Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 12989b538881f9681f078cf1485c51df1251877a / . / test / test_ipsec_esp.py
blob: 69b48ae8e13f6dfaa63272e409db32aee9525537 [file] [log] [blame]
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]1import socket
Klement Sekera28fb03f2018-04-17 11:36:55 +0200[diff] [blame]2import unittest
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]3from scapy.layers.ipsec import ESP
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]4from scapy.layers.inet import UDP
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]5
Neale Ranns00625a62019-07-31 00:13:18 -0700[diff] [blame]6from parameterized import parameterized
juraj.linkes11057662019-07-08 10:22:55 +0200[diff] [blame]7from framework import VppTestRunner
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]8from template_ipsec import IpsecTra46Tests, IpsecTun46Tests, TemplateIpsec, \
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]9 IpsecTcpTests, IpsecTun4Tests, IpsecTra4Tests, config_tra_params, \
Neale Ranns12989b52019-09-26 16:20:19 +0000[diff] [blame^]10 config_tun_params, IPsecIPv4Params, IPsecIPv6Params, \
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]11 IpsecTra4, IpsecTun4, IpsecTra6, IpsecTun6
Klement Sekerabf613952019-01-29 11:38:08 +0100[diff] [blame]12from vpp_ipsec import VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSA,\
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]13 VppIpsecSpdItfBinding
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]14from vpp_ip_route import VppIpRoute, VppRoutePath
15from vpp_ip import DpoProto
Neale Ranns17dcec02019-01-09 21:22:20 -0800[diff] [blame]16from vpp_papi import VppEnum
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]17
Neale Rannsc87b66c2019-02-07 07:26:12 -0800[diff] [blame]18NUM_PKTS = 67
19
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]20
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]21class ConfigIpsecESP(TemplateIpsec):
22 encryption_type = ESP
23 tra4_encrypt_node_name = "esp4-encrypt"
24 tra4_decrypt_node_name = "esp4-decrypt"
25 tra6_encrypt_node_name = "esp6-encrypt"
26 tra6_decrypt_node_name = "esp6-decrypt"
27 tun4_encrypt_node_name = "esp4-encrypt"
28 tun4_decrypt_node_name = "esp4-decrypt"
29 tun6_encrypt_node_name = "esp6-encrypt"
30 tun6_decrypt_node_name = "esp6-decrypt"
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]31
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]32 @classmethod
33 def setUpClass(cls):
34 super(ConfigIpsecESP, cls).setUpClass()
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]35
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]36 @classmethod
37 def tearDownClass(cls):
38 super(ConfigIpsecESP, cls).tearDownClass()
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]39
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]40 def setUp(self):
41 super(ConfigIpsecESP, self).setUp()
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]42
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]43 def tearDown(self):
44 super(ConfigIpsecESP, self).tearDown()
45
46 def config_network(self, params):
47 self.net_objs = []
48 self.tun_if = self.pg0
49 self.tra_if = self.pg2
50 self.logger.info(self.vapi.ppcli("show int addr"))
51
52 self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
53 self.tra_spd.add_vpp_config()
54 self.net_objs.append(self.tra_spd)
55 self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
56 self.tun_spd.add_vpp_config()
57 self.net_objs.append(self.tun_spd)
58
59 b = VppIpsecSpdItfBinding(self, self.tun_spd,
60 self.tun_if)
61 b.add_vpp_config()
62 self.net_objs.append(b)
63
64 b = VppIpsecSpdItfBinding(self, self.tra_spd,
65 self.tra_if)
66 b.add_vpp_config()
67 self.net_objs.append(b)
68
69 for p in params:
70 self.config_esp_tra(p)
71 config_tra_params(p, self.encryption_type)
72 for p in params:
73 self.config_esp_tun(p)
Neale Ranns12989b52019-09-26 16:20:19 +0000[diff] [blame^]74 config_tun_params(p, self.encryption_type, self.tun_if)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]75
76 for p in params:
77 d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4
78 r = VppIpRoute(self, p.remote_tun_if_host, p.addr_len,
79 [VppRoutePath(self.tun_if.remote_addr[p.addr_type],
80 0xffffffff,
