.dh_shared_secret)

        # calculate S = Ni | Nr | SPIi SPIr
        s = s + self.ispi + self.rspi

        prf_key_trunc = self.ike_prf_alg.trunc_len
        encr_key_len = self.ike_crypto_key_len
        tr_prf_key_len = self.ike_prf_alg.key_len
        integ_key_len = self.ike_integ_alg.key_len
        if integ_key_len == 0:
            salt_size = 4
        else:
            salt_size = 0

        l = (
            prf_key_trunc
            + integ_key_len * 2
            + encr_key_len * 2
            + tr_prf_key_len * 2
            + salt_size * 2
        )
        keymat = self.calc_prfplus(prf, self.skeyseed, s, l)

        pos = 0
        self.sk_d = keymat[: pos + prf_key_trunc]
        pos += prf_key_trunc

        self.sk_ai = keymat[pos : pos + integ_key_len]
        pos += integ_key_len
        self.sk_ar = keymat[pos : pos + integ_key_len]
        pos += integ_key_len

        self.sk_ei = keymat[pos : pos + encr_key_len + salt_size]
        pos += encr_key_len + salt_size
        self.sk_er = keymat[pos : pos + encr_key_len + salt_size]
        pos += encr_key_len + salt_size

        self.sk_pi = keymat[pos : pos + tr_prf_key_len]
        pos += tr_prf_key_len
        self.sk_pr = keymat[pos : pos + tr_prf_key_len]

    def generate_authmsg(self, prf, packet):
        if self.is_initiator:
            id = self.i_id
            nonce = self.r_nonce
            key = self.sk_pi
        else:
            id = self.r_id
            nonce = self.i_nonce
            key = self.sk_pr
        data = bytes([self.id_type, 0, 0, 0]) + id
        id_hash = self.calc_prf(prf, key, data)
        return packet + nonce + id_hash

    def auth_init(self):
        prf = self.ike_prf_alg.mod()
        if self.is_initiator:
            packet = self.init_req_packet
        else:
            packet = self.init_resp_packet
        authmsg = self.generate_authmsg(prf, raw(packet))
        if self.auth_method == "shared-key":
            psk = self.calc_prf(prf, self.auth_data, KEY_PAD)
            self.auth_data = self.calc_prf(prf, psk, authmsg)
        elif self.auth_method == "rsa-sig":
            self.auth_data = self.priv_key.sign(
                authmsg, padding.PKCS1v15(), hashes.SHA1()
            )
        else:
            raise TypeError("unknown auth method type!")

    def encrypt(self, data, aad=None):
        data = self.ike_crypto_alg.pad(data)
        return self.ike_crypto_alg.encrypt(data, self.my_cryptokey, aad)

    @property
    def peer_authkey(self):
        if self.is_initiator:
            return self.sk_ar
        return self.sk_ai

    @property
    def my_authkey(self):
        if self.is_initiator:
            return self.sk_ai
        return self.sk_ar

    @property
    def my_cryptokey(self):
        if self.is_initiator:
            return self.sk_ei
        return self.sk_er

    @property
    def peer_cryptokey(self):
        if self.is_initiator:
            return self.sk_er
        return self.sk_ei

    def concat(self, alg, key_len):
        return alg + "-" + str(key_len * 8)

    @property
    def vpp_ike_cypto_alg(self):
        return self.concat(self.ike_crypto, self.ike_crypto_key_len)

    @property
    def vpp_esp_cypto_alg(self):
        return self.concat(self.esp_crypto, self.esp_crypto_key_len)

    def verify_hmac(self, ikemsg):
        integ_trunc = self.ike_integ_alg.trunc_len
        exp_hmac = ikemsg[-integ_trunc:]
        data = ikemsg[:-integ_trunc]
        computed_hmac = self.compute_hmac(
            self.ike_integ_alg.mod(), self.peer_authkey, data
        )
        self.test.assertEqual(computed_hmac[:integ_trunc], exp_hmac)

    def compute_hmac(self, integ, key, data):
        h = self.ike_integ_alg.mac(key, integ, backend=default_backend())
        h.update(data)
        return h.finalize()

    def decrypt(self, data, aad=None, icv=None):
        return self.ike_crypto_alg.decrypt(data, self.peer_cryptokey, aad, icv)

    def hmac_and_decrypt(self, ike):
        ep = ike[ikev2.IKEv2_payload_Encrypted]
        if self.ike_crypto == "AES-GCM-16ICV":
            aad_len = len(ikev2.IKEv2_payload_Encrypted()) + len(ikev2.IKEv2())
            ct = ep.load[:-GCM_ICV_SIZE]
            tag = ep.load[-GCM_ICV_SIZE:]
            plain = self.decrypt(ct, raw(ike)[:aad_len], tag)
        else:
            self.verify_hmac(raw(ike))
            integ_trunc = self.ike_integ_alg.trunc_len

            # remove ICV and decrypt payload
            ct = ep.load[:-integ_trunc]
            plain = self.decrypt(ct)
        # remove padding
        pad_len = plain[-1]
        return plain[: -pad_len - 1]

    def build_ts_addr(self, ts, version):
        return {
            "starting_address_v" + version: ts["start_addr"],
            "ending_address_v" + version: ts["end_addr"],
        }

    def generate_ts(self, is_ip4):
        c = self.child_sas[0]
        ts_data = {"IP_protocol_ID": 0, "start_port": 0, "end_port": 0xFFFF}
        if is_ip4:
            ts_data.update(self.build_ts_addr(c.local_ts, "4"))
            ts1 = ikev2.IPv4TrafficSelector(**ts_data)
            ts_data.update(self.build_ts_addr(c.remote_ts, "4"))
            ts2 = ikev2.IPv4TrafficSelector(**ts_data)
        else:
            ts_data.update(self.build_ts_addr(c.local_ts, "6"))
            ts1 = ikev2.IPv6TrafficSelector(**ts_data)
            ts_data.update(self.build_ts_addr(c.remote_ts, "6"))
            ts2 = ikev2.IPv6TrafficSelector(**ts_data)

        if self.is_initiator:
            return ([ts1], [ts2])
        return ([ts2], [ts1])

    def set_ike_props(self, crypto, crypto_key_len, integ, prf, dh):
        if crypto not in CRYPTO_ALGOS:
            raise TypeError("unsupported encryption algo %r" % crypto)
        self.ike_crypto = crypto
        self.ike_crypto_alg = CRYPTO_ALGOS[crypto]
        self.ike_crypto_key_len = crypto_key_len

        if integ not in AUTH_ALGOS:
            raise TypeError("unsupported auth algo %r" % integ)
        self.ike_integ = None if integ == "NULL" else integ
        self.ike_integ_alg = AUTH_ALGOS[integ]

        if prf not in PRF_ALGOS:
            raise TypeError("unsupported prf algo %r" % prf)
        self.ike_prf = prf
        self.ike_prf_alg = PRF_ALGOS[prf]
        self.ike_dh = dh
        self.ike_group = DH[self.ike_dh]

    def set_esp_props(self, crypto, crypto_key_len, integ):
        self.esp_crypto_key_len = crypto_key_len
        if crypto not in CRYPTO_ALGOS:
            raise TypeError("unsupported encryption algo %r" % crypto)
        self.esp_crypto = crypto
        self.esp_crypto_alg = CRYPTO_ALGOS[crypto]

        if integ not in AUTH_ALGOS:
            raise TypeError("unsupported auth algo %r" % integ)
        self.esp_integ = None if integ == "NULL" else integ
        self.esp_integ_alg = AUTH_ALGOS[integ]

    def crypto_attr(self, key_len):
        if self.ike_crypto in ["AES-CBC", "AES-GCM-16ICV"]:
            return (0x800E << 16 | key_len << 3, 12)
        else:
            raise Exception("unsupported attribute type")

    def ike_crypto_attr(self):
        return self.crypto_attr(self.ike_crypto_key_len)

    def esp_crypto_attr(self):
        return self.crypto_attr(self.esp_crypto_key_len)

    def compute_nat_sha1(self, ip, port, rspi=None):
        if rspi is None:
            rspi = self.rspi
        data = self.ispi + rspi + ip + (port).to_bytes(2, "big")
        digest = hashes.Hash(hashes.SHA1(), backend=default_backend())
        digest.update(data)
        return digest.finalize()


@unittest.skipIf("ikev2" in config.excluded_plugins, "Exclude IKEv2 plugin tests")
class IkePeer(VppTestCase):
    """common class for initiator and responder"""

    @classmethod
    def setUpClass(cls):
        import scapy.contrib.ikev2 as _ikev2

        globals()["ikev2"] = _ikev2
        super(IkePeer, cls).setUpClass()
        cls.create_pg_interfaces(range(2))
        for i in cls.pg_interfaces:
            i.admin_up()
            i.config_ip4()
            i.resolve_arp()
            i.config_ip6()
            i.resolve_ndp()

