summaryrefslogtreecommitdiffstats
path: root/test/test_ipsec_esp.py
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-04-11 15:14:07 +0000
committerDamjan Marion <dmarion@me.com>2019-04-16 15:54:31 +0000
commit47feb1146ec3b0e1cf2ebd83cd5211e1df261194 (patch)
tree602218094ef655d3c430ba29762ebf64d59f15d7 /test/test_ipsec_esp.py
parent3cf215aab7237d44cf153b43d80a971be9300626 (diff)
IPSEC: support GCM in ESP
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test/test_ipsec_esp.py')
-rw-r--r--test/test_ipsec_esp.py60
1 files changed, 46 insertions, 14 deletions
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 403f0bb0b61..8d9b3ecb9e2 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -1,5 +1,6 @@
import socket
import unittest
+import struct
from scapy.layers.ipsec import ESP
from scapy.layers.inet import UDP
@@ -357,23 +358,51 @@ class TestIpsecEspAll(ConfigIpsecESP,
super(TestIpsecEspAll, self).tearDown()
def test_crypto_algs(self):
- """All engines AES-CBC-[128, 192, 256] w/ & w/o ESN"""
+ """All engines AES-[CBC, GCM]-[128, 192, 256] w/ & w/o ESN"""
# foreach VPP crypto engine
engines = ["ia32", "ipsecmb", "openssl"]
# foreach crypto algorithm
- algos = [{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t.
- IPSEC_API_CRYPTO_ALG_AES_CBC_128,
- 'scapy': "AES-CBC",
+ algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_GCM_128),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_NONE),
+ 'scapy-crypto': "AES-GCM",
+ 'scapy-integ': "NULL",
+ 'key': "JPjyOWBeVEQiMe7h",
+ 'salt': struct.pack("!L", 0)},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_GCM_256),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_NONE),
+ 'scapy-crypto': "AES-GCM",
+ 'scapy-integ': "NULL",
+ 'key': "JPjyOWBeVEQiMe7h0123456787654321",
+ 'salt': struct.pack("!L", 0)},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_128),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "AES-CBC",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': '',
'key': "JPjyOWBeVEQiMe7h"},
- {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t.
- IPSEC_API_CRYPTO_ALG_AES_CBC_192,
- 'scapy': "AES-CBC",
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_192),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "AES-CBC",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': '',
'key': "JPjyOWBeVEQiMe7hJPjyOWBe"},
- {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t.
- IPSEC_API_CRYPTO_ALG_AES_CBC_256,
- 'scapy': "AES-CBC",
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_CBC_256),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "AES-CBC",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': '',
'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
# with and without ESN
@@ -404,9 +433,12 @@ class TestIpsecEspAll(ConfigIpsecESP,
self.ipv6_params}
for _, p in self.params.items():
- p.crypt_algo_vpp_id = algo['vpp']
- p.crypt_algo = algo['scapy']
+ p.auth_algo_vpp_id = algo['vpp-integ']
+ p.crypt_algo_vpp_id = algo['vpp-crypto']
+ p.crypt_algo = algo['scapy-crypto']
+ p.auth_algo = algo['scapy-integ']
p.crypt_key = algo['key']
+ p.crypt_salt = algo['salt']
p.flags = p.flags | flag
#
@@ -421,8 +453,8 @@ class TestIpsecEspAll(ConfigIpsecESP,
#
self.verify_tra_basic6(count=17)
self.verify_tra_basic4(count=17)
- self.verify_tun_66(self.params[socket.AF_INET6], 1)
- self.verify_tun_44(self.params[socket.AF_INET], 1)
+ self.verify_tun_66(self.params[socket.AF_INET6], 17)
+ self.verify_tun_44(self.params[socket.AF_INET], 17)
#
# remove the SPDs, SAs, etc