Neale Ranns097fa662018-05-01 05:17:55 -0700[diff] [blame]81 proto=d)])
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]82 r.add_vpp_config()
83 self.net_objs.append(r)
84
85 self.logger.info(self.vapi.ppcli("show ipsec all"))
86
87 def unconfig_network(self):
88 for o in reversed(self.net_objs):
89 o.remove_vpp_config()
90 self.net_objs = []
91
92 def config_esp_tun(self, params):
93 addr_type = params.addr_type
94 scapy_tun_sa_id = params.scapy_tun_sa_id
95 scapy_tun_spi = params.scapy_tun_spi
96 vpp_tun_sa_id = params.vpp_tun_sa_id
97 vpp_tun_spi = params.vpp_tun_spi
98 auth_algo_vpp_id = params.auth_algo_vpp_id
99 auth_key = params.auth_key
100 crypt_algo_vpp_id = params.crypt_algo_vpp_id
101 crypt_key = params.crypt_key
102 remote_tun_if_host = params.remote_tun_if_host
103 addr_any = params.addr_any
104 addr_bcast = params.addr_bcast
105 e = VppEnum.vl_api_ipsec_spd_action_t
Neale Ranns49e7ef62019-04-10 17:24:29 +0000[diff] [blame]106 flags = params.flags
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]107 salt = params.salt
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]108 objs = []
109
110 params.tun_sa_in = VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi,
111 auth_algo_vpp_id, auth_key,
112 crypt_algo_vpp_id, crypt_key,
113 self.vpp_esp_protocol,
114 self.tun_if.local_addr[addr_type],
Neale Ranns49e7ef62019-04-10 17:24:29 +0000[diff] [blame]115 self.tun_if.remote_addr[addr_type],
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]116 flags=flags,
117 salt=salt)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]118 params.tun_sa_out = VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi,
119 auth_algo_vpp_id, auth_key,
120 crypt_algo_vpp_id, crypt_key,
121 self.vpp_esp_protocol,
122 self.tun_if.remote_addr[addr_type],
Neale Ranns49e7ef62019-04-10 17:24:29 +0000[diff] [blame]123 self.tun_if.local_addr[addr_type],
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]124 flags=flags,
125 salt=salt)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]126 objs.append(params.tun_sa_in)
127 objs.append(params.tun_sa_out)
128
129 params.spd_policy_in_any = VppIpsecSpdEntry(self, self.tun_spd,
130 scapy_tun_sa_id,
131 addr_any, addr_bcast,
132 addr_any, addr_bcast,
133 socket.IPPROTO_ESP)
134 params.spd_policy_out_any = VppIpsecSpdEntry(self, self.tun_spd,
135 scapy_tun_sa_id,
136 addr_any, addr_bcast,
137 addr_any, addr_bcast,
138 socket.IPPROTO_ESP,
139 is_outbound=0)
140 objs.append(params.spd_policy_out_any)
141 objs.append(params.spd_policy_in_any)
142
143 objs.append(VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
144 remote_tun_if_host, remote_tun_if_host,
145 self.pg1.remote_addr[addr_type],
146 self.pg1.remote_addr[addr_type],
147 0,
148 priority=10,
149 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
150 is_outbound=0))
151 objs.append(VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
152 self.pg1.remote_addr[addr_type],
153 self.pg1.remote_addr[addr_type],
154 remote_tun_if_host, remote_tun_if_host,
155 0,
156 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
157 priority=10))
158 objs.append(VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id,
159 remote_tun_if_host, remote_tun_if_host,
160 self.pg0.local_addr[addr_type],
161 self.pg0.local_addr[addr_type],
162 0,
163 priority=20,
164 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
165 is_outbound=0))
166 objs.append(VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id,
167 self.pg0.local_addr[addr_type],
168 self.pg0.local_addr[addr_type],
169 remote_tun_if_host, remote_tun_if_host,
170 0,
171 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
172 priority=20))
173 for o in objs:
174 o.add_vpp_config()
175 self.net_objs = self.net_objs + objs
176
177 def config_esp_tra(self, params):
178 addr_type = params.addr_type
179 scapy_tra_sa_id = params.scapy_tra_sa_id
180 scapy_tra_spi = params.scapy_tra_spi
181 vpp_tra_sa_id = params.vpp_tra_sa_id
182 vpp_tra_spi = params.vpp_tra_spi
183 auth_algo_vpp_id = params.auth_algo_vpp_id
184 auth_key = params.auth_key
185 crypt_algo_vpp_id = params.crypt_algo_vpp_id
186 crypt_key = params.crypt_key
187 addr_any = params.addr_any
188 addr_bcast = params.addr_bcast
189 flags = (VppEnum.vl_api_ipsec_sad_flags_t.