    @classmethod
    def tearDownClass(cls):
        super(IkePeer, cls).tearDownClass()

    def tearDown(self):
        super(IkePeer, self).tearDown()
        if self.del_sa_from_responder:
            self.initiate_del_sa_from_responder()
        else:
            self.initiate_del_sa_from_initiator()
        r = self.vapi.ikev2_sa_dump()
        self.assertEqual(len(r), 0)
        sas = self.vapi.ipsec_sa_dump()
        self.assertEqual(len(sas), 0)
        self.p.remove_vpp_config()
        self.assertIsNone(self.p.query_vpp_config())

    def setUp(self):
        super(IkePeer, self).setUp()
        self.config_tc()
        self.p.add_vpp_config()
        self.assertIsNotNone(self.p.query_vpp_config())
        if self.sa.is_initiator:
            self.sa.generate_dh_data()
        self.vapi.cli("ikev2 set logging level 4")
        self.vapi.cli("event-lo clear")

    def assert_counter(self, count, name, version="ip4"):
        node_name = "/err/ikev2-%s/" % version + name
        self.assertEqual(count, self.statistics.get_err_counter(node_name))

    def create_rekey_request(self, kex=False):
        sa, first_payload = self.generate_auth_payload(is_rekey=True, kex=kex)
        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            id=self.sa.new_msg_id(),
            flags="Initiator",
            exch_type="CREATE_CHILD_SA",
        )

        ike_msg = self.encrypt_ike_msg(header, sa, first_payload)
        return self.create_packet(
            self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
        )

    def create_empty_request(self):
        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            id=self.sa.new_msg_id(),
            flags="Initiator",
            exch_type="INFORMATIONAL",
            next_payload="Encrypted",
        )

        msg = self.encrypt_ike_msg(header, b"", None)
        return self.create_packet(
            self.pg0, msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
        )

    def create_packet(
        self, src_if, msg, sport=500, dport=500, natt=False, use_ip6=False
    ):
        if use_ip6:
            src_ip = src_if.remote_ip6
            dst_ip = src_if.local_ip6
            ip_layer = IPv6
        else:
            src_ip = src_if.remote_ip4
            dst_ip = src_if.local_ip4
            ip_layer = IP
        res = (
            Ether(dst=src_if.local_mac, src=src_if.remote_mac)
            / ip_layer(src=src_ip, dst=dst_ip)
            / UDP(sport=sport, dport=dport)
        )
        if natt:
            # insert non ESP marker
            res = res / Raw(b"\x00" * 4)
        return res / msg

    def verify_udp(self, udp):
        self.assertEqual(udp.sport, self.sa.sport)
        self.assertEqual(udp.dport, self.sa.dport)

    def get_ike_header(self, packet):
        try:
            ih = packet[ikev2.IKEv2]
            ih = self.verify_and_remove_non_esp_marker(ih)
        except IndexError as e:
            # this is a workaround for getting IKEv2 layer as both ikev2 and
            # ipsec register for port 4500
            esp = packet[ESP]
            ih = self.verify_and_remove_non_esp_marker(esp)
        self.assertEqual(ih.version, 0x20)
        self.assertNotIn("Version", ih.flags)
        return ih

    def verify_and_remove_non_esp_marker(self, packet):
        if self.sa.natt:
            # if we are in nat traversal mode check for non esp marker
            # and remove it
            data = raw(packet)
            self.assertEqual(data[:4], b"\x00" * 4)
            return ikev2.IKEv2(data[4:])
        else:
            return packet

    def encrypt_ike_msg(self, header, plain, first_payload):
        if self.sa.ike_crypto == "AES-GCM-16ICV":
            data = self.sa.ike_crypto_alg.pad(raw(plain))
            plen = (
                len(data)
                + GCM_IV_SIZE
                + GCM_ICV_SIZE
                + len(ikev2.IKEv2_payload_Encrypted())
            )
            tlen = plen + len(ikev2.IKEv2())

            # prepare aad data
            sk_p = ikev2.IKEv2_payload_Encrypted(
                next_payload=first_payload, length=plen
            )
            header.length = tlen
            res = header / sk_p
            encr = self.sa.encrypt(raw(plain), raw(res))
            sk_p = ikev2.IKEv2_payload_Encrypted(
                next_payload=first_payload, length=plen, load=encr
            )
            res = header / sk_p
        else:
            encr = self.sa.encrypt(raw(plain))
            trunc_len = self.sa.ike_integ_alg.trunc_len
            plen = len(encr) + len(ikev2.IKEv2_payload_Encrypted()) + trunc_len
            tlen = plen + len(ikev2.IKEv2())

            sk_p = ikev2.IKEv2_payload_Encrypted(
                next_payload=first_payload, length=plen, load=encr
            )
            header.length = tlen
            res = header / sk_p

            integ_data = raw(res)
            hmac_data = self.sa.compute_hmac(
                self.sa.ike_integ_alg.mod(), self.sa.my_authkey, integ_data
            )
            res = res / Raw(hmac_data[:trunc_len])
        assert len(res) == tlen
        return res

    def verify_udp_encap(self, ipsec_sa):
        e = VppEnum.vl_api_ipsec_sad_flags_t
        if self.sa.udp_encap or self.sa.natt:
            self.assertIn(e.IPSEC_API_SAD_FLAG_UDP_ENCAP, ipsec_sa.flags)
        else:
            self.assertNotIn(e.IPSEC_API_SAD_FLAG_UDP_ENCAP, ipsec_sa.flags)

    def verify_ipsec_sas(self, is_rekey=False, sa_count=None):
        sas = self.vapi.ipsec_sa_dump()
        if sa_count is None:
            if is_rekey:
                # after rekey there is a short period of time in which old
                # inbound SA is still present
                sa_count = 3
            else:
                sa_count = 2
        self.assertEqual(len(sas), sa_count)
        if self.sa.is_initiator:
            if is_rekey:
                sa0 = sas[0].entry
                sa1 = sas[2].entry
            else:
                sa0 = sas[0].entry
                sa1 = sas[1].entry
        else:
            if is_rekey:
                sa0 = sas[2].entry
                sa1 = sas[0].entry
            else:
                sa1 = sas[0].entry
                sa0 = sas[1].entry

        c = self.sa.child_sas[0]

        self.verify_udp_encap(sa0)
        self.verify_udp_encap(sa1)
        vpp_crypto_alg = self.vpp_enums[self.sa.vpp_esp_cypto_alg]
        self.assertEqual(sa0.crypto_algorithm, vpp_crypto_alg)
        self.assertEqual(sa1.crypto_algorithm, vpp_crypto_alg)

        if self.sa.esp_integ is None:
            vpp_integ_alg = 0
        else:
            vpp_integ_alg = self.vpp_enums[self.sa.esp_integ]
        self.assertEqual(sa0.integrity_algorithm, vpp_integ_alg)
        self.assertEqual(sa1.integrity_algorithm, vpp_integ_alg)

        # verify crypto keys
        self.assertEqual(sa0.crypto_key.length, len(c.sk_er))
        self.assertEqual(sa1.crypto_key.length, len(c.sk_ei))
        self.assertEqual(sa0.crypto_key.data[: len(c.sk_er)], c.sk_er)
        self.assertEqual(sa1.crypto_key.data[: len(c.sk_ei)], c.sk_ei)

        # verify integ keys
        if vpp_integ_alg:
            self.assertEqual(sa0.integrity_key.length, len(c.sk_ar))
            self.assertEqual(sa1.integrity_key.length, len(c.sk_ai))
            self.assertEqual(sa0.integrity_key.data[: len(c.sk_ar)], c.sk_ar)
            self.assertEqual(sa1.integrity_key.data[: len(c.sk_ai)], c.sk_ai)
        else:
            self.assertEqual(sa0.salt.to_bytes(4, "little"), c.salt_er)
            self.assertEqual(sa1.salt.to_bytes(4, "little"), c.salt_ei)

    def verify_keymat(self, api_keys, keys, name):
        km = getattr(keys, name)
        api_km = getattr(api_keys, name)
        api_km_len = getattr(api_keys, name + "_len")
        self.assertEqual(len(km), api_km_len)
        self.assertEqual(km, api_km[:api_km_len])

    def verify_id(self, api_id, exp_id):
        self.assertEqual(api_id.type, IDType.value(exp_id.type))
        self.assertEqual(api_id.data_len, exp_id.data_len)
        self.assertEqual(bytes(api_id.data, "ascii"), exp_id.type)

    def verify_ike_sas(self):
        r = self.vapi.ikev2_sa_dump()
        self.assertEqual(len(r), 1)
        sa = r[0].sa
        self.assertEqual(self.sa.ispi, (sa.ispi).to_bytes(8, "big"))
        self.assertEqual(self.sa.rspi, (sa.rspi).to_bytes(8, "big"))
        if self.ip6:
            if self.sa.is_initiator:
                self.assertEqual(sa.iaddr, IPv6Address(self.pg0.remote_ip6))
                self.assertEqual(sa.raddr, IPv6Address(self.pg0.local_ip6))
            else:
                self.assertEqual(sa.iaddr, IPv6Address(self.pg0.local_ip6))
                self.assertEqual(sa.raddr, IPv6Address(self.pg0.remote_ip6))
        else:
            if self.sa.is_initiator:
                self.assertEqual(sa.iaddr, IPv4Address(self.pg0.remote_ip4))
                self.assertEqual(sa.raddr, IPv4Address(self.pg0.local_ip4))
            else:
                self.assertEqual(sa.iaddr, IPv4Address(self.pg0.local_ip4))
                self.assertEqual(sa.raddr, IPv4Address(self.pg0.remote_ip4))
        self.verify_keymat(sa.keys, self.sa, "sk_d")
        self.verify_keymat(sa.keys, self.sa, "sk_ai")
        self.verify_keymat(sa.keys, self.sa, "sk_ar")
        self.verify_keymat(sa.keys, self.sa, "sk_ei")
        self.verify_keymat(sa.keys, self.sa, "sk_er")
        self.verify_keymat(sa.keys, self.sa, "sk_pi")
        self.verify_keymat(sa.keys, self.sa, "sk_pr")

