diff options
-rw-r--r-- | test/test_ipsec_esp.py | 480 |
1 files changed, 398 insertions, 82 deletions
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index 77d22b95a33..2ac919142d8 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -353,23 +353,15 @@ class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests): pass -class TestIpsecEspAll(ConfigIpsecESP, - IpsecTra4, IpsecTra6, - IpsecTun4, IpsecTun6): - """ Ipsec ESP all Algos """ - - def setUp(self): - super(TestIpsecEspAll, self).setUp() - - def tearDown(self): - super(TestIpsecEspAll, self).tearDown() - - @parameterized.expand(["ia32", "ipsecmb", "openssl"]) - def test_crypto_algs(self, engine): - """AES-[CBC, GCM]-[128, 192, 256] 3DES-CBC SHA1 MD5 w/ & w/o ESN""" - +class MyParameters(): + def __init__(self): + self.engines = ["ia32", "ipsecmb", "openssl"] + flag_esn = VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN + self.flags = [0, flag_esn] # foreach crypto algorithm - algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + self.algos = { + 'AES-GCM-128/NONE': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_GCM_128), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_NONE), @@ -377,7 +369,8 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-integ': "NULL", 'key': "JPjyOWBeVEQiMe7h", 'salt': 0}, - {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + 'AES-GCM-192/NONE': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_GCM_192), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_NONE), @@ -385,7 +378,8 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-integ': "NULL", 'key': "JPjyOWBeVEQiMe7h01234567", 'salt': 1010}, - {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + 'AES-GCM-256/NONE': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_GCM_256), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_NONE), @@ -393,7 +387,8 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-integ': "NULL", 'key': "JPjyOWBeVEQiMe7h0123456787654321", 'salt': 2020}, - {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + 'AES-CBC-128/MD5-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_128), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_MD5_96), @@ -401,7 +396,8 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-integ': "HMAC-MD5-96", 'salt': 0, 'key': "JPjyOWBeVEQiMe7h"}, - {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + 'AES-CBC-192/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_192), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA1_96), @@ -409,7 +405,8 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-integ': "HMAC-SHA1-96", 'salt': 0, 'key': "JPjyOWBeVEQiMe7hJPjyOWBe"}, - {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + 'AES-CBC-256/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_AES_CBC_256), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA1_96), @@ -417,7 +414,8 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-integ': "HMAC-SHA1-96", 'salt': 0, 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}, - {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + '3DES-CBC/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_3DES_CBC), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA1_96), @@ -425,77 +423,395 @@ class TestIpsecEspAll(ConfigIpsecESP, 'scapy-integ': "HMAC-SHA1-96", 'salt': 0, 'key': "JPjyOWBeVEQiMe7h00112233"}, - {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. + 'NONE/SHA1-96': { + 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t. IPSEC_API_CRYPTO_ALG_NONE), 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t. IPSEC_API_INTEG_ALG_SHA1_96), 'scapy-crypto': "NULL", 'scapy-integ': "HMAC-SHA1-96", 'salt': 0, - 'key': "JPjyOWBeVEQiMe7h00112233"}] + 'key': "JPjyOWBeVEQiMe7h00112233"}} - # with and without ESN - flags = [0, - VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN] +class RunTestIpsecEspAll(ConfigIpsecESP, + IpsecTra4, IpsecTra6, + IpsecTun4, IpsecTun6): + """ Ipsec ESP all Algos """ + + def setUp(self): + super(RunTestIpsecEspAll, self).setUp() + test_args = str.split(self.__doc__, " ") + + params = MyParameters() + self.engine = test_args[0] + self.flag = params.flags[0] + if test_args[1] == 'ESN': + self.flag = params.flags[1] + + self.algo = params.algos[test_args[2]] + + def tearDown(self): + super(RunTestIpsecEspAll, self).tearDown() + + def run_test(self): + self.run_a_test(self.engine, self.flag, self.algo) + + def run_a_test(self, engine, flag, algo): self.vapi.cli("set crypto handler all %s" % engine) + + self.ipv4_params = IPsecIPv4Params() + self.ipv6_params = IPsecIPv6Params() + + self.params = {self.ipv4_params.addr_type: + self.ipv4_params, + self.ipv6_params.addr_type: + self.ipv6_params} + + for _, p in self.params.items(): + p.auth_algo_vpp_id = algo['vpp-integ'] + p.crypt_algo_vpp_id = algo['vpp-crypto'] + p.crypt_algo = algo['scapy-crypto'] + p.auth_algo = algo['scapy-integ'] + p.crypt_key = algo['key'] + p.salt = algo['salt'] + p.flags = p.flags | flag + + self.reporter.send_keep_alive(self) + + # + # configure the SPDs. SAs, etc + # + self.config_network(self.params.values()) + # - # loop through each of the algorithms + # run some traffic. + # An exhautsive 4o6, 6o4 is not necessary + # for each algo # - for algo in algos: - # with self.subTest(algo=algo['scapy']): - for flag in flags: - # - # setup up the config paramters - # - self.ipv4_params = IPsecIPv4Params() - self.ipv6_params = IPsecIPv6Params() - - self.params = {self.ipv4_params.addr_type: - self.ipv4_params, - self.ipv6_params.addr_type: - self.ipv6_params} - - for _, p in self.params.items(): - p.auth_algo_vpp_id = algo['vpp-integ'] - p.crypt_algo_vpp_id = algo['vpp-crypto'] - p.crypt_algo = algo['scapy-crypto'] - p.auth_algo = algo['scapy-integ'] - p.crypt_key = algo['key'] - p.salt = algo['salt'] - p.flags = p.flags | flag - - self.reporter.send_keep_alive(self) - - # - # configure the SPDs. SAs, etc - # - self.config_network(self.params.values()) - - # - # run some traffic. - # An exhautsive 4o6, 6o4 is not necessary - # for each algo - # - self.verify_tra_basic6(count=NUM_PKTS) - self.verify_tra_basic4(count=NUM_PKTS) - self.verify_tun_66(self.params[socket.AF_INET6], - count=NUM_PKTS) - self.verify_tun_44(self.params[socket.AF_INET], - count=NUM_PKTS) - - # - # remove the SPDs, SAs, etc - # - self.unconfig_network() - - # - # reconfigure the network and SA to run the - # anti replay tests - # - self.config_network(self.params.values()) - self.verify_tra_anti_replay() - self.unconfig_network() + self.verify_tra_basic6(count=NUM_PKTS) + self.verify_tra_basic4(count=NUM_PKTS) + self.verify_tun_66(self.params[socket.AF_INET6], + count=NUM_PKTS) + self.verify_tun_44(self.params[socket.AF_INET], + count=NUM_PKTS) + + # + # remove the SPDs, SAs, etc + # + self.unconfig_network() + + # + # reconfigure the network and SA to run the + # anti replay tests + # + self.config_network(self.params.values()) + self.verify_tra_anti_replay() + self.unconfig_network() + +# +# To generate test classes, do: +# grep '# GEN' test_ipsec_esp.py | sed -e 's/# GEN //g' | bash +# +# GEN for ENG in ia32 ipsecmb openssl; do \ +# GEN for FLG in noESN ESN; do for ALG in AES-GCM-128/NONE \ +# GEN AES-GCM-192/NONE AES-GCM-256/NONE AES-CBC-128/MD5-96 \ +# GEN AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96 \ +# GEN 3DES-CBC/SHA1-96 NONE/SHA1-96; do \ +# GEN echo -e "\n\nclass Test_${ENG}_${FLG}_${ALG}(RunTestIpsecEspAll):" | +# GEN sed -e 's/-/_/g' -e 's#/#_#g' ; \ +# GEN echo ' """'$ENG $FLG $ALG IPSec test'"""' ; +# GEN echo " def test_ipsec(self):"; +# GEN echo " self.run_test()"; +# GEN done; done; done + + +class Test_ia32_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll): + """ia32 noESN AES-GCM-128/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll): + """ia32 noESN AES-GCM-192/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll): + """ia32 noESN AES-GCM-256/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """ia32 noESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_noESN_NONE_SHA1_96(RunTestIpsecEspAll): + """ia32 noESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll): + """ia32 ESN AES-GCM-128/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll): + """ia32 ESN AES-GCM-192/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll): + """ia32 ESN AES-GCM-256/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """ia32 ESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ia32_ESN_NONE_SHA1_96(RunTestIpsecEspAll): + """ia32 ESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll): + """ipsecmb noESN AES-GCM-128/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll): + """ipsecmb noESN AES-GCM-192/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll): + """ipsecmb noESN AES-GCM-256/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """ipsecmb noESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_noESN_NONE_SHA1_96(RunTestIpsecEspAll): + """ipsecmb noESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll): + """ipsecmb ESN AES-GCM-128/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll): + """ipsecmb ESN AES-GCM-192/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll): + """ipsecmb ESN AES-GCM-256/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """ipsecmb ESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_ipsecmb_ESN_NONE_SHA1_96(RunTestIpsecEspAll): + """ipsecmb ESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll): + """openssl noESN AES-GCM-128/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll): + """openssl noESN AES-GCM-192/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll): + """openssl noESN AES-GCM-256/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """openssl noESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """openssl noESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """openssl noESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """openssl noESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_noESN_NONE_SHA1_96(RunTestIpsecEspAll): + """openssl noESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll): + """openssl ESN AES-GCM-128/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll): + """openssl ESN AES-GCM-192/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll): + """openssl ESN AES-GCM-256/NONE IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll): + """openssl ESN AES-CBC-128/MD5-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll): + """openssl ESN AES-CBC-192/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll): + """openssl ESN AES-CBC-256/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll): + """openssl ESN 3DES-CBC/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() + + +class Test_openssl_ESN_NONE_SHA1_96(RunTestIpsecEspAll): + """openssl ESN NONE/SHA1-96 IPSec test""" + def test_ipsec(self): + self.run_test() if __name__ == '__main__': |