190 IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
191 e = VppEnum.vl_api_ipsec_spd_action_t
192 flags = params.flags | flags
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]193 salt = params.salt
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]194 objs = []
195
196 params.tra_sa_in = VppIpsecSA(self, scapy_tra_sa_id, scapy_tra_spi,
197 auth_algo_vpp_id, auth_key,
198 crypt_algo_vpp_id, crypt_key,
199 self.vpp_esp_protocol,
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]200 flags=flags,
201 salt=salt)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]202 params.tra_sa_out = VppIpsecSA(self, vpp_tra_sa_id, vpp_tra_spi,
203 auth_algo_vpp_id, auth_key,
204 crypt_algo_vpp_id, crypt_key,
205 self.vpp_esp_protocol,
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]206 flags=flags,
207 salt=salt)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]208 objs.append(params.tra_sa_in)
209 objs.append(params.tra_sa_out)
210
211 objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
212 addr_any, addr_bcast,
213 addr_any, addr_bcast,
214 socket.IPPROTO_ESP))
215 objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
216 addr_any, addr_bcast,
217 addr_any, addr_bcast,
218 socket.IPPROTO_ESP,
219 is_outbound=0))
220 objs.append(VppIpsecSpdEntry(self, self.tra_spd, vpp_tra_sa_id,
221 self.tra_if.local_addr[addr_type],
222 self.tra_if.local_addr[addr_type],
223 self.tra_if.remote_addr[addr_type],
224 self.tra_if.remote_addr[addr_type],
225 0, priority=10,
226 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
227 is_outbound=0))
228 objs.append(VppIpsecSpdEntry(self, self.tra_spd, scapy_tra_sa_id,
229 self.tra_if.local_addr[addr_type],
230 self.tra_if.local_addr[addr_type],
231 self.tra_if.remote_addr[addr_type],
232 self.tra_if.remote_addr[addr_type],
233 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT,
234 priority=10))
235 for o in objs:
236 o.add_vpp_config()
237 self.net_objs = self.net_objs + objs
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]238
239
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]240class TemplateIpsecEsp(ConfigIpsecESP):
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]241 """
242 Basic test for ipsec esp sanity - tunnel and transport modes.
243
244 Below 4 cases are covered as part of this test
245 1) ipsec esp v4 transport basic test - IPv4 Transport mode
Paul Vinciguerra8feeaff2019-03-27 11:25:48 -0700[diff] [blame]246 scenario using HMAC-SHA1-96 integrity algo
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]247 2) ipsec esp v4 transport burst test
248 Above test for 257 pkts
249 3) ipsec esp 4o4 tunnel basic test - IPv4 Tunnel mode
Paul Vinciguerra8feeaff2019-03-27 11:25:48 -0700[diff] [blame]250 scenario using HMAC-SHA1-96 integrity algo
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]251 4) ipsec esp 4o4 tunnel burst test
252 Above test for 257 pkts
253
254 TRANSPORT MODE:
255
256 --- encrypt ---
257 |pg2| <-------> |VPP|
258 --- decrypt ---
259
260 TUNNEL MODE:
261
262 --- encrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +0200[diff] [blame]263 |pg0| <------- |VPP| <------ |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]264 --- --- ---
265
266 --- decrypt --- plain ---
Klement Sekera4b089f22018-04-17 18:04:57 +0200[diff] [blame]267 |pg0| -------> |VPP| ------> |pg1|
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]268 --- --- ---
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]269 """
270
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]271 @classmethod
272 def setUpClass(cls):
273 super(TemplateIpsecEsp, cls).setUpClass()
274
275 @classmethod
276 def tearDownClass(cls):
277 super(TemplateIpsecEsp, cls).tearDownClass()
278
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]279 def setUp(self):
280 super(TemplateIpsecEsp, self).setUp()
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]281 self.config_network(self.params.values())
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]282
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]283 def tearDown(self):
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]284 self.unconfig_network()