        self.assertEqual(sa.i_id.type, self.sa.id_type)
        self.assertEqual(sa.r_id.type, self.sa.id_type)
        self.assertEqual(sa.i_id.data_len, len(self.sa.i_id))
        self.assertEqual(sa.r_id.data_len, len(self.idr))
        self.assertEqual(bytes(sa.i_id.data, "ascii"), self.sa.i_id)
        self.assertEqual(bytes(sa.r_id.data, "ascii"), self.idr)

        r = self.vapi.ikev2_child_sa_dump(sa_index=sa.sa_index)
        self.assertEqual(len(r), 1)
        csa = r[0].child_sa
        self.assertEqual(csa.sa_index, sa.sa_index)
        c = self.sa.child_sas[0]
        if hasattr(c, "sk_ai"):
            self.verify_keymat(csa.keys, c, "sk_ai")
            self.verify_keymat(csa.keys, c, "sk_ar")
        self.verify_keymat(csa.keys, c, "sk_ei")
        self.verify_keymat(csa.keys, c, "sk_er")
        self.assertEqual(csa.i_spi.to_bytes(4, "big"), c.ispi)
        self.assertEqual(csa.r_spi.to_bytes(4, "big"), c.rspi)

        tsi, tsr = self.sa.generate_ts(self.p.ts_is_ip4)
        tsi = tsi[0]
        tsr = tsr[0]
        r = self.vapi.ikev2_traffic_selector_dump(
            is_initiator=True, sa_index=sa.sa_index, child_sa_index=csa.child_sa_index
        )
        self.assertEqual(len(r), 1)
        ts = r[0].ts
        self.verify_ts(r[0].ts, tsi[0], True)

        r = self.vapi.ikev2_traffic_selector_dump(
            is_initiator=False, sa_index=sa.sa_index, child_sa_index=csa.child_sa_index
        )
        self.assertEqual(len(r), 1)
        self.verify_ts(r[0].ts, tsr[0], False)

        n = self.vapi.ikev2_nonce_get(is_initiator=True, sa_index=sa.sa_index)
        self.verify_nonce(n, self.sa.i_nonce)
        n = self.vapi.ikev2_nonce_get(is_initiator=False, sa_index=sa.sa_index)
        self.verify_nonce(n, self.sa.r_nonce)

    def verify_nonce(self, api_nonce, nonce):
        self.assertEqual(api_nonce.data_len, len(nonce))
        self.assertEqual(api_nonce.nonce, nonce)

    def verify_ts(self, api_ts, ts, is_initiator):
        if is_initiator:
            self.assertTrue(api_ts.is_local)
        else:
            self.assertFalse(api_ts.is_local)

        if self.p.ts_is_ip4:
            self.assertEqual(api_ts.start_addr, IPv4Address(ts.starting_address_v4))
            self.assertEqual(api_ts.end_addr, IPv4Address(ts.ending_address_v4))
        else:
            self.assertEqual(api_ts.start_addr, IPv6Address(ts.starting_address_v6))
            self.assertEqual(api_ts.end_addr, IPv6Address(ts.ending_address_v6))
        self.assertEqual(api_ts.start_port, ts.start_port)
        self.assertEqual(api_ts.end_port, ts.end_port)
        self.assertEqual(api_ts.protocol_id, ts.IP_protocol_ID)


class TemplateInitiator(IkePeer):
    """initiator test template"""

    def initiate_del_sa_from_initiator(self):
        ispi = int.from_bytes(self.sa.ispi, "little")
        self.pg0.enable_capture()
        self.pg_start()
        self.vapi.ikev2_initiate_del_ike_sa(ispi=ispi)
        capture = self.pg0.get_capture(1)
        ih = self.get_ike_header(capture[0])
        self.assertNotIn("Response", ih.flags)
        self.assertIn("Initiator", ih.flags)
        self.assertEqual(ih.init_SPI, self.sa.ispi)
        self.assertEqual(ih.resp_SPI, self.sa.rspi)
        plain = self.sa.hmac_and_decrypt(ih)
        d = ikev2.IKEv2_payload_Delete(plain)
        self.assertEqual(d.proto, 1)  # proto=IKEv2
        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            flags="Response",
            exch_type="INFORMATIONAL",
            id=ih.id,
            next_payload="Encrypted",
        )
        resp = self.encrypt_ike_msg(header, b"", None)
        self.send_and_assert_no_replies(self.pg0, resp)

    def verify_del_sa(self, packet):
        ih = self.get_ike_header(packet)
        self.assertEqual(ih.id, self.sa.msg_id)
        self.assertEqual(ih.exch_type, 37)  # exchange informational
        self.assertIn("Response", ih.flags)
        self.assertIn("Initiator", ih.flags)
        plain = self.sa.hmac_and_decrypt(ih)
        self.assertEqual(plain, b"")

    def initiate_del_sa_from_responder(self):
        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            exch_type="INFORMATIONAL",
            id=self.sa.new_msg_id(),
        )
        del_sa = ikev2.IKEv2_payload_Delete(proto="IKEv2")
        ike_msg = self.encrypt_ike_msg(header, del_sa, "Delete")
        packet = self.create_packet(
            self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
        )
        self.pg0.add_stream(packet)
        self.pg0.enable_capture()
        self.pg_start()
        capture = self.pg0.get_capture(1)
        self.verify_del_sa(capture[0])

    @staticmethod
    def find_notify_payload(packet, notify_type):
        n = packet[ikev2.IKEv2_payload_Notify]
        while n is not None:
            if n.type == notify_type:
                return n
            n = n.payload
        return None

    def verify_nat_detection(self, packet):
        if self.ip6:
            iph = packet[IPv6]
        else:
            iph = packet[IP]
        udp = packet[UDP]

        # NAT_DETECTION_SOURCE_IP
        s = self.find_notify_payload(packet, 16388)
        self.assertIsNotNone(s)
        src_sha = self.sa.compute_nat_sha1(
            inet_pton(socket.AF_INET, iph.src), udp.sport, b"\x00" * 8
        )
        self.assertEqual(s.load, src_sha)

        # NAT_DETECTION_DESTINATION_IP
        s = self.find_notify_payload(packet, 16389)
        self.assertIsNotNone(s)
        dst_sha = self.sa.compute_nat_sha1(
            inet_pton(socket.AF_INET, iph.dst), udp.dport, b"\x00" * 8
        )
        self.assertEqual(s.load, dst_sha)

    def verify_sa_init_request(self, packet):
        udp = packet[UDP]
        self.sa.dport = udp.sport
        ih = packet[ikev2.IKEv2]
        self.assertNotEqual(ih.init_SPI, 8 * b"\x00")
        self.assertEqual(ih.exch_type, 34)  # SA_INIT
        self.sa.ispi = ih.init_SPI
        self.assertEqual(ih.resp_SPI, 8 * b"\x00")
        self.assertIn("Initiator", ih.flags)
        self.assertNotIn("Response", ih.flags)
        self.sa.i_nonce = ih[ikev2.IKEv2_payload_Nonce].load
        self.sa.i_dh_data = ih[ikev2.IKEv2_payload_KE].load

        prop = packet[ikev2.IKEv2_payload_Proposal]
        self.assertEqual(prop.proto, 1)  # proto = ikev2
        self.assertEqual(prop.proposal, 1)
        self.assertEqual(prop.trans[0].transform_type, 1)  # encryption
        self.assertEqual(
            prop.trans[0].transform_id, self.p.ike_transforms["crypto_alg"]
        )
        self.assertEqual(prop.trans[1].transform_type, 2)  # prf
        self.assertEqual(prop.trans[1].transform_id, 5)  # "hmac-sha2-256"
        self.assertEqual(prop.trans[2].transform_type, 4)  # dh
        self.assertEqual(prop.trans[2].transform_id, self.p.ike_transforms["dh_group"])

        self.verify_nat_detection(packet)
        self.sa.set_ike_props(
            crypto="AES-GCM-16ICV",
            crypto_key_len=32,
            integ="NULL",
            prf="PRF_HMAC_SHA2_256",
            dh="3072MODPgr",
        )
        self.sa.set_esp_props(crypto="AES-CBC", crypto_key_len=32, integ="SHA2-256-128")
        self.sa.generate_dh_data()
        self.sa.complete_dh_data()
        self.sa.calc_keys()

    def update_esp_transforms(self, trans, sa):
        while trans:
            if trans.transform_type == 1:  # ecryption
                sa.esp_crypto = CRYPTO_IDS[trans.transform_id]
            elif trans.transform_type == 3:  # integrity
                sa.esp_integ = INTEG_IDS[trans.transform_id]
            trans = trans.payload

    def verify_sa_auth_req(self, packet):
        udp = packet[UDP]
        self.sa.dport = udp.sport
        ih = self.get_ike_header(packet)
        self.assertEqual(ih.resp_SPI, self.sa.rspi)
        self.assertEqual(ih.init_SPI, self.sa.ispi)
        self.assertEqual(ih.exch_type, 35)  # IKE_AUTH
        self.assertIn("Initiator", ih.flags)
        self.assertNotIn("Response", ih.flags)

        udp = packet[UDP]
        self.verify_udp(udp)
        self.assertEqual(ih.id, self.sa.msg_id + 1)
        self.sa.msg_id += 1
        plain = self.sa.hmac_and_decrypt(ih)
        idi = ikev2.IKEv2_payload_IDi(plain)
        self.assertEqual(idi.load, self.sa.i_id)
        if self.no_idr_auth:
            self.assertEqual(idi.next_payload, 39)  # AUTH
        else:
            idr = ikev2.IKEv2_payload_IDr(idi.payload)
            self.assertEqual(idr.load, self.sa.r_id)
        prop = idi[ikev2.IKEv2_payload_Proposal]
        c = self.sa.child_sas[0]
        c.ispi = prop.SPI
        self.update_esp_transforms(prop[ikev2.IKEv2_payload_Transform], self.sa)

