From 17b7a067a2885318ca2bbbd65a580e330cbe3a4b Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Tue, 27 Aug 2019 12:26:14 +0000
Subject: ipsec: Fix NULL encryption algorithm

Type: fix
Ticket: VPP-1756

the block-size was set to 0 resulting in incorrect placement of the ESP
footer.

add tests for NULL encrypt + integ.

Change-Id: I8ab3afda8e68f9ff649540cba3f2cac68f12bbba
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 2cdcd0cf4004b2c0d1d3b891e381aac5735c21f1)
---
 test/template_ipsec.py        | 2 +-
 test/test_ipsec_esp.py        | 8 ++++++++
 test/test_ipsec_tun_if_esp.py | 8 ++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

(limited to 'test')

diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index c3fc8bd434f..a4f998ee84e 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -379,7 +379,7 @@ class IpsecTra4(object):
 
         # a malformed 'runt' packet
         #  created by a mis-constructed SA
-        if (ESP == self.encryption_type):
+        if (ESP == self.encryption_type and p.crypt_algo != "NULL"):
             bogus_sa = SecurityAssociation(self.encryption_type,
                                            p.vpp_tra_spi)
             pkt = (Ether(src=self.tra_if.remote_mac,
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index 26f83f16b92..77d22b95a33 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -424,6 +424,14 @@ class TestIpsecEspAll(ConfigIpsecESP,
                   'scapy-crypto': "3DES",
                   'scapy-integ': "HMAC-SHA1-96",
                   'salt': 0,
+                  'key': "JPjyOWBeVEQiMe7h00112233"},
+                 {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+                                 IPSEC_API_CRYPTO_ALG_NONE),
+                  'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+                                IPSEC_API_INTEG_ALG_SHA1_96),
+                  'scapy-crypto': "NULL",
+                  'scapy-integ': "HMAC-SHA1-96",
+                  'salt': 0,
                   'key': "JPjyOWBeVEQiMe7h00112233"}]
 
         # with and without ESN
diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py
index 5cf311ec9c5..00c1d143c30 100644
--- a/test/test_ipsec_tun_if_esp.py
+++ b/test/test_ipsec_tun_if_esp.py
@@ -411,6 +411,14 @@ class TestIpsec4TunIfEspAll(TemplateIpsec, IpsecTun4):
                   'scapy-crypto': "AES-CBC",
                   'scapy-integ': "HMAC-SHA1-96",
                   'salt': 0,
+                  'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"},
+                 {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+                                 IPSEC_API_CRYPTO_ALG_NONE),
+                  'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+                                IPSEC_API_INTEG_ALG_SHA1_96),
+                  'scapy-crypto': "NULL",
+                  'scapy-integ': "HMAC-SHA1-96",
+                  'salt': 0,
                   'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
 
         for engine in engines:
-- 
cgit 1.2.3-korg