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]285 super(TemplateIpsecEsp, self).tearDown()
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]286
Klement Sekera611864f2018-09-26 11:19:00 +0200[diff] [blame]287
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]288class TestIpsecEsp1(TemplateIpsecEsp, IpsecTra46Tests, IpsecTun46Tests):
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]289 """ Ipsec ESP - TUN & TRA tests """
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]290 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]291
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]292
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]293class TestIpsecEsp2(TemplateIpsecEsp, IpsecTcpTests):
294 """ Ipsec ESP - TCP tests """
295 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]296
297
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]298class TemplateIpsecEspUdp(ConfigIpsecESP):
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]299 """
300 UDP encapped ESP
301 """
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]302
303 @classmethod
304 def setUpClass(cls):
305 super(TemplateIpsecEspUdp, cls).setUpClass()
306
307 @classmethod
308 def tearDownClass(cls):
309 super(TemplateIpsecEspUdp, cls).tearDownClass()
310
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]311 def setUp(self):
312 super(TemplateIpsecEspUdp, self).setUp()
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]313 self.net_objs = []
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]314 self.tun_if = self.pg0
315 self.tra_if = self.pg2
316 self.logger.info(self.vapi.ppcli("show int addr"))
317
318 p = self.ipv4_params
319 p.flags = (VppEnum.vl_api_ipsec_sad_flags_t.
320 IPSEC_API_SAD_FLAG_UDP_ENCAP)
321 p.nat_header = UDP(sport=5454, dport=4500)
322
323 self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
324 self.tra_spd.add_vpp_config()
325 VppIpsecSpdItfBinding(self, self.tra_spd,
326 self.tra_if).add_vpp_config()
327
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]328 self.config_esp_tra(p)
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]329 config_tra_params(p, self.encryption_type)
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]330
331 self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
332 self.tun_spd.add_vpp_config()
333 VppIpsecSpdItfBinding(self, self.tun_spd,
334 self.tun_if).add_vpp_config()
335
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]336 self.config_esp_tun(p)
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]337 self.logger.info(self.vapi.ppcli("show ipsec all"))
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]338
339 d = DpoProto.DPO_PROTO_IP4
340 VppIpRoute(self, p.remote_tun_if_host, p.addr_len,
341 [VppRoutePath(self.tun_if.remote_addr[p.addr_type],
342 0xffffffff,
343 proto=d)]).add_vpp_config()
344
345 def tearDown(self):
346 super(TemplateIpsecEspUdp, self).tearDown()
Paul Vinciguerra90cf21b2019-03-13 09:23:05 -0700[diff] [blame]347
348 def show_commands_at_teardown(self):
349 self.logger.info(self.vapi.cli("show hardware"))
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]350
351
Neale Ranns49e7ef62019-04-10 17:24:29 +0000[diff] [blame]352class TestIpsecEspUdp(TemplateIpsecEspUdp, IpsecTra4Tests):
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]353 """ Ipsec NAT-T ESP UDP tests """
Neale Ranns53f526b2019-02-25 14:32:02 +0000[diff] [blame]354 pass
355
356
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]357class MyParameters():
358 def __init__(self):
359 self.engines = ["ia32", "ipsecmb", "openssl"]
360 flag_esn = VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN
361 self.flags = [0, flag_esn]
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]362 # foreach crypto algorithm
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]363 self.algos = {
364 'AES-GCM-128/NONE': {
365 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]366 IPSEC_API_CRYPTO_ALG_AES_GCM_128),
367 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
368 IPSEC_API_INTEG_ALG_NONE),
369 'scapy-crypto': "AES-GCM",
370 'scapy-integ': "NULL",