    def send_init_response(self):
        tr_attr = self.sa.ike_crypto_attr()
        trans = (
            ikev2.IKEv2_payload_Transform(
                transform_type="Encryption",
                transform_id=self.sa.ike_crypto,
                length=tr_attr[1],
                key_length=tr_attr[0],
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="Integrity", transform_id=self.sa.ike_integ
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="PRF", transform_id=self.sa.ike_prf_alg.name
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="GroupDesc", transform_id=self.sa.ike_dh
            )
        )
        props = ikev2.IKEv2_payload_Proposal(
            proposal=1, proto="IKEv2", trans_nb=4, trans=trans
        )

        src_address = inet_pton(socket.AF_INET, self.pg0.remote_ip4)
        if self.sa.natt:
            dst_address = b"\x0a\x0a\x0a\x0a"
        else:
            dst_address = inet_pton(socket.AF_INET, self.pg0.local_ip4)
        src_nat = self.sa.compute_nat_sha1(src_address, self.sa.sport)
        dst_nat = self.sa.compute_nat_sha1(dst_address, self.sa.dport)

        self.sa.init_resp_packet = (
            ikev2.IKEv2(
                init_SPI=self.sa.ispi,
                resp_SPI=self.sa.rspi,
                exch_type="IKE_SA_INIT",
                flags="Response",
            )
            / ikev2.IKEv2_payload_SA(next_payload="KE", prop=props)
            / ikev2.IKEv2_payload_KE(
                next_payload="Nonce", group=self.sa.ike_dh, load=self.sa.my_dh_pub_key
            )
            / ikev2.IKEv2_payload_Nonce(load=self.sa.r_nonce, next_payload="Notify")
            / ikev2.IKEv2_payload_Notify(
                type="NAT_DETECTION_SOURCE_IP", load=src_nat, next_payload="Notify"
            )
            / ikev2.IKEv2_payload_Notify(
                type="NAT_DETECTION_DESTINATION_IP", load=dst_nat
            )
        )

        ike_msg = self.create_packet(
            self.pg0,
            self.sa.init_resp_packet,
            self.sa.sport,
            self.sa.dport,
            False,
            self.ip6,
        )
        self.pg_send(self.pg0, ike_msg)
        capture = self.pg0.get_capture(1)
        self.verify_sa_auth_req(capture[0])

    def initiate_sa_init(self):
        self.pg0.enable_capture()
        self.pg_start()
        self.vapi.ikev2_initiate_sa_init(name=self.p.profile_name)

        capture = self.pg0.get_capture(1)
        self.verify_sa_init_request(capture[0])
        self.send_init_response()

    def send_auth_response(self):
        tr_attr = self.sa.esp_crypto_attr()
        trans = (
            ikev2.IKEv2_payload_Transform(
                transform_type="Encryption",
                transform_id=self.sa.esp_crypto,
                length=tr_attr[1],
                key_length=tr_attr[0],
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="Integrity", transform_id=self.sa.esp_integ
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="Extended Sequence Number", transform_id="No ESN"
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="Extended Sequence Number", transform_id="ESN"
            )
        )

        c = self.sa.child_sas[0]
        props = ikev2.IKEv2_payload_Proposal(
            proposal=1, proto="ESP", SPIsize=4, SPI=c.rspi, trans_nb=4, trans=trans
        )

        tsi, tsr = self.sa.generate_ts(self.p.ts_is_ip4)
        plain = (
            ikev2.IKEv2_payload_IDi(
                next_payload="IDr", IDtype=self.sa.id_type, load=self.sa.i_id
            )
            / ikev2.IKEv2_payload_IDr(
                next_payload="AUTH", IDtype=self.sa.id_type, load=self.sa.r_id
            )
            / ikev2.IKEv2_payload_AUTH(
                next_payload="SA",
                auth_type=AuthMethod.value(self.sa.auth_method),
                load=self.sa.auth_data,
            )
            / ikev2.IKEv2_payload_SA(next_payload="TSi", prop=props)
            / ikev2.IKEv2_payload_TSi(
                next_payload="TSr", number_of_TSs=len(tsi), traffic_selector=tsi
            )
            / ikev2.IKEv2_payload_TSr(
                next_payload="Notify", number_of_TSs=len(tsr), traffic_selector=tsr
            )
            / ikev2.IKEv2_payload_Notify(type="INITIAL_CONTACT")
        )

        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            id=self.sa.new_msg_id(),
            flags="Response",
            exch_type="IKE_AUTH",
        )

        ike_msg = self.encrypt_ike_msg(header, plain, "IDi")
        packet = self.create_packet(
            self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
        )
        self.pg_send(self.pg0, packet)

    def test_initiator(self):
        self.initiate_sa_init()
        self.sa.auth_init()
        self.sa.calc_child_keys()
        self.send_auth_response()
        self.verify_ike_sas()


class TemplateResponder(IkePeer):
    """responder test template"""

    def initiate_del_sa_from_responder(self):
        self.pg0.enable_capture()
        self.pg_start()
        self.vapi.ikev2_initiate_del_ike_sa(ispi=int.from_bytes(self.sa.ispi, "little"))
        capture = self.pg0.get_capture(1)
        ih = self.get_ike_header(capture[0])
        self.assertNotIn("Response", ih.flags)
        self.assertNotIn("Initiator", ih.flags)
        self.assertEqual(ih.exch_type, 37)  # INFORMATIONAL
        plain = self.sa.hmac_and_decrypt(ih)
        d = ikev2.IKEv2_payload_Delete(plain)
        self.assertEqual(d.proto, 1)  # proto=IKEv2
        self.assertEqual(ih.init_SPI, self.sa.ispi)
        self.assertEqual(ih.resp_SPI, self.sa.rspi)
        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            flags="Initiator+Response",
            exch_type="INFORMATIONAL",
            id=ih.id,
            next_payload="Encrypted",
        )
        resp = self.encrypt_ike_msg(header, b"", None)
        self.send_and_assert_no_replies(self.pg0, resp)

    def verify_del_sa(self, packet):
        ih = self.get_ike_header(packet)
        self.assertEqual(ih.id, self.sa.msg_id)
        self.assertEqual(ih.exch_type, 37)  # exchange informational
        self.assertIn("Response", ih.flags)
        self.assertNotIn("Initiator", ih.flags)
        self.assertEqual(ih.next_payload, 46)  # Encrypted
        self.assertEqual(ih.init_SPI, self.sa.ispi)
        self.assertEqual(ih.resp_SPI, self.sa.rspi)
        plain = self.sa.hmac_and_decrypt(ih)
        self.assertEqual(plain, b"")

    def initiate_del_sa_from_initiator(self):
        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            flags="Initiator",
            exch_type="INFORMATIONAL",
            id=self.sa.new_msg_id(),
        )
        del_sa = ikev2.IKEv2_payload_Delete(proto="IKEv2")
        ike_msg = self.encrypt_ike_msg(header, del_sa, "Delete")
        packet = self.create_packet(
            self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
        )
        self.pg0.add_stream(packet)
        self.pg0.enable_capture()
        self.pg_start()
        capture = self.pg0.get_capture(1)
        self.verify_del_sa(capture[0])

    def send_sa_init_req(self):
        tr_attr = self.sa.ike_crypto_attr()
        trans = (
            ikev2.IKEv2_payload_Transform(
                transform_type="Encryption",
                transform_id=self.sa.ike_crypto,
                length=tr_attr[1],
                key_length=tr_attr[0],
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="Integrity", transform_id=self.sa.ike_integ
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="PRF", transform_id=self.sa.ike_prf_alg.name
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="GroupDesc", transform_id=self.sa.ike_dh
            )
        )

        props = ikev2.IKEv2_payload_Proposal(
            proposal=1, proto="IKEv2", trans_nb=4, trans=trans
        )

        next_payload = None if self.ip6 else "Notify"

        self.sa.init_req_packet = (
            ikev2.IKEv2(
                init_SPI=self.sa.ispi, flags="Initiator", exch_type="IKE_SA_INIT"
            )
            / ikev2.IKEv2_payload_SA(next_payload="KE", prop=props)
            / ikev2.IKEv2_payload_KE(
                next_payload="Nonce", group=self.sa.ike_dh, load=self.sa.my_dh_pub_key
            )
            / ikev2.IKEv2_payload_Nonce(next_payload=next_payload, load=self.sa.i_nonce)
        )

        if not self.ip6:
            if self.sa.i_natt:
                src_address = b"\x0a\x0a\x0a\x01"
            else:
                src_address = inet_pton(socket.AF_INET, self.pg0.remote_ip4)

            if self.sa.r_natt:
                dst_address = b"\x0a\x0a\x0a\x0a"
            else:
                dst_address = inet_pton(socket.AF_INET, self.pg0.local_ip4)

            src_nat = self.sa.compute_nat_sha1(src_address, self.sa.sport)
            dst_nat = self.sa.compute_nat_sha1(dst_address, self.sa.dport)
            nat_src_detection = ikev2.IKEv2_payload_Notify(
                type="NAT_DETECTION_SOURCE_IP", load=src_nat, next_payload="Notify"
            )
            nat_dst_detection = ikev2.IKEv2_payload_Notify(
                type="NAT_DETECTION_DESTINATION_IP", load=dst_nat
            )
            self.sa.init_req_packet = (
                self.sa.init_req_packet / nat_src_detection / nat_dst_detection
            )

