aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--test/test_ipsec_esp.py480
1 files changed, 398 insertions, 82 deletions
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 77d22b95a33..2ac919142d8 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -353,23 +353,15 @@ class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests):
pass
-class TestIpsecEspAll(ConfigIpsecESP,
- IpsecTra4, IpsecTra6,
- IpsecTun4, IpsecTun6):
- """ Ipsec ESP all Algos """
-
- def setUp(self):
- super(TestIpsecEspAll, self).setUp()
-
- def tearDown(self):
- super(TestIpsecEspAll, self).tearDown()
-
- @parameterized.expand(["ia32", "ipsecmb", "openssl"])
- def test_crypto_algs(self, engine):
- """AES-[CBC, GCM]-[128, 192, 256] 3DES-CBC SHA1 MD5 w/ & w/o ESN"""
-
+class MyParameters():
+ def __init__(self):
+ self.engines = ["ia32", "ipsecmb", "openssl"]
+ flag_esn = VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN
+ self.flags = [0, flag_esn]
# foreach crypto algorithm
- algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ self.algos = {
+ 'AES-GCM-128/NONE': {
+ 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_GCM_128),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_NONE),
@@ -377,7 +369,8 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-integ': "NULL",
'key': "JPjyOWBeVEQiMe7h",
'salt': 0},
- {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ 'AES-GCM-192/NONE': {
+ 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_GCM_192),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_NONE),
@@ -385,7 +378,8 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-integ': "NULL",
'key': "JPjyOWBeVEQiMe7h01234567",
'salt': 1010},
- {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ 'AES-GCM-256/NONE': {
+ 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_GCM_256),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_NONE),
@@ -393,7 +387,8 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-integ': "NULL",
'key': "JPjyOWBeVEQiMe7h0123456787654321",
'salt': 2020},
- {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ 'AES-CBC-128/MD5-96': {
+ 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_128),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_MD5_96),
@@ -401,7 +396,8 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-integ': "HMAC-MD5-96",
'salt': 0,
'key': "JPjyOWBeVEQiMe7h"},
- {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ 'AES-CBC-192/SHA1-96': {
+ 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_192),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA1_96),
@@ -409,7 +405,8 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
'key': "JPjyOWBeVEQiMe7hJPjyOWBe"},
- {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ 'AES-CBC-256/SHA1-96': {
+ 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_256),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA1_96),
@@ -417,7 +414,8 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"},
- {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ '3DES-CBC/SHA1-96': {
+ 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_3DES_CBC),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA1_96),
@@ -425,77 +423,395 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
'key': "JPjyOWBeVEQiMe7h00112233"},
- {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ 'NONE/SHA1-96': {
+ 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_NONE),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA1_96),
'scapy-crypto': "NULL",
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
- 'key': "JPjyOWBeVEQiMe7h00112233"}]
+ 'key': "JPjyOWBeVEQiMe7h00112233"}}
- # with and without ESN
- flags = [0,
- VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN]
+class RunTestIpsecEspAll(ConfigIpsecESP,
+ IpsecTra4, IpsecTra6,
+ IpsecTun4, IpsecTun6):
+ """ Ipsec ESP all Algos """
+
+ def setUp(self):
+ super(RunTestIpsecEspAll, self).setUp()
+ test_args = str.split(self.__doc__, " ")
+
+ params = MyParameters()
+ self.engine = test_args[0]
+ self.flag = params.flags[0]
+ if test_args[1] == 'ESN':
+ self.flag = params.flags[1]
+
+ self.algo = params.algos[test_args[2]]
+
+ def tearDown(self):
+ super(RunTestIpsecEspAll, self).tearDown()
+
+ def run_test(self):
+ self.run_a_test(self.engine, self.flag, self.algo)
+
+ def run_a_test(self, engine, flag, algo):
self.vapi.cli("set crypto handler all %s" % engine)
+
+ self.ipv4_params = IPsecIPv4Params()
+ self.ipv6_params = IPsecIPv6Params()
+
+ self.params = {self.ipv4_params.addr_type:
+ self.ipv4_params,
+ self.ipv6_params.addr_type:
+ self.ipv6_params}
+
+ for _, p in self.params.items():
+ p.auth_algo_vpp_id = algo['vpp-integ']
+ p.crypt_algo_vpp_id = algo['vpp-crypto']
+ p.crypt_algo = algo['scapy-crypto']
+ p.auth_algo = algo['scapy-integ']
+ p.crypt_key = algo['key']
+ p.salt = algo['salt']
+ p.flags = p.flags | flag
+
+ self.reporter.send_keep_alive(self)
+
+ #
+ # configure the SPDs. SAs, etc
+ #
+ self.config_network(self.params.values())
+
#
- # loop through each of the algorithms
+ # run some traffic.