Ole Troan64e978b2019-10-17 21:40:36 +0200[diff] [blame]371 'key': b"JPjyOWBeVEQiMe7h",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]372 'salt': 0},
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]373 'AES-GCM-192/NONE': {
374 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]375 IPSEC_API_CRYPTO_ALG_AES_GCM_192),
376 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
377 IPSEC_API_INTEG_ALG_NONE),
378 'scapy-crypto': "AES-GCM",
379 'scapy-integ': "NULL",
Ole Troan64e978b2019-10-17 21:40:36 +0200[diff] [blame]380 'key': b"JPjyOWBeVEQiMe7h01234567",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]381 'salt': 1010},
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]382 'AES-GCM-256/NONE': {
383 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]384 IPSEC_API_CRYPTO_ALG_AES_GCM_256),
385 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
386 IPSEC_API_INTEG_ALG_NONE),
387 'scapy-crypto': "AES-GCM",
388 'scapy-integ': "NULL",
Ole Troan64e978b2019-10-17 21:40:36 +0200[diff] [blame]389 'key': b"JPjyOWBeVEQiMe7h0123456787654321",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]390 'salt': 2020},
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]391 'AES-CBC-128/MD5-96': {
392 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]393 IPSEC_API_CRYPTO_ALG_AES_CBC_128),
394 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
Dmitry Vakhrushev77cc14a2019-08-14 00:12:33 -0400[diff] [blame]395 IPSEC_API_INTEG_ALG_MD5_96),
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]396 'scapy-crypto': "AES-CBC",
Dmitry Vakhrushev77cc14a2019-08-14 00:12:33 -0400[diff] [blame]397 'scapy-integ': "HMAC-MD5-96",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]398 'salt': 0,
Ole Troan64e978b2019-10-17 21:40:36 +0200[diff] [blame]399 'key': b"JPjyOWBeVEQiMe7h"},
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]400 'AES-CBC-192/SHA1-96': {
401 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]402 IPSEC_API_CRYPTO_ALG_AES_CBC_192),
403 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
404 IPSEC_API_INTEG_ALG_SHA1_96),
405 'scapy-crypto': "AES-CBC",
406 'scapy-integ': "HMAC-SHA1-96",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]407 'salt': 0,
Ole Troan64e978b2019-10-17 21:40:36 +0200[diff] [blame]408 'key': b"JPjyOWBeVEQiMe7hJPjyOWBe"},
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]409 'AES-CBC-256/SHA1-96': {
410 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
Neale Ranns47feb112019-04-11 15:14:07 +0000[diff] [blame]411 IPSEC_API_CRYPTO_ALG_AES_CBC_256),
412 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
413 IPSEC_API_INTEG_ALG_SHA1_96),
414 'scapy-crypto': "AES-CBC",
415 'scapy-integ': "HMAC-SHA1-96",
Neale Ranns80f6fd52019-04-16 02:41:34 +0000[diff] [blame]416 'salt': 0,
Ole Troan64e978b2019-10-17 21:40:36 +0200[diff] [blame]417 'key': b"JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"},
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]418 '3DES-CBC/SHA1-96': {
419 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
Vladimir Ratnikovf4805072019-05-17 09:17:59 -0400[diff] [blame]420 IPSEC_API_CRYPTO_ALG_3DES_CBC),
421 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
422 IPSEC_API_INTEG_ALG_SHA1_96),
423 'scapy-crypto': "3DES",
424 'scapy-integ': "HMAC-SHA1-96",
425 'salt': 0,
Ole Troan64e978b2019-10-17 21:40:36 +0200[diff] [blame]426 'key': b"JPjyOWBeVEQiMe7h00112233"},
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]427 'NONE/SHA1-96': {
428 'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
Neale Ranns2cdcd0c2019-08-27 12:26:14 +0000[diff] [blame]429 IPSEC_API_CRYPTO_ALG_NONE),
430 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
431 IPSEC_API_INTEG_ALG_SHA1_96),
432 'scapy-crypto': "NULL",
433 'scapy-integ': "HMAC-SHA1-96",
434 'salt': 0,
Ole Troan64e978b2019-10-17 21:40:36 +0200[diff] [blame]435 'key': b"JPjyOWBeVEQiMe7h00112233"}}
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]436
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]437
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]438class RunTestIpsecEspAll(ConfigIpsecESP,
439 IpsecTra4, IpsecTra6,