        ike_msg = self.create_packet(
            self.pg0,
            self.sa.init_req_packet,
            self.sa.sport,
            self.sa.dport,
            self.sa.natt,
            self.ip6,
        )
        self.pg0.add_stream(ike_msg)
        self.pg0.enable_capture()
        self.pg_start()
        capture = self.pg0.get_capture(1)
        self.verify_sa_init(capture[0])

    def generate_auth_payload(self, last_payload=None, is_rekey=False, kex=False):
        tr_attr = self.sa.esp_crypto_attr()
        last_payload = last_payload or "Notify"
        trans_nb = 4
        trans = (
            ikev2.IKEv2_payload_Transform(
                transform_type="Encryption",
                transform_id=self.sa.esp_crypto,
                length=tr_attr[1],
                key_length=tr_attr[0],
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="Integrity", transform_id=self.sa.esp_integ
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="Extended Sequence Number", transform_id="No ESN"
            )
            / ikev2.IKEv2_payload_Transform(
                transform_type="Extended Sequence Number", transform_id="ESN"
            )
        )

        if kex:
            trans_nb += 1
            trans /= ikev2.IKEv2_payload_Transform(
                transform_type="GroupDesc", transform_id=self.sa.ike_dh
            )

        c = self.sa.child_sas[0]
        props = ikev2.IKEv2_payload_Proposal(
            proposal=1,
            proto="ESP",
            SPIsize=4,
            SPI=c.ispi,
            trans_nb=trans_nb,
            trans=trans,
        )

        tsi, tsr = self.sa.generate_ts(self.p.ts_is_ip4)
        plain = (
            ikev2.IKEv2_payload_AUTH(
                next_payload="SA",
                auth_type=AuthMethod.value(self.sa.auth_method),
                load=self.sa.auth_data,
            )
            / ikev2.IKEv2_payload_SA(next_payload="TSi", prop=props)
            / ikev2.IKEv2_payload_TSi(
                next_payload="TSr", number_of_TSs=len(tsi), traffic_selector=tsi
            )
            / ikev2.IKEv2_payload_TSr(
                next_payload=last_payload, number_of_TSs=len(tsr), traffic_selector=tsr
            )
        )

        if is_rekey:
            first_payload = "Nonce"
            if kex:
                head = ikev2.IKEv2_payload_Nonce(
                    load=self.sa.i_nonce, next_payload="KE"
                ) / ikev2.IKEv2_payload_KE(
                    group=self.sa.ike_dh, load=self.sa.my_dh_pub_key, next_payload="SA"
                )
            else:
                head = ikev2.IKEv2_payload_Nonce(
                    load=self.sa.i_nonce, next_payload="SA"
                )
            plain = (
                head
                / plain
                / ikev2.IKEv2_payload_Notify(
                    type="REKEY_SA",
                    proto="ESP",
                    SPI=c.ispi,
                    length=8 + len(c.ispi),
                    next_payload="Notify",
                )
                / ikev2.IKEv2_payload_Notify(type="ESP_TFC_PADDING_NOT_SUPPORTED")
            )
        else:
            first_payload = "IDi"
            if self.no_idr_auth:
                ids = ikev2.IKEv2_payload_IDi(
                    next_payload="AUTH", IDtype=self.sa.id_type, load=self.sa.i_id
                )
            else:
                ids = ikev2.IKEv2_payload_IDi(
                    next_payload="IDr", IDtype=self.sa.id_type, load=self.sa.i_id
                ) / ikev2.IKEv2_payload_IDr(
                    next_payload="AUTH", IDtype=self.sa.id_type, load=self.sa.r_id
                )
            plain = ids / plain
        return plain, first_payload

    def send_sa_auth(self):
        plain, first_payload = self.generate_auth_payload(last_payload="Notify")
        plain = plain / ikev2.IKEv2_payload_Notify(type="INITIAL_CONTACT")
        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            id=self.sa.new_msg_id(),
            flags="Initiator",
            exch_type="IKE_AUTH",
        )

        ike_msg = self.encrypt_ike_msg(header, plain, first_payload)
        packet = self.create_packet(
            self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
        )
        self.pg0.add_stream(packet)
        self.pg0.enable_capture()
        self.pg_start()
        capture = self.pg0.get_capture(1)
        self.verify_sa_auth_resp(capture[0])

    def verify_sa_init(self, packet):
        ih = self.get_ike_header(packet)

        self.assertEqual(ih.id, self.sa.msg_id)
        self.assertEqual(ih.exch_type, 34)
        self.assertIn("Response", ih.flags)
        self.assertEqual(ih.init_SPI, self.sa.ispi)
        self.assertNotEqual(ih.resp_SPI, 0)
        self.sa.rspi = ih.resp_SPI
        try:
            sa = ih[ikev2.IKEv2_payload_SA]
            self.sa.r_nonce = ih[ikev2.IKEv2_payload_Nonce].load
            self.sa.r_dh_data = ih[ikev2.IKEv2_payload_KE].load
        except IndexError as e:
            self.logger.error("unexpected reply: SA/Nonce/KE payload found!")
            self.logger.error(ih.show())
            raise
        self.sa.complete_dh_data()
        self.sa.calc_keys()
        self.sa.auth_init()

    def verify_sa_auth_resp(self, packet):
        ike = self.get_ike_header(packet)
        udp = packet[UDP]
        self.verify_udp(udp)
        self.assertEqual(ike.id, self.sa.msg_id)
        plain = self.sa.hmac_and_decrypt(ike)
        idr = ikev2.IKEv2_payload_IDr(plain)
        prop = idr[ikev2.IKEv2_payload_Proposal]
        self.assertEqual(prop.SPIsize, 4)
        self.sa.child_sas[0].rspi = prop.SPI
        self.sa.calc_child_keys()

    IKE_NODE_SUFFIX = "ip4"

    def verify_counters(self):
        self.assert_counter(2, "processed", self.IKE_NODE_SUFFIX)
        self.assert_counter(1, "init_sa_req", self.IKE_NODE_SUFFIX)
        self.assert_counter(1, "ike_auth_req", self.IKE_NODE_SUFFIX)

        r = self.vapi.ikev2_sa_dump()
        s = r[0].sa.stats
        self.assertEqual(1, s.n_sa_auth_req)
        self.assertEqual(1, s.n_sa_init_req)

    def test_responder(self):
        self.send_sa_init_req()
        self.send_sa_auth()
        self.verify_ipsec_sas()
        self.verify_ike_sas()
        self.verify_counters()


class Ikev2Params(object):
    def config_params(self, params={}):
        ec = VppEnum.vl_api_ipsec_crypto_alg_t
        ei = VppEnum.vl_api_ipsec_integ_alg_t
        self.vpp_enums = {
            "AES-CBC-128": ec.IPSEC_API_CRYPTO_ALG_AES_CBC_128,
            "AES-CBC-192": ec.IPSEC_API_CRYPTO_ALG_AES_CBC_192,
            "AES-CBC-256": ec.IPSEC_API_CRYPTO_ALG_AES_CBC_256,
            "AES-GCM-16ICV-128": ec.IPSEC_API_CRYPTO_ALG_AES_GCM_128,
            "AES-GCM-16ICV-192": ec.IPSEC_API_CRYPTO_ALG_AES_GCM_192,
            "AES-GCM-16ICV-256": ec.IPSEC_API_CRYPTO_ALG_AES_GCM_256,
            "HMAC-SHA1-96": ei.IPSEC_API_INTEG_ALG_SHA1_96,
            "SHA2-256-128": ei.IPSEC_API_INTEG_ALG_SHA_256_128,
            "SHA2-384-192": ei.IPSEC_API_INTEG_ALG_SHA_384_192,
            "SHA2-512-256": ei.IPSEC_API_INTEG_ALG_SHA_512_256,
        }

        dpd_disabled = True if "dpd_disabled" not in params else params["dpd_disabled"]
        if dpd_disabled:
            self.vapi.cli("ikev2 dpd disable")
        self.del_sa_from_responder = (
            False
            if "del_sa_from_responder" not in params
            else params["del_sa_from_responder"]
        )
        i_natt = False if "i_natt" not in params else params["i_natt"]
        r_natt = False if "r_natt" not in params else params["r_natt"]
        self.p = Profile(self, "pr1")
        self.ip6 = False if "ip6" not in params else params["ip6"]

        if "auth" in params and params["auth"] == "rsa-sig":
            auth_method = "rsa-sig"
            work_dir = f"{config.vpp_ws_dir}/src/plugins/ikev2/test/certs/"
            self.vapi.ikev2_set_local_key(key_file=work_dir + params["server-key"])

            client_file = work_dir + params["client-cert"]
            server_pem = open(work_dir + params["server-cert"]).read()
            client_priv = open(work_dir + params["client-key"]).read()
            client_priv = load_pem_private_key(
                str.encode(client_priv), None, default_backend()
            )
            self.peer_cert = x509.load_pem_x509_certificate(
                str.encode(server_pem), default_backend()
            )
            self.p.add_auth(method="rsa-sig", data=str.encode(client_file))
            auth_data = None
        else:
            auth_data = b"$3cr3tpa$$w0rd"
            self.p.add_auth(method="shared-key", data=auth_data)
            auth_method = "shared-key"
            client_priv = None

        is_init = True if "is_initiator" not in params else params["is_initiator"]
        self.no_idr_auth = params.get("no_idr_in_auth", False)

        idr = {"id_type": "fqdn", "data": b"vpp.home"}
        idi = {"id_type": "fqdn", "data": b"roadwarrior.example.com"}
        r_id = self.idr = idr["data"]
        i_id = self.idi = idi["data"]
        if is_init:
            # scapy is initiator, VPP is responder
            self.p.add_local_id(**idr)
            self.p.add_remote_id(**idi)
            if self.no_idr_auth:
                r_id = None
        else:
            # VPP is initiator, scapy is responder
            self.p.add_local_id(**idi)
            if not self.no_idr_auth:
                self.p.add_remote_id(**idr)

        loc_ts = (
            {"start_addr": "10.10.10.0", "end_addr": "10.10.10.255"}
            if "loc_ts" not in params
            else params["loc_ts"]
        )
        rem_ts = (
            {"start_addr": "10.0.0.0", "end_addr": "10.0.0.255"}
            if "rem_ts" not in params
            else params["rem_ts"]
        )
        self.p.add_local_ts(**loc_ts)
        self.p.add_remote_ts(**rem_ts)
        if "responder" in params:
            self.p.add_responder(params["responder"])
        if "ike_transforms" in params:
            self.p.add_ike_transforms(params["ike_transforms"])
        if "esp_transforms" in params:
            self.p.add_esp_transforms(params["esp_transforms"])

        udp_encap = False if "udp_encap" not in params else params["udp_encap"]
        if udp_encap:
            self.p.set_udp_encap(True)

        if "responder_hostname" in params:
            hn = params["responder_hostname"]
            self.p.add_responder_hostname(hn)