+ # An exhautsive 4o6, 6o4 is not necessary
+ # for each algo
#
- for algo in algos:
- # with self.subTest(algo=algo['scapy']):
- for flag in flags:
- #
- # setup up the config paramters
- #
- self.ipv4_params = IPsecIPv4Params()
- self.ipv6_params = IPsecIPv6Params()
-
- self.params = {self.ipv4_params.addr_type:
- self.ipv4_params,
- self.ipv6_params.addr_type:
- self.ipv6_params}
-
- for _, p in self.params.items():
- p.auth_algo_vpp_id = algo['vpp-integ']
- p.crypt_algo_vpp_id = algo['vpp-crypto']
- p.crypt_algo = algo['scapy-crypto']
- p.auth_algo = algo['scapy-integ']
- p.crypt_key = algo['key']
- p.salt = algo['salt']
- p.flags = p.flags | flag
-
- self.reporter.send_keep_alive(self)
-
- #
- # configure the SPDs. SAs, etc
- #
- self.config_network(self.params.values())
-
- #
- # run some traffic.
- # An exhautsive 4o6, 6o4 is not necessary
- # for each algo
- #
- self.verify_tra_basic6(count=NUM_PKTS)
- self.verify_tra_basic4(count=NUM_PKTS)
- self.verify_tun_66(self.params[socket.AF_INET6],
- count=NUM_PKTS)
- self.verify_tun_44(self.params[socket.AF_INET],
- count=NUM_PKTS)
-
- #
- # remove the SPDs, SAs, etc
- #
- self.unconfig_network()
-
- #
- # reconfigure the network and SA to run the
- # anti replay tests
- #
- self.config_network(self.params.values())
- self.verify_tra_anti_replay()
- self.unconfig_network()
+ self.verify_tra_basic6(count=NUM_PKTS)
+ self.verify_tra_basic4(count=NUM_PKTS)
+ self.verify_tun_66(self.params[socket.AF_INET6],
+ count=NUM_PKTS)
+ self.verify_tun_44(self.params[socket.AF_INET],
+ count=NUM_PKTS)
+
+ #
+ # remove the SPDs, SAs, etc
+ #
+ self.unconfig_network()
+
+ #
+ # reconfigure the network and SA to run the
+ # anti replay tests
+ #
+ self.config_network(self.params.values())
+ self.verify_tra_anti_replay()
+ self.unconfig_network()
+
+#
+# To generate test classes, do:
+# grep '# GEN' test_ipsec_esp.py | sed -e 's/# GEN //g' | bash
+#
+# GEN for ENG in ia32 ipsecmb openssl; do \
+# GEN for FLG in noESN ESN; do for ALG in AES-GCM-128/NONE \
+# GEN AES-GCM-192/NONE AES-GCM-256/NONE AES-CBC-128/MD5-96 \
+# GEN AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96 \
+# GEN 3DES-CBC/SHA1-96 NONE/SHA1-96; do \
+# GEN echo -e "\n\nclass Test_${ENG}_${FLG}_${ALG}(RunTestIpsecEspAll):" |
+# GEN sed -e 's/-/_/g' -e 's#/#_#g' ; \
+# GEN echo ' """'$ENG $FLG $ALG IPSec test'"""' ;
+# GEN echo " def test_ipsec(self):";
+# GEN echo " self.run_test()";
+# GEN done; done; done
+
+
+class Test_ia32_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """ia32 noESN AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """ia32 noESN AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """ia32 noESN AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """ia32 noESN AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """ia32 noESN AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """ia32 noESN AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """ia32 noESN 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
+ """ia32 noESN NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """ia32 ESN AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """ia32 ESN AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """ia32 ESN AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """ia32 ESN AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """ia32 ESN AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """ia32 ESN AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """ia32 ESN 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ia32_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
+ """ia32 ESN NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """ipsecmb noESN AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """ipsecmb noESN AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """ipsecmb noESN AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """ipsecmb noESN AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb noESN AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb noESN AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb noESN 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb noESN NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESN AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESN AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """ipsecmb ESN AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """ipsecmb ESN AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESN AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESN AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESN 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_ipsecmb_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
+ """ipsecmb ESN NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """openssl noESN AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """openssl noESN AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """openssl noESN AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """openssl noESN AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl noESN AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl noESN AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """openssl noESN 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
+ """openssl noESN NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
+ """openssl ESN AES-GCM-128/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
+ """openssl ESN AES-GCM-192/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
+ """openssl ESN AES-GCM-256/NONE IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
+ """openssl ESN AES-CBC-128/MD5-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESN AES-CBC-192/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESN AES-CBC-256/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESN 3DES-CBC/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
+
+
+class Test_openssl_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
+ """openssl ESN NONE/SHA1-96 IPSec test"""
+ def test_ipsec(self):
+ self.run_test()
if __name__ == '__main__':