diff options
author | Neale Ranns <nranns@cisco.com> | 2019-04-11 15:14:07 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-04-16 15:54:31 +0000 |
commit | 47feb1146ec3b0e1cf2ebd83cd5211e1df261194 (patch) | |
tree | 602218094ef655d3c430ba29762ebf64d59f15d7 /test/test_ipsec_esp.py | |
parent | 3cf215aab7237d44cf153b43d80a971be9300626 (diff) |
IPSEC: support GCM in ESP
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test/test_ipsec_esp.py')
-rw-r--r-- | test/test_ipsec_esp.py | 60 |
1 files changed, 46 insertions, 14 deletions
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 403f0bb0b61..8d9b3ecb9e2 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -1,5 +1,6 @@ import socket import unittest +import struct from scapy.layers.ipsec import ESP from scapy.layers.inet import UDP @@ -357,23 +358,51 @@ class TestIpsecEspAll(ConfigIpsecESP, super(TestIpsecEspAll, self).tearDown() def test_crypto_algs(self): - """All engines AES-CBC-[128, 192, 256] w/ & w/o ESN""" + """All engines AES-[CBC, GCM]-[128, 192, 256] w/ & w/o ESN""" # foreach VPP crypto engine engines = ["ia32", "ipsecmb", "openssl"] # foreach crypto algorithm - algos = [{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_128, - 'scapy': "AES-CBC", + algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_128), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': "JPjyOWBeVEQiMe7h", + 'salt': struct.pack("!L", 0)}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_GCM_256), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_NONE), + 'scapy-crypto': "AES-GCM", + 'scapy-integ': "NULL", + 'key': "JPjyOWBeVEQiMe7h0123456787654321", + 'salt': struct.pack("!L", 0)}, + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_128), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': '', 'key': "JPjyOWBeVEQiMe7h"}, - {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_192, - 'scapy': "AES-CBC", + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_192), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': '', 'key': "JPjyOWBeVEQiMe7hJPjyOWBe"}, - {'vpp': VppEnum.vl_api_ipsec_crypto_alg_t. - IPSEC_API_CRYPTO_ALG_AES_CBC_256, - 'scapy': "AES-CBC", + {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + IPSEC_API_CRYPTO_ALG_AES_CBC_256), + 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. + IPSEC_API_INTEG_ALG_SHA1_96), + 'scapy-crypto': "AES-CBC", + 'scapy-integ': "HMAC-SHA1-96", + 'salt': '', 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}] # with and without ESN @@ -404,9 +433,12 @@ class TestIpsecEspAll(ConfigIpsecESP, self.ipv6_params} for _, p in self.params.items(): - p.crypt_algo_vpp_id = algo['vpp'] - p.crypt_algo = algo['scapy'] + p.auth_algo_vpp_id = algo['vpp-integ'] + p.crypt_algo_vpp_id = algo['vpp-crypto'] + p.crypt_algo = algo['scapy-crypto'] + p.auth_algo = algo['scapy-integ'] p.crypt_key = algo['key'] + p.crypt_salt = algo['salt'] p.flags = p.flags | flag # @@ -421,8 +453,8 @@ class TestIpsecEspAll(ConfigIpsecESP, # self.verify_tra_basic6(count=17) self.verify_tra_basic4(count=17) - self.verify_tun_66(self.params[socket.AF_INET6], 1) - self.verify_tun_44(self.params[socket.AF_INET], 1) + self.verify_tun_66(self.params[socket.AF_INET6], 17) + self.verify_tun_44(self.params[socket.AF_INET], 17) # # remove the SPDs, SAs, etc |