            # configure static dns record
            self.vapi.dns_name_server_add_del(
                is_ip6=0, is_add=1, server_address=IPv4Address("8.8.8.8").packed
            )
            self.vapi.dns_enable_disable(enable=1)

            cmd = "dns cache add {} {}".format(hn["hostname"], self.pg0.remote_ip4)
            self.vapi.cli(cmd)

        self.sa = IKEv2SA(
            self,
            i_id=i_id,
            r_id=r_id,
            is_initiator=is_init,
            id_type=self.p.local_id["id_type"],
            i_natt=i_natt,
            r_natt=r_natt,
            priv_key=client_priv,
            auth_method=auth_method,
            nonce=params.get("nonce"),
            auth_data=auth_data,
            udp_encap=udp_encap,
            local_ts=self.p.remote_ts,
            remote_ts=self.p.local_ts,
        )

        if is_init:
            ike_crypto = (
                ("AES-CBC", 32) if "ike-crypto" not in params else params["ike-crypto"]
            )
            ike_integ = (
                "HMAC-SHA1-96" if "ike-integ" not in params else params["ike-integ"]
            )
            ike_dh = "2048MODPgr" if "ike-dh" not in params else params["ike-dh"]

            esp_crypto = (
                ("AES-CBC", 32) if "esp-crypto" not in params else params["esp-crypto"]
            )
            esp_integ = (
                "HMAC-SHA1-96" if "esp-integ" not in params else params["esp-integ"]
            )

            self.sa.set_ike_props(
                crypto=ike_crypto[0],
                crypto_key_len=ike_crypto[1],
                integ=ike_integ,
                prf="PRF_HMAC_SHA2_256",
                dh=ike_dh,
            )
            self.sa.set_esp_props(
                crypto=esp_crypto[0], crypto_key_len=esp_crypto[1], integ=esp_integ
            )


@unittest.skipIf("ikev2" in config.excluded_plugins, "Exclude IKEv2 plugin tests")
class TestApi(VppTestCase):
    """Test IKEV2 API"""

    @classmethod
    def setUpClass(cls):
        super(TestApi, cls).setUpClass()

    @classmethod
    def tearDownClass(cls):
        super(TestApi, cls).tearDownClass()

    def tearDown(self):
        super(TestApi, self).tearDown()
        self.p1.remove_vpp_config()
        self.p2.remove_vpp_config()
        r = self.vapi.ikev2_profile_dump()
        self.assertEqual(len(r), 0)

    def configure_profile(self, cfg):
        p = Profile(self, cfg["name"])
        p.add_local_id(id_type=cfg["loc_id"][0], data=cfg["loc_id"][1])
        p.add_remote_id(id_type=cfg["rem_id"][0], data=cfg["rem_id"][1])
        p.add_local_ts(**cfg["loc_ts"])
        p.add_remote_ts(**cfg["rem_ts"])
        p.add_responder(cfg["responder"])
        p.add_ike_transforms(cfg["ike_ts"])
        p.add_esp_transforms(cfg["esp_ts"])
        p.add_auth(**cfg["auth"])
        p.set_udp_encap(cfg["udp_encap"])
        p.set_ipsec_over_udp_port(cfg["ipsec_over_udp_port"])
        if "lifetime_data" in cfg:
            p.set_lifetime_data(cfg["lifetime_data"])
        if "tun_itf" in cfg:
            p.set_tunnel_interface(cfg["tun_itf"])
        if "natt_disabled" in cfg and cfg["natt_disabled"]:
            p.disable_natt()
        p.add_vpp_config()
        return p

    def test_profile_api(self):
        """test profile dump API"""
        loc_ts4 = {
            "proto": 8,
            "start_port": 1,
            "end_port": 19,
            "start_addr": "3.3.3.2",
            "end_addr": "3.3.3.3",
        }
        rem_ts4 = {
            "proto": 9,
            "start_port": 10,
            "end_port": 119,
            "start_addr": "4.5.76.80",
            "end_addr": "2.3.4.6",
        }

        loc_ts6 = {
            "proto": 8,
            "start_port": 1,
            "end_port": 19,
            "start_addr": "ab::1",
            "end_addr": "ab::4",
        }
        rem_ts6 = {
            "proto": 9,
            "start_port": 10,
            "end_port": 119,
            "start_addr": "cd::12",
            "end_addr": "cd::13",
        }

        conf = {
            "p1": {
                "name": "p1",
                "natt_disabled": True,
                "loc_id": ("fqdn", b"vpp.home"),
                "rem_id": ("fqdn", b"roadwarrior.example.com"),
                "loc_ts": loc_ts4,
                "rem_ts": rem_ts4,
                "responder": {"sw_if_index": 0, "addr": "5.6.7.8"},
                "ike_ts": {
                    "crypto_alg": 20,
                    "crypto_key_size": 32,
                    "integ_alg": 0,
                    "dh_group": 1,
                },
                "esp_ts": {"crypto_alg": 13, "crypto_key_size": 24, "integ_alg": 2},
                "auth": {"method": "shared-key", "data": b"sharedkeydata"},
                "udp_encap": True,
                "ipsec_over_udp_port": 4501,
                "lifetime_data": {
                    "lifetime": 123,
                    "lifetime_maxdata": 20192,
                    "lifetime_jitter": 9,
                    "handover": 132,
                },
            },
            "p2": {
                "name": "p2",
                "loc_id": ("ip4-addr", b"192.168.2.1"),
                "rem_id": ("ip6-addr", b"abcd::1"),
                "loc_ts": loc_ts6,
                "rem_ts": rem_ts6,
                "responder": {"sw_if_index": 4, "addr": "def::10"},
                "ike_ts": {
                    "crypto_alg": 12,
                    "crypto_key_size": 16,
                    "integ_alg": 3,
                    "dh_group": 3,
                },
                "esp_ts": {"crypto_alg": 9, "crypto_key_size": 24, "integ_alg": 4},
                "auth": {"method": "shared-key", "data": b"sharedkeydata"},
                "udp_encap": False,
                "ipsec_over_udp_port": 4600,
                "tun_itf": 0,
            },
        }
        self.p1 = self.configure_profile(conf["p1"])
        self.p2 = self.configure_profile(conf["p2"])

        r = self.vapi.ikev2_profile_dump()
        self.assertEqual(len(r), 2)
        self.verify_profile(r[0].profile, conf["p1"])
        self.verify_profile(r[1].profile, conf["p2"])

    def verify_id(self, api_id, cfg_id):
        self.assertEqual(api_id.type, IDType.value(cfg_id[0]))
        self.assertEqual(bytes(api_id.data, "ascii"), cfg_id[1])

    def verify_ts(self, api_ts, cfg_ts):
        self.assertEqual(api_ts.protocol_id, cfg_ts["proto"])
        self.assertEqual(api_ts.start_port, cfg_ts["start_port"])
        self.assertEqual(api_ts.end_port, cfg_ts["end_port"])
        self.assertEqual(api_ts.start_addr, ip_address(text_type(cfg_ts["start_addr"])))
        self.assertEqual(api_ts.end_addr, ip_address(text_type(cfg_ts["end_addr"])))

    def verify_responder(self, api_r, cfg_r):
        self.assertEqual(api_r.sw_if_index, cfg_r["sw_if_index"])
        self.assertEqual(api_r.addr, ip_address(cfg_r["addr"]))

    def verify_transforms(self, api_ts, cfg_ts):
        self.assertEqual(api_ts.crypto_alg, cfg_ts["crypto_alg"])
        self.assertEqual(api_ts.crypto_key_size, cfg_ts["crypto_key_size"])
        self.assertEqual(api_ts.integ_alg, cfg_ts["integ_alg"])

    def verify_ike_transforms(self, api_ts, cfg_ts):
        self.verify_transforms(api_ts, cfg_ts)
        self.assertEqual(api_ts.dh_group, cfg_ts["dh_group"])

    def verify_esp_transforms(self, api_ts, cfg_ts):
        self.verify_transforms(api_ts, cfg_ts)

    def verify_auth(self, api_auth, cfg_auth):
        self.assertEqual(api_auth.method, AuthMethod.value(cfg_auth["method"]))
        self.assertEqual(api_auth.data, cfg_auth["data"])
        self.assertEqual(api_auth.data_len, len(cfg_auth["data"]))