440 IpsecTun4, IpsecTun6):
441 """ Ipsec ESP all Algos """
442
443 def setUp(self):
444 super(RunTestIpsecEspAll, self).setUp()
445 test_args = str.split(self.__doc__, " ")
446
447 params = MyParameters()
448 self.engine = test_args[0]
449 self.flag = params.flags[0]
450 if test_args[1] == 'ESN':
451 self.flag = params.flags[1]
452
453 self.algo = params.algos[test_args[2]]
454
455 def tearDown(self):
456 super(RunTestIpsecEspAll, self).tearDown()
457
458 def run_test(self):
459 self.run_a_test(self.engine, self.flag, self.algo)
460
461 def run_a_test(self, engine, flag, algo):
Neale Ranns00625a62019-07-31 00:13:18 -0700[diff] [blame]462 self.vapi.cli("set crypto handler all %s" % engine)
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]463
464 self.ipv4_params = IPsecIPv4Params()
465 self.ipv6_params = IPsecIPv6Params()
466
467 self.params = {self.ipv4_params.addr_type:
468 self.ipv4_params,
469 self.ipv6_params.addr_type:
470 self.ipv6_params}
471
472 for _, p in self.params.items():
473 p.auth_algo_vpp_id = algo['vpp-integ']
474 p.crypt_algo_vpp_id = algo['vpp-crypto']
475 p.crypt_algo = algo['scapy-crypto']
476 p.auth_algo = algo['scapy-integ']
477 p.crypt_key = algo['key']
478 p.salt = algo['salt']
479 p.flags = p.flags | flag
480
481 self.reporter.send_keep_alive(self)
482
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]483 #
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]484 # configure the SPDs. SAs, etc
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]485 #
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]486 self.config_network(self.params.values())
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]487
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]488 #
489 # run some traffic.
490 # An exhautsive 4o6, 6o4 is not necessary
491 # for each algo
492 #
493 self.verify_tra_basic6(count=NUM_PKTS)
494 self.verify_tra_basic4(count=NUM_PKTS)
495 self.verify_tun_66(self.params[socket.AF_INET6],
496 count=NUM_PKTS)
497 self.verify_tun_44(self.params[socket.AF_INET],
498 count=NUM_PKTS)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]499
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]500 #
501 # remove the SPDs, SAs, etc
502 #
503 self.unconfig_network()
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]504
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]505 #
506 # reconfigure the network and SA to run the
507 # anti replay tests
508 #
509 self.config_network(self.params.values())
510 self.verify_tra_anti_replay()
511 self.unconfig_network()
juraj.linkes11057662019-07-08 10:22:55 +0200[diff] [blame]512
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]513#
514# To generate test classes, do:
515# grep '# GEN' test_ipsec_esp.py | sed -e 's/# GEN //g' | bash
516#
517# GEN for ENG in ia32 ipsecmb openssl; do \
518# GEN for FLG in noESN ESN; do for ALG in AES-GCM-128/NONE \
519# GEN AES-GCM-192/NONE AES-GCM-256/NONE AES-CBC-128/MD5-96 \
520# GEN AES-CBC-192/SHA1-96 AES-CBC-256/SHA1-96 \
521# GEN 3DES-CBC/SHA1-96 NONE/SHA1-96; do \
522# GEN echo -e "\n\nclass Test_${ENG}_${FLG}_${ALG}(RunTestIpsecEspAll):" |
523# GEN sed -e 's/-/_/g' -e 's#/#_#g' ; \
524# GEN echo ' """'$ENG $FLG $ALG IPSec test'"""' ;
525# GEN echo " def test_ipsec(self):";
526# GEN echo " self.run_test()";
527# GEN done; done; done
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]528
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]529
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]530class Test_ia32_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
531 """ia32 noESN AES-GCM-128/NONE IPSec test"""
532 def test_ipsec(self):
533 self.run_test()
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]534
Andrew Yourtchenkofbc38892019-09-09 11:14:59 +0000[diff] [blame]535
536class Test_ia32_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
537 """ia32 noESN AES-GCM-192/NONE IPSec test"""
538 def test_ipsec(self):
539 self.run_test()
540
541
542class Test_ia32_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
543 """ia32 noESN AES-GCM-256/NONE IPSec test"""
544 def test_ipsec(self):
545 self.run_test()
