diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-04-16 02:41:34 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2019-04-17 13:05:07 +0000 |
| commit | 80f6fd53feaa10b4a798582100724075897c0944 (patch) | |
| tree | 1cd1a7f4b910cf5fbf32aa4b4e2c1028c6c980b7 /test/template_ipsec.py | |
| parent | d8cfbebce78e26a6ef7f6693e7c90dc3c6435d51 (diff) | |
IPSEC: Pass the algorithm salt (used in GCM) over the API
Change-Id: Ia8cea13f7b937294e6a080a55fb2ceff30063acf
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test/template_ipsec.py')
| -rw-r--r-- | test/template_ipsec.py | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py index 6e42ac7f9f4..d6641c45dd1 100644 --- a/test/template_ipsec.py +++ b/test/template_ipsec.py @@ -1,5 +1,6 @@ import unittest import socket +import struct from scapy.layers.inet import IP, ICMP, TCP, UDP from scapy.layers.ipsec import SecurityAssociation @@ -42,7 +43,7 @@ class IPsecIPv4Params(object): IPSEC_API_CRYPTO_ALG_AES_CBC_128) self.crypt_algo = 'AES-CBC' # scapy name self.crypt_key = 'JPjyOWBeVEQiMe7h' - self.crypt_salt = '' + self.salt = 0 self.flags = 0 self.nat_header = None @@ -78,7 +79,7 @@ class IPsecIPv6Params(object): IPSEC_API_CRYPTO_ALG_AES_CBC_128) self.crypt_algo = 'AES-CBC' # scapy name self.crypt_key = 'JPjyOWBeVEQiMe7h' - self.crypt_salt = '' + self.salt = 0 self.flags = 0 self.nat_header = None @@ -87,9 +88,14 @@ def config_tun_params(p, encryption_type, tun_if): ip_class_by_addr_type = {socket.AF_INET: IP, socket.AF_INET6: IPv6} use_esn = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t. IPSEC_API_SAD_FLAG_USE_ESN)) + if p.crypt_algo == "AES-GCM": + crypt_key = p.crypt_key + struct.pack("!I", p.salt) + else: + crypt_key = p.crypt_key p.scapy_tun_sa = SecurityAssociation( encryption_type, spi=p.vpp_tun_spi, - crypt_algo=p.crypt_algo, crypt_key=p.crypt_key + p.crypt_salt, + crypt_algo=p.crypt_algo, + crypt_key=crypt_key, auth_algo=p.auth_algo, auth_key=p.auth_key, tunnel_header=ip_class_by_addr_type[p.addr_type]( src=tun_if.remote_addr[p.addr_type], @@ -98,7 +104,8 @@ def config_tun_params(p, encryption_type, tun_if): use_esn=use_esn) p.vpp_tun_sa = SecurityAssociation( encryption_type, spi=p.scapy_tun_spi, - crypt_algo=p.crypt_algo, crypt_key=p.crypt_key + p.crypt_salt, + crypt_algo=p.crypt_algo, + crypt_key=crypt_key, auth_algo=p.auth_algo, auth_key=p.auth_key, tunnel_header=ip_class_by_addr_type[p.addr_type]( dst=tun_if.remote_addr[p.addr_type], @@ -110,11 +117,15 @@ def config_tun_params(p, encryption_type, tun_if): def config_tra_params(p, encryption_type): use_esn = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t. IPSEC_API_SAD_FLAG_USE_ESN)) + if p.crypt_algo == "AES-GCM": + crypt_key = p.crypt_key + struct.pack("!I", p.salt) + else: + crypt_key = p.crypt_key p.scapy_tra_sa = SecurityAssociation( encryption_type, spi=p.vpp_tra_spi, crypt_algo=p.crypt_algo, - crypt_key=p.crypt_key + p.crypt_salt, + crypt_key=crypt_key, auth_algo=p.auth_algo, auth_key=p.auth_key, nat_t_header=p.nat_header, @@ -123,7 +134,7 @@ def config_tra_params(p, encryption_type): encryption_type, spi=p.scapy_tra_spi, crypt_algo=p.crypt_algo, - crypt_key=p.crypt_key + p.crypt_salt, + crypt_key=crypt_key, auth_algo=p.auth_algo, auth_key=p.auth_key, nat_t_header=p.nat_header, |