    def verify_lifetime_data(self, p, ld):
        self.assertEqual(p.lifetime, ld["lifetime"])
        self.assertEqual(p.lifetime_maxdata, ld["lifetime_maxdata"])
        self.assertEqual(p.lifetime_jitter, ld["lifetime_jitter"])
        self.assertEqual(p.handover, ld["handover"])

    def verify_profile(self, ap, cp):
        self.assertEqual(ap.name, cp["name"])
        self.assertEqual(ap.udp_encap, cp["udp_encap"])
        self.verify_id(ap.loc_id, cp["loc_id"])
        self.verify_id(ap.rem_id, cp["rem_id"])
        self.verify_ts(ap.loc_ts, cp["loc_ts"])
        self.verify_ts(ap.rem_ts, cp["rem_ts"])
        self.verify_responder(ap.responder, cp["responder"])
        self.verify_ike_transforms(ap.ike_ts, cp["ike_ts"])
        self.verify_esp_transforms(ap.esp_ts, cp["esp_ts"])
        self.verify_auth(ap.auth, cp["auth"])
        natt_dis = False if "natt_disabled" not in cp else cp["natt_disabled"]
        self.assertTrue(natt_dis == ap.natt_disabled)

        if "lifetime_data" in cp:
            self.verify_lifetime_data(ap, cp["lifetime_data"])
        self.assertEqual(ap.ipsec_over_udp_port, cp["ipsec_over_udp_port"])
        if "tun_itf" in cp:
            self.assertEqual(ap.tun_itf, cp["tun_itf"])
        else:
            self.assertEqual(ap.tun_itf, 0xFFFFFFFF)


@tag_fixme_vpp_workers
class TestResponderBehindNAT(TemplateResponder, Ikev2Params):
    """test responder - responder behind NAT"""

    IKE_NODE_SUFFIX = "ip4-natt"

    def config_tc(self):
        self.config_params({"r_natt": True})


@tag_fixme_vpp_workers
class TestInitiatorNATT(TemplateInitiator, Ikev2Params):
    """test ikev2 initiator - NAT traversal (intitiator behind NAT)"""

    def config_tc(self):
        self.config_params(
            {
                "i_natt": True,
                "is_initiator": False,  # seen from test case perspective
                # thus vpp is initiator
                "responder": {
                    "sw_if_index": self.pg0.sw_if_index,
                    "addr": self.pg0.remote_ip4,
                },
                "ike-crypto": ("AES-GCM-16ICV", 32),
                "ike-integ": "NULL",
                "ike-dh": "3072MODPgr",
                "ike_transforms": {
                    "crypto_alg": 20,  # "aes-gcm-16"
                    "crypto_key_size": 256,
                    "dh_group": 15,  # "modp-3072"
                },
                "esp_transforms": {
                    "crypto_alg": 12,  # "aes-cbc"
                    "crypto_key_size": 256,
                    # "hmac-sha2-256-128"
                    "integ_alg": 12,
                },
            }
        )


@tag_fixme_vpp_workers
class TestInitiatorPsk(TemplateInitiator, Ikev2Params):
    """test ikev2 initiator - pre shared key auth"""

    def config_tc(self):
        self.config_params(
            {
                "is_initiator": False,  # seen from test case perspective
                # thus vpp is initiator
                "ike-crypto": ("AES-GCM-16ICV", 32),
                "ike-integ": "NULL",
                "ike-dh": "3072MODPgr",
                "ike_transforms": {
                    "crypto_alg": 20,  # "aes-gcm-16"
                    "crypto_key_size": 256,
                    "dh_group": 15,  # "modp-3072"
                },
                "esp_transforms": {
                    "crypto_alg": 12,  # "aes-cbc"
                    "crypto_key_size": 256,
                    # "hmac-sha2-256-128"
                    "integ_alg": 12,
                },
                "responder_hostname": {
                    "hostname": "vpp.responder.org",
                    "sw_if_index": self.pg0.sw_if_index,
                },
            }
        )


@tag_fixme_vpp_workers
class TestInitiatorRequestWindowSize(TestInitiatorPsk):
    """test initiator - request window size (1)"""

    def rekey_respond(self, req, update_child_sa_data):
        ih = self.get_ike_header(req)
        plain = self.sa.hmac_and_decrypt(ih)
        sa = ikev2.IKEv2_payload_SA(plain)
        if update_child_sa_data:
            prop = sa[ikev2.IKEv2_payload_Proposal]
            self.sa.i_nonce = sa[ikev2.IKEv2_payload_Nonce].load
            self.sa.r_nonce = self.sa.i_nonce
            self.sa.child_sas[0].ispi = prop.SPI
            self.sa.child_sas[0].rspi = prop.SPI
            self.sa.calc_child_keys()

        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            flags="Response",
            exch_type=36,
            id=ih.id,
            next_payload="Encrypted",
        )
        resp = self.encrypt_ike_msg(header, sa, "SA")
        packet = self.create_packet(
            self.pg0, resp, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
        )
        self.send_and_assert_no_replies(self.pg0, packet)

    def test_initiator(self):
        super(TestInitiatorRequestWindowSize, self).test_initiator()
        self.pg0.enable_capture()
        self.pg_start()
        ispi = int.from_bytes(self.sa.child_sas[0].ispi, "little")
        self.vapi.ikev2_initiate_rekey_child_sa(ispi=ispi)
        self.vapi.ikev2_initiate_rekey_child_sa(ispi=ispi)
        capture = self.pg0.get_capture(2)

        # reply in reverse order
        self.rekey_respond(capture[1], True)
        self.rekey_respond(capture[0], False)

        # verify that only the second request was accepted
        self.verify_ike_sas()
        self.verify_ipsec_sas(is_rekey=True)


@tag_fixme_vpp_workers
class TestInitiatorRekey(TestInitiatorPsk):
    """test ikev2 initiator - rekey"""

    def rekey_from_initiator(self):
        ispi = int.from_bytes(self.sa.child_sas[0].ispi, "little")
        self.pg0.enable_capture()
        self.pg_start()
        self.vapi.ikev2_initiate_rekey_child_sa(ispi=ispi)
        capture = self.pg0.get_capture(1)
        ih = self.get_ike_header(capture[0])
        self.assertEqual(ih.exch_type, 36)  # CHILD_SA
        self.assertNotIn("Response", ih.flags)
        self.assertIn("Initiator", ih.flags)
        plain = self.sa.hmac_and_decrypt(ih)
        sa = ikev2.IKEv2_payload_SA(plain)
        prop = sa[ikev2.IKEv2_payload_Proposal]
        self.sa.i_nonce = sa[ikev2.IKEv2_payload_Nonce].load
        self.sa.r_nonce = self.sa.i_nonce
        # update new responder SPI
        self.sa.child_sas[0].ispi = prop.SPI
        self.sa.child_sas[0].rspi = prop.SPI
        self.sa.calc_child_keys()
        header = ikev2.IKEv2(
            init_SPI=self.sa.ispi,
            resp_SPI=self.sa.rspi,
            flags="Response",
            exch_type=36,
            id=ih.id,
            next_payload="Encrypted",
        )
        resp = self.encrypt_ike_msg(header, sa, "SA")
        packet = self.create_packet(
            self.pg0, resp, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
        )
        self.send_and_assert_no_replies(self.pg0, packet)

    def test_initiator(self):
        super(TestInitiatorRekey, self).test_initiator()
        self.rekey_from_initiator()
        self.verify_ike_sas()
        self.verify_ipsec_sas(is_rekey=True)


@tag_fixme_vpp_workers
class TestInitiatorDelSAFromResponder(TemplateInitiator, Ikev2Params):
    """test ikev2 initiator - delete IKE SA from responder"""

    def config_tc(self):
        self.config_params(
            {
                "del_sa_from_responder": True,
                "is_initiator": False,  # seen from test case perspective
                # thus vpp is initiator
                "responder": {
                    "sw_if_index": self.pg0.sw_if_index,
                    "addr": self.pg0.remote_ip4,
                },
                "ike-crypto": ("AES-GCM-16ICV", 32),
                "ike-integ": "NULL",
                "ike-dh": "3072MODPgr",
                "ike_transforms": {
                    "crypto_alg": 20,  # "aes-gcm-16"
                    "crypto_key_size": 256,
                    "dh_group": 15,  # "modp-3072"
                },
                "esp_transforms": {
                    "crypto_alg": 12,  # "aes-cbc"
                    "crypto_key_size": 256,
                    # "hmac-sha2-256-128"
                    "integ_alg": 12,
                },
                "no_idr_in_auth": True,
            }
        )


@tag_fixme_vpp_workers
class TestResponderInitBehindNATT(TemplateResponder, Ikev2Params):
    """test ikev2 responder - initiator behind NAT"""

    IKE_NODE_SUFFIX = "ip4-natt"

    def config_tc(self):
        self.config_params({"i_natt": True})


@tag_fixme_vpp_workers
class TestResponderPsk(TemplateResponder, Ikev2Params):
    """test ikev2 responder - pre shared key auth"""

    def config_tc(self):
        self.config_params()


@tag_fixme_vpp_workers
class TestResponderDpd(TestResponderPsk):
    """
    Dead peer detection test
    """

    def config_tc(self):
        self.config_params({"dpd_disabled": False})

    def tearDown(self):
        pass

    def test_responder(self):
        self.vapi.ikev2_profile_set_liveness(period=2, max_retries=1)
        super(TestResponderDpd, self).test_responder()
        self.pg0.enable_capture()
        self.pg_start()
        # capture empty request but don't reply
        capture = self.pg0.get_capture(expected_count=1, timeout=5)
        ih = self.get_ike_header(capture[0])
        self.assertEqual(ih.exch_type, 37)  # INFORMATIONAL
        plain = self.sa.hmac_and_decrypt(ih)
        self.assertEqual(plain, b"")
        # wait for SA expiration
        time.sleep(3)
        ike_sas = self.vapi.ikev2_sa_dump()
        self.assertEqual(len(ike_sas), 0)
        ipsec_sas = self.vapi.ipsec_sa_dump()
        self.assertEqual(len(ipsec_sas), 0)