546
547
548class Test_ia32_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
549 """ia32 noESN AES-CBC-128/MD5-96 IPSec test"""
550 def test_ipsec(self):
551 self.run_test()
552
553
554class Test_ia32_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
555 """ia32 noESN AES-CBC-192/SHA1-96 IPSec test"""
556 def test_ipsec(self):
557 self.run_test()
558
559
560class Test_ia32_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
561 """ia32 noESN AES-CBC-256/SHA1-96 IPSec test"""
562 def test_ipsec(self):
563 self.run_test()
564
565
566class Test_ia32_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
567 """ia32 noESN 3DES-CBC/SHA1-96 IPSec test"""
568 def test_ipsec(self):
569 self.run_test()
570
571
572class Test_ia32_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
573 """ia32 noESN NONE/SHA1-96 IPSec test"""
574 def test_ipsec(self):
575 self.run_test()
576
577
578class Test_ia32_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
579 """ia32 ESN AES-GCM-128/NONE IPSec test"""
580 def test_ipsec(self):
581 self.run_test()
582
583
584class Test_ia32_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
585 """ia32 ESN AES-GCM-192/NONE IPSec test"""
586 def test_ipsec(self):
587 self.run_test()
588
589
590class Test_ia32_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
591 """ia32 ESN AES-GCM-256/NONE IPSec test"""
592 def test_ipsec(self):
593 self.run_test()
594
595
596class Test_ia32_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
597 """ia32 ESN AES-CBC-128/MD5-96 IPSec test"""
598 def test_ipsec(self):
599 self.run_test()
600
601
602class Test_ia32_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
603 """ia32 ESN AES-CBC-192/SHA1-96 IPSec test"""
604 def test_ipsec(self):
605 self.run_test()
606
607
608class Test_ia32_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
609 """ia32 ESN AES-CBC-256/SHA1-96 IPSec test"""
610 def test_ipsec(self):
611 self.run_test()
612
613
614class Test_ia32_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
615 """ia32 ESN 3DES-CBC/SHA1-96 IPSec test"""
616 def test_ipsec(self):
617 self.run_test()
618
619
620class Test_ia32_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
621 """ia32 ESN NONE/SHA1-96 IPSec test"""
622 def test_ipsec(self):
623 self.run_test()
624
625
626class Test_ipsecmb_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
627 """ipsecmb noESN AES-GCM-128/NONE IPSec test"""
628 def test_ipsec(self):
629 self.run_test()
630
631
632class Test_ipsecmb_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
633 """ipsecmb noESN AES-GCM-192/NONE IPSec test"""
634 def test_ipsec(self):
635 self.run_test()
636
637
638class Test_ipsecmb_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
639 """ipsecmb noESN AES-GCM-256/NONE IPSec test"""
640 def test_ipsec(self):
641 self.run_test()
642
643
644class Test_ipsecmb_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
645 """ipsecmb noESN AES-CBC-128/MD5-96 IPSec test"""
646 def test_ipsec(self):
647 self.run_test()
648
649
650class Test_ipsecmb_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
651 """ipsecmb noESN AES-CBC-192/SHA1-96 IPSec test"""
652 def test_ipsec(self):
653 self.run_test()
654
655
656class Test_ipsecmb_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
657 """ipsecmb noESN AES-CBC-256/SHA1-96 IPSec test"""
658 def test_ipsec(self):
659 self.run_test()
660
661
662class Test_ipsecmb_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
663 """ipsecmb noESN 3DES-CBC/SHA1-96 IPSec test"""
664 def test_ipsec(self):
665 self.run_test()
666
667
668class Test_ipsecmb_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
669 """ipsecmb noESN NONE/SHA1-96 IPSec test"""
670 def test_ipsec(self):
671 self.run_test()
672
673
674class Test_ipsecmb_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
675 """ipsecmb ESN AES-GCM-128/NONE IPSec test"""
676 def test_ipsec(self):
677 self.run_test()
678
679
680class Test_ipsecmb_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
681 """ipsecmb ESN AES-GCM-192/NONE IPSec test"""
682 def test_ipsec(self):
683 self.run_test()
684
685
