summaryrefslogtreecommitdiffstats
path: root/test/test_ipsec_esp.py
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-04-16 02:41:34 +0000
committerDamjan Marion <dmarion@me.com>2019-04-17 13:05:07 +0000
commit80f6fd53feaa10b4a798582100724075897c0944 (patch)
tree1cd1a7f4b910cf5fbf32aa4b4e2c1028c6c980b7 /test/test_ipsec_esp.py
parentd8cfbebce78e26a6ef7f6693e7c90dc3c6435d51 (diff)
IPSEC: Pass the algorithm salt (used in GCM) over the API
Change-Id: Ia8cea13f7b937294e6a080a55fb2ceff30063acf Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'test/test_ipsec_esp.py')
-rw-r--r--test/test_ipsec_esp.py35
1 files changed, 24 insertions, 11 deletions
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 566ed347418..eb21c58ae91 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -1,6 +1,5 @@
import socket
import unittest
-import struct
from scapy.layers.ipsec import ESP
from scapy.layers.inet import UDP
@@ -102,6 +101,7 @@ class ConfigIpsecESP(TemplateIpsec):
addr_bcast = params.addr_bcast
e = VppEnum.vl_api_ipsec_spd_action_t
flags = params.flags
+ salt = params.salt
objs = []
params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
@@ -110,14 +110,16 @@ class ConfigIpsecESP(TemplateIpsec):
self.vpp_esp_protocol,
self.tun_if.local_addr[addr_type],
self.tun_if.remote_addr[addr_type],
- flags=flags)
+ flags=flags,
+ salt=salt)
params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
self.tun_if.remote_addr[addr_type],
self.tun_if.local_addr[addr_type],
- flags=flags)
+ flags=flags,
+ salt=salt)
objs.append(params.tun_sa_in)
objs.append(params.tun_sa_out)
@@ -185,18 +187,21 @@ class ConfigIpsecESP(TemplateIpsec):
IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
e = VppEnum.vl_api_ipsec_spd_action_t
flags = params.flags | flags
+ salt = params.salt
objs = []
params.tra_sa_in = VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
- flags=flags)
+ flags=flags,
+ salt=salt)
params.tra_sa_out = VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
auth_algo_vpp_id, auth_key,
crypt_algo_vpp_id, crypt_key,
self.vpp_esp_protocol,
- flags=flags)
+ flags=flags,
+ salt=salt)
objs.append(params.tra_sa_in)
objs.append(params.tra_sa_out)
@@ -371,7 +376,15 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-crypto': "AES-GCM",
'scapy-integ': "NULL",
'key': "JPjyOWBeVEQiMe7h",
- 'salt': struct.pack("!L", 0)},
+ 'salt': 0},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_AES_GCM_192),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_NONE),
+ 'scapy-crypto': "AES-GCM",
+ 'scapy-integ': "NULL",
+ 'key': "JPjyOWBeVEQiMe7h01234567",
+ 'salt': 1010},
{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_GCM_256),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
@@ -379,14 +392,14 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-crypto': "AES-GCM",
'scapy-integ': "NULL",
'key': "JPjyOWBeVEQiMe7h0123456787654321",
- 'salt': struct.pack("!L", 0)},
+ 'salt': 2020},
{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_128),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA1_96),
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
- 'salt': '',
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7h"},
{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_192),
@@ -394,7 +407,7 @@ class TestIpsecEspAll(ConfigIpsecESP,
IPSEC_API_INTEG_ALG_SHA1_96),
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
- 'salt': '',
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7hJPjyOWBe"},
{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_256),
@@ -402,7 +415,7 @@ class TestIpsecEspAll(ConfigIpsecESP,
IPSEC_API_INTEG_ALG_SHA1_96),
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
- 'salt': '',
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
# with and without ESN
@@ -437,7 +450,7 @@ class TestIpsecEspAll(ConfigIpsecESP,
p.crypt_algo = algo['scapy-crypto']
p.auth_algo = algo['scapy-integ']
p.crypt_key = algo['key']
- p.crypt_salt = algo['salt']
+ p.salt = algo['salt']
p.flags = p.flags | flag
#
ept in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef __LOOKUP_DPO_H__ #define __LOOKUP_DPO_H__ #include <vnet/vnet.h> #include <vnet/fib/fib_types.h> #include <vnet/dpo/dpo.h> /** * Switch to use the packet's source or destination address for lookup */ typedef enum lookup_input_t_ { LOOKUP_INPUT_SRC_ADDR, LOOKUP_INPUT_DST_ADDR, } __attribute__ ((packed)) lookup_input_t; #define LOOKUP_INPUTS { \ [LOOKUP_INPUT_SRC_ADDR] = "src-address", \ [LOOKUP_INPUT_DST_ADDR] = "dst-address", \ } /** * Switch to use the packet's source or destination address for lookup */ typedef enum lookup_table_t_ { LOOKUP_TABLE_FROM_INPUT_INTERFACE, LOOKUP_TABLE_FROM_CONFIG, } __attribute__ ((packed)) lookup_table_t; #define LOOKUP_TABLES { \ [LOOKUP_TABLE_FROM_INPUT_INTERFACE] = "table-input-interface", \ [LOOKUP_TABLE_FROM_CONFIG] = "table-configured", \ } /** * Switch to use the packet's source or destination address for lookup */ typedef enum lookup_cast_t_ { LOOKUP_UNICAST, LOOKUP_MULTICAST, } __attribute__ ((packed)) lookup_cast_t; #define LOOKUP_CASTS { \ [LOOKUP_UNICAST] = "unicast", \ [LOOKUP_MULTICAST] = "multicast", \ } /** * A representation of an MPLS label for imposition in the data-path */ typedef struct lookup_dpo_t { /** * required for pool_get_aligned. * memebers used in the switch path come first! */ CLIB_CACHE_LINE_ALIGN_MARK(cacheline0); /** * The FIB, or interface from which to get a FIB, in which to perform * the next lookup; */ fib_node_index_t lkd_fib_index; /** * The protocol of the FIB for the lookup, and hence * the protocol of the packet */ dpo_proto_t lkd_proto; /** * Switch to use src or dst address */ lookup_input_t lkd_input; /** * Switch to use the table index passed, or the table of the input interface */ lookup_table_t lkd_table; /** * Unicast of rmulticast FIB lookup */ lookup_cast_t lkd_cast; /** * Number of locks */ u16 lkd_locks; } lookup_dpo_t; extern void lookup_dpo_add_or_lock_w_fib_index(fib_node_index_t fib_index, dpo_proto_t proto, lookup_cast_t cast, lookup_input_t input, lookup_table_t table, dpo_id_t *dpo); extern void lookup_dpo_add_or_lock_w_table_id(u32 table_id, dpo_proto_t proto, lookup_cast_t cast, lookup_input_t input, lookup_table_t table, dpo_id_t *dpo); extern u8* format_lookup_dpo(u8 *s, va_list *args); /* * Encapsulation violation for fast data-path access */ extern lookup_dpo_t *lookup_dpo_pool; static inline lookup_dpo_t * lookup_dpo_get (index_t index) { return (pool_elt_at_index(lookup_dpo_pool, index)); } extern void lookup_dpo_module_init(void); #endif