@tag_fixme_vpp_workers
class TestResponderRekey(TestResponderPsk):
    """test ikev2 responder - rekey"""

    WITH_KEX = False

    def send_rekey_from_initiator(self):
        if self.WITH_KEX:
            self.sa.generate_dh_data()
        packet = self.create_rekey_request(kex=self.WITH_KEX)
        self.pg0.add_stream(packet)
        self.pg0.enable_capture()
        self.pg_start()
        capture = self.pg0.get_capture(1)
        return capture

    def process_rekey_response(self, capture):
        ih = self.get_ike_header(capture[0])
        plain = self.sa.hmac_and_decrypt(ih)
        sa = ikev2.IKEv2_payload_SA(plain)
        prop = sa[ikev2.IKEv2_payload_Proposal]
        self.sa.r_nonce = sa[ikev2.IKEv2_payload_Nonce].load
        # update new responder SPI
        self.sa.child_sas[0].rspi = prop.SPI
        if self.WITH_KEX:
            self.sa.r_dh_data = sa[ikev2.IKEv2_payload_KE].load
            self.sa.complete_dh_data()
        self.sa.calc_child_keys(kex=self.WITH_KEX)

    def test_responder(self):
        super(TestResponderRekey, self).test_responder()
        self.process_rekey_response(self.send_rekey_from_initiator())
        self.verify_ike_sas()
        self.verify_ipsec_sas(is_rekey=True)
        self.assert_counter(1, "rekey_req", "ip4")
        r = self.vapi.ikev2_sa_dump()
        self.assertEqual(r[0].sa.stats.n_rekey_req, 1)


@tag_fixme_vpp_workers
class TestResponderRekeyRepeat(TestResponderRekey):
    """test ikev2 responder - rekey repeat"""

    def test_responder(self):
        super(TestResponderRekeyRepeat, self).test_responder()
        # rekey request is not accepted until old IPsec SA is expired
        capture = self.send_rekey_from_initiator()
        ih = self.get_ike_header(capture[0])
        plain = self.sa.hmac_and_decrypt(ih)
        notify = ikev2.IKEv2_payload_Notify(plain)
        self.assertEqual(notify.type, 43)
        self.assertEqual(len(self.vapi.ipsec_sa_dump()), 3)
        # rekey request is accepted after old IPsec SA was expired
        for _ in range(50):
            if len(self.vapi.ipsec_sa_dump()) != 3:
                break
            time.sleep(0.2)
        else:
            self.fail("old IPsec SA not expired")
        self.process_rekey_response(self.send_rekey_from_initiator())
        self.verify_ike_sas()
        self.verify_ipsec_sas(sa_count=3)


@tag_fixme_vpp_workers
class TestResponderRekeyKEX(TestResponderRekey):
    """test ikev2 responder - rekey with key exchange"""

    WITH_KEX = True


@tag_fixme_vpp_workers
class TestResponderRekeyRepeatKEX(TestResponderRekeyRepeat):
    """test ikev2 responder - rekey repeat with key exchange"""

    WITH_KEX = True


@tag_fixme_ubuntu2204
@tag_fixme_debian11
class TestResponderVrf(TestResponderPsk, Ikev2Params):
    """test ikev2 responder - non-default table id"""

    @classmethod
    def setUpClass(cls):
        import scapy.contrib.ikev2 as _ikev2

        globals()["ikev2"] = _ikev2
        super(IkePeer, cls).setUpClass()
        if (is_distro_ubuntu2204 == True or is_distro_debian11 == True) and not hasattr(
            cls, "vpp"
        ):
            return
        cls.create_pg_interfaces(range(1))
        cls.vapi.cli("ip table add 1")
        cls.vapi.cli("set interface ip table pg0 1")
        for i in cls.pg_interfaces:
            i.admin_up()
            i.config_ip4()
            i.resolve_arp()
            i.config_ip6()
            i.resolve_ndp()

    def config_tc(self):
        self.config_params({"dpd_disabled": False})

    def test_responder(self):
        self.vapi.ikev2_profile_set_liveness(period=2, max_retries=1)
        super(TestResponderVrf, self).test_responder()
        self.pg0.enable_capture()
        self.pg_start()
        capture = self.pg0.get_capture(expected_count=1, timeout=5)
        ih = self.get_ike_header(capture[0])
        self.assertEqual(ih.exch_type, 37)  # INFORMATIONAL
        plain = self.sa.hmac_and_decrypt(ih)
        self.assertEqual(plain, b"")


@tag_fixme_vpp_workers
class TestResponderRsaSign(TemplateResponder, Ikev2Params):
    """test ikev2 responder - cert based auth"""

    def config_tc(self):
        self.config_params(
            {
                "udp_encap": True,
                "auth": "rsa-sig",
                "server-key": "server-key.pem",
                "client-key": "client-key.pem",
                "client-cert": "client-cert.pem",
                "server-cert": "server-cert.pem",
            }
        )


@tag_fixme_vpp_workers
class Test_IKE_AES_CBC_128_SHA256_128_MODP2048_ESP_AES_CBC_192_SHA_384_192(
    TemplateResponder, Ikev2Params
):
    """
    IKE:AES_CBC_128_SHA256_128,DH=modp2048 ESP:AES_CBC_192_SHA_384_192
    """

    def config_tc(self):
        self.config_params(
            {
                "ike-crypto": ("AES-CBC", 16),
                "ike-integ": "SHA2-256-128",
                "esp-crypto": ("AES-CBC", 24),
                "esp-integ": "SHA2-384-192",
                "ike-dh": "2048MODPgr",
                "nonce": os.urandom(256),
                "no_idr_in_auth": True,
            }
        )


@tag_fixme_vpp_workers
class TestAES_CBC_128_SHA256_128_MODP3072_ESP_AES_GCM_16(
    TemplateResponder, Ikev2Params
):

    """
    IKE:AES_CBC_128_SHA256_128,DH=modp3072 ESP:AES_GCM_16
    """

    def config_tc(self):
        self.config_params(
            {
                "ike-crypto": ("AES-CBC", 32),
                "ike-integ": "SHA2-256-128",
                "esp-crypto": ("AES-GCM-16ICV", 32),
                "esp-integ": "NULL",
                "ike-dh": "3072MODPgr",
            }
        )


@tag_fixme_vpp_workers
class Test_IKE_AES_GCM_16_256(TemplateResponder, Ikev2Params):
    """
    IKE:AES_GCM_16_256
    """

    IKE_NODE_SUFFIX = "ip6"

    def config_tc(self):
        self.config_params(
            {
                "del_sa_from_responder": True,
                "ip6": True,
                "natt": True,
                "ike-crypto": ("AES-GCM-16ICV", 32),
                "ike-integ": "NULL",
                "ike-dh": "2048MODPgr",
                "loc_ts": {"start_addr": "ab:cd::0", "end_addr": "ab:cd::10"},
                "rem_ts": {"start_addr": "11::0", "end_addr": "11::100"},
            }
        )


@tag_fixme_vpp_workers
class TestInitiatorKeepaliveMsg(TestInitiatorPsk):
    """
    Test for keep alive messages
    """

    def send_empty_req_from_responder(self):
        packet = self.create_empty_request()
        self.pg0.add_stream(packet)
        self.pg0.enable_capture()
        self.pg_start()
        capture = self.pg0.get_capture(1)
        ih = self.get_ike_header(capture[0])
        self.assertEqual(ih.id, self.sa.msg_id)
        plain = self.sa.hmac_and_decrypt(ih)
        self.assertEqual(plain, b"")
        self.assert_counter(1, "keepalive", "ip4")
        r = self.vapi.ikev2_sa_dump()
        self.assertEqual(1, r[0].sa.stats.n_keepalives)

    def test_initiator(self):
        super(TestInitiatorKeepaliveMsg, self).test_initiator()
        self.send_empty_req_from_responder()


class TestMalformedMessages(TemplateResponder, Ikev2Params):
    """malformed packet test"""

    def tearDown(self):
        pass

    def config_tc(self):
        self.config_params()

    def create_ike_init_msg(self, length=None, payload=None):
        msg = ikev2.IKEv2(
            length=length,
            init_SPI="\x11" * 8,
            flags="Initiator",
            exch_type="IKE_SA_INIT",
        )
        if payload is not None:
            msg /= payload
        return self.create_packet(self.pg0, msg, self.sa.sport, self.sa.dport)

    def verify_bad_packet_length(self):
        ike_msg = self.create_ike_init_msg(length=0xDEAD)
        self.send_and_assert_no_replies(self.pg0, ike_msg * self.pkt_count)
        self.assert_counter(self.pkt_count, "bad_length")

    def verify_bad_sa_payload_length(self):
        p = ikev2.IKEv2_payload_SA(length=0xDEAD)
        ike_msg = self.create_ike_init_msg(payload=p)
        self.send_and_assert_no_replies(self.pg0, ike_msg * self.pkt_count)
        self.assert_counter(self.pkt_count, "malformed_packet")

    def test_responder(self):
        self.pkt_count = 254
        self.verify_bad_packet_length()
        self.verify_bad_sa_payload_length()


if __name__ == "__main__":
    unittest.main(testRunner=VppTestRunner)