686class Test_ipsecmb_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
687 """ipsecmb ESN AES-GCM-256/NONE IPSec test"""
688 def test_ipsec(self):
689 self.run_test()
690
691
692class Test_ipsecmb_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
693 """ipsecmb ESN AES-CBC-128/MD5-96 IPSec test"""
694 def test_ipsec(self):
695 self.run_test()
696
697
698class Test_ipsecmb_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
699 """ipsecmb ESN AES-CBC-192/SHA1-96 IPSec test"""
700 def test_ipsec(self):
701 self.run_test()
702
703
704class Test_ipsecmb_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
705 """ipsecmb ESN AES-CBC-256/SHA1-96 IPSec test"""
706 def test_ipsec(self):
707 self.run_test()
708
709
710class Test_ipsecmb_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
711 """ipsecmb ESN 3DES-CBC/SHA1-96 IPSec test"""
712 def test_ipsec(self):
713 self.run_test()
714
715
716class Test_ipsecmb_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
717 """ipsecmb ESN NONE/SHA1-96 IPSec test"""
718 def test_ipsec(self):
719 self.run_test()
720
721
722class Test_openssl_noESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
723 """openssl noESN AES-GCM-128/NONE IPSec test"""
724 def test_ipsec(self):
725 self.run_test()
726
727
728class Test_openssl_noESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
729 """openssl noESN AES-GCM-192/NONE IPSec test"""
730 def test_ipsec(self):
731 self.run_test()
732
733
734class Test_openssl_noESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
735 """openssl noESN AES-GCM-256/NONE IPSec test"""
736 def test_ipsec(self):
737 self.run_test()
738
739
740class Test_openssl_noESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
741 """openssl noESN AES-CBC-128/MD5-96 IPSec test"""
742 def test_ipsec(self):
743 self.run_test()
744
745
746class Test_openssl_noESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
747 """openssl noESN AES-CBC-192/SHA1-96 IPSec test"""
748 def test_ipsec(self):
749 self.run_test()
750
751
752class Test_openssl_noESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
753 """openssl noESN AES-CBC-256/SHA1-96 IPSec test"""
754 def test_ipsec(self):
755 self.run_test()
756
757
758class Test_openssl_noESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
759 """openssl noESN 3DES-CBC/SHA1-96 IPSec test"""
760 def test_ipsec(self):
761 self.run_test()
762
763
764class Test_openssl_noESN_NONE_SHA1_96(RunTestIpsecEspAll):
765 """openssl noESN NONE/SHA1-96 IPSec test"""
766 def test_ipsec(self):
767 self.run_test()
768
769
770class Test_openssl_ESN_AES_GCM_128_NONE(RunTestIpsecEspAll):
771 """openssl ESN AES-GCM-128/NONE IPSec test"""
772 def test_ipsec(self):
773 self.run_test()
774
775
776class Test_openssl_ESN_AES_GCM_192_NONE(RunTestIpsecEspAll):
777 """openssl ESN AES-GCM-192/NONE IPSec test"""
778 def test_ipsec(self):
779 self.run_test()
780
781
782class Test_openssl_ESN_AES_GCM_256_NONE(RunTestIpsecEspAll):
783 """openssl ESN AES-GCM-256/NONE IPSec test"""
784 def test_ipsec(self):
785 self.run_test()
786
787
788class Test_openssl_ESN_AES_CBC_128_MD5_96(RunTestIpsecEspAll):
789 """openssl ESN AES-CBC-128/MD5-96 IPSec test"""
790 def test_ipsec(self):
791 self.run_test()
792
793
794class Test_openssl_ESN_AES_CBC_192_SHA1_96(RunTestIpsecEspAll):
795 """openssl ESN AES-CBC-192/SHA1-96 IPSec test"""
796 def test_ipsec(self):
797 self.run_test()
798
799
800class Test_openssl_ESN_AES_CBC_256_SHA1_96(RunTestIpsecEspAll):
801 """openssl ESN AES-CBC-256/SHA1-96 IPSec test"""
802 def test_ipsec(self):
803 self.run_test()
804
805
806class Test_openssl_ESN_3DES_CBC_SHA1_96(RunTestIpsecEspAll):
807 """openssl ESN 3DES-CBC/SHA1-96 IPSec test"""
808 def test_ipsec(self):
809 self.run_test()
810
811
812class Test_openssl_ESN_NONE_SHA1_96(RunTestIpsecEspAll):
813 """openssl ESN NONE/SHA1-96 IPSec test"""
814 def test_ipsec(self):
815 self.run_test()
Neale Ranns6afaae12019-07-17 15:07:14 +0000[diff] [blame]816
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]817
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]818if __name__ == '__main__':
819 unittest.main(testRunner=VppTestRunner)