ipsec: add support for AES CTR

Type: feature

Change-Id: I9f7742cb12ce30592b0b022c314b71c81fa7223a
Signed-off-by: Benoît Ganne <bganne@cisco.com>

2 files changed, 139 insertions, 3 deletions

diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index 9a9fbd070a6..918c99383af 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -94,7 +94,7 @@ class IPsecIPv6Params:
 
 
 def mk_scapy_crypt_key(p):
-    if p.crypt_algo == "AES-GCM":
+    if p.crypt_algo in ("AES-GCM", "AES-CTR"):
         return p.crypt_key + struct.pack("!I", p.salt)
     else:
         return p.crypt_key
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 78da401ea8a..178b1d248bf 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -610,7 +610,34 @@ class MyParameters():
                   'scapy-crypto': "NULL",
                   'scapy-integ': "HMAC-SHA1-96",
                   'salt': 0,
-                  'key': b"JPjyOWBeVEQiMe7h00112233"}}
+                  'key': b"JPjyOWBeVEQiMe7h00112233"},
+            'AES-CTR-128/SHA1-96': {
+                  'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+                                 IPSEC_API_CRYPTO_ALG_AES_CTR_128),
+                  'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+                                IPSEC_API_INTEG_ALG_SHA1_96),
+                  'scapy-crypto': "AES-CTR",
+                  'scapy-integ': "HMAC-SHA1-96",
+                  'salt': 0,
+                  'key': b"JPjyOWBeVEQiMe7h"},
+            'AES-CTR-192/SHA1-96': {
+                  'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+                                 IPSEC_API_CRYPTO_ALG_AES_CTR_192),
+                  'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+                                IPSEC_API_INTEG_ALG_SHA1_96),
+                  'scapy-crypto': "AES-CTR",
+                  'scapy-integ': "HMAC-SHA1-96",
+                  'salt': 1010,
+                  'key': b"JPjyOWBeVEQiMe7hJPjyOWBe"},
+            'AES-CTR-256/SHA1-96': {
+                  'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+                                 IPSEC_API_CRYPTO_ALG_AES_CTR_256),
+                  'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+                                IPSEC_API_INTEG_ALG_SHA1_96),
+                  'scapy-crypto': "AES-CTR",
+                  'scapy-integ': "HMAC-SHA1-96",
+                  'salt': 2020,
+                  'key': b"JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}}
 
 
 class RunTestIpsecEspAll(ConfigIpsecESP,
@@ -723,7 +750,8 @@ class RunTestIpsecEspAll(ConfigIpsecESP,
 # GEN   for FLG in noESN ESN; do for ALG in AES-GCM-128/NONE \
 # GEN     AES-GCM-192/NONE AES-GCM-256/NONE AES-CBC-128/MD5-96 \
 # GEN     AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96 \
-# GEN     3DES-CBC/SHA1-96 NONE/SHA1-96; do \
+# GEN     3DES-CBC/SHA1-96 NONE/SHA1-96 \
+# GEN     AES-CTR-128/SHA1-96 AES-CTR-192/SHA1-96 AES-CTR-256/SHA1-96; do \
 # GEN      [[ ${FLG} == "ESN" &&  ${ALG} == *"NONE" ]] && continue
 # GEN      echo -e "\n\nclass Test_${ENG}_${FLG}_${ALG}(RunTestIpsecEspAll):" |
 # GEN             sed -e 's/-/_/g' -e 's#/#_#g' ; \
@@ -781,6 +809,24 @@ class Test_ia32_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
         self.run_test()
 
 
+class Test_ia32_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+    """ia32 noESN AES-CTR-128/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_ia32_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+    """ia32 noESN AES-CTR-192/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_ia32_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+    """ia32 noESN AES-CTR-256/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
 class Test_ia32_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
     """ia32 ESN AES-CBC-128/MD5-96 IPSec test"""
     def test_ipsec(self):
@@ -811,6 +857,24 @@ class Test_ia32_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
         self.run_test()
 
 
+class Test_ia32_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+    """ia32 ESN AES-CTR-128/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_ia32_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+    """ia32 ESN AES-CTR-192/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_ia32_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+    """ia32 ESN AES-CTR-256/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
 class Test_ipsecmb_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
     """ipsecmb noESN AES-GCM-128/NONE IPSec test"""
     def test_ipsec(self):
@@ -859,6 +923,24 @@ class Test_ipsecmb_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
         self.run_test()
 
 
+class Test_ipsecmb_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+    """ipsecmb noESN AES-CTR-128/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_ipsecmb_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+    """ipsecmb noESN AES-CTR-192/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_ipsecmb_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+    """ipsecmb noESN AES-CTR-256/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
 class Test_ipsecmb_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
     """ipsecmb ESN AES-CBC-128/MD5-96 IPSec test"""
     def test_ipsec(self):
@@ -889,6 +971,24 @@ class Test_ipsecmb_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
         self.run_test()
 
 
+class Test_ipsecmb_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+    """ipsecmb ESN AES-CTR-128/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_ipsecmb_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+    """ipsecmb ESN AES-CTR-192/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_ipsecmb_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+    """ipsecmb ESN AES-CTR-256/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
 class Test_openssl_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
     """openssl noESN AES-GCM-128/NONE IPSec test"""
     def test_ipsec(self):
@@ -937,6 +1037,24 @@ class Test_openssl_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
         self.run_test()
 
 
+class Test_openssl_noESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+    """openssl noESN AES-CTR-128/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_openssl_noESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+    """openssl noESN AES-CTR-192/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_openssl_noESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+    """openssl noESN AES-CTR-256/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
 class Test_openssl_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
     """openssl ESN AES-CBC-128/MD5-96 IPSec test"""
     def test_ipsec(self):
@@ -967,5 +1085,23 @@ class Test_openssl_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
         self.run_test()
 
 
+class Test_openssl_ESN_AES_CTR_128_SHA1_96(RunTestIpsecEspAll):
+    """openssl ESN AES-CTR-128/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_openssl_ESN_AES_CTR_192_SHA1_96(RunTestIpsecEspAll):
+    """openssl ESN AES-CTR-192/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
+class Test_openssl_ESN_AES_CTR_256_SHA1_96(RunTestIpsecEspAll):
+    """openssl ESN AES-CTR-256/SHA1-96 IPSec test"""
+    def test_ipsec(self):
+        self.run_test()
+
+
 if __name__ == '__main__':
     unittest.main(testRunner=VppTestRunner)