Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 818806062cd36a816fd778c6993d20d442d3d3ac / . / test / test_ipsec_ah.py
blob: b23dd3f84f9f310e8d28341046c58e553749a692 [file] [log] [blame]
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]1import socket
Klement Sekera28fb03f2018-04-17 11:36:55 +0200[diff] [blame]2import unittest
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]3
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]4from scapy.layers.ipsec import AH
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]5from scapy.layers.inet import IP, UDP
6from scapy.layers.inet6 import IPv6
7from scapy.layers.l2 import Ether
8from scapy.packet import Raw
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]9
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]10from framework import VppTestRunner
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]11from template_ipsec import (
12 TemplateIpsec,
13 IpsecTra46Tests,
14 IpsecTun46Tests,
15 config_tun_params,
16 config_tra_params,
17 IPsecIPv4Params,
18 IPsecIPv6Params,
19 IpsecTra4,
20 IpsecTun4,
21 IpsecTra6,
22 IpsecTun6,
23 IpsecTun6HandoffTests,
24 IpsecTun4HandoffTests,
25)
Klement Sekera31da2e32018-06-24 22:49:55 +0200[diff] [blame]26from template_ipsec import IpsecTcpTests
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]27from vpp_ipsec import VppIpsecSA, VppIpsecSpd, VppIpsecSpdEntry, VppIpsecSpdItfBinding
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]28from vpp_ip_route import VppIpRoute, VppRoutePath
29from vpp_ip import DpoProto
Neale Ranns17dcec02019-01-09 21:22:20 -0800[diff] [blame]30from vpp_papi import VppEnum
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]31
32
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]33class ConfigIpsecAH(TemplateIpsec):
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]34 """
35 Basic test for IPSEC using AH transport and Tunnel mode
36
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]37 TRANSPORT MODE::
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]38
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]39 --- encrypt ---
40 |pg2| <-------> |VPP|
41 --- decrypt ---
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]42
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]43 TUNNEL MODE::
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]44
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]45 --- encrypt --- plain ---
46 |pg0| <------- |VPP| <------ |pg1|
47 --- --- ---
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]48
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]49 --- decrypt --- plain ---
50 |pg0| -------> |VPP| ------> |pg1|
51 --- --- ---
52
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]53 """
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]54
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]55 encryption_type = AH
56 net_objs = []
57 tra4_encrypt_node_name = "ah4-encrypt"
Neale Ranns8c609af2021-02-25 10:05:32 +0000[diff] [blame]58 tra4_decrypt_node_name = ["ah4-decrypt", "ah4-decrypt"]
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]59 tra6_encrypt_node_name = "ah6-encrypt"
Neale Ranns8c609af2021-02-25 10:05:32 +0000[diff] [blame]60 tra6_decrypt_node_name = ["ah6-decrypt", "ah6-decrypt"]
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]61 tun4_encrypt_node_name = "ah4-encrypt"
Neale Ranns8c609af2021-02-25 10:05:32 +0000[diff] [blame]62 tun4_decrypt_node_name = ["ah4-decrypt", "ah4-decrypt"]
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]63 tun6_encrypt_node_name = "ah6-encrypt"
Neale Ranns8c609af2021-02-25 10:05:32 +0000[diff] [blame]64 tun6_decrypt_node_name = ["ah6-decrypt", "ah6-decrypt"]
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]65
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]66 @classmethod
67 def setUpClass(cls):
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]68 super(ConfigIpsecAH, cls).setUpClass()
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]69
70 @classmethod
71 def tearDownClass(cls):
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]72 super(ConfigIpsecAH, cls).tearDownClass()
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]73
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]74 def setUp(self):
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]75 super(ConfigIpsecAH, self).setUp()
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]76
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]77 def tearDown(self):
78 super(ConfigIpsecAH, self).tearDown()
79
80 def config_network(self, params):
81 self.net_objs = []
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]82 self.tun_if = self.pg0
83 self.tra_if = self.pg2
84 self.logger.info(self.vapi.ppcli("show int addr"))
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]85
86 self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
87 self.tra_spd.add_vpp_config()
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]88 self.net_objs.append(self.tra_spd)
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]89 self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
90 self.tun_spd.add_vpp_config()
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]91 self.net_objs.append(self.tun_spd)
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]92
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]93 b = VppIpsecSpdItfBinding(self, self.tra_spd, self.tra_if)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]94 b.add_vpp_config()
95 self.net_objs.append(b)
96
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]97 b = VppIpsecSpdItfBinding(self, self.tun_spd, self.tun_if)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]98 b.add_vpp_config()
99 self.net_objs.append(b)
100
101 for p in params:
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]102 self.config_ah_tra(p)
Neale Ranns2ac885c2019-03-20 18:24:43 +0000[diff] [blame]103 config_tra_params(p, self.encryption_type)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]104 for p in params:
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]105 self.config_ah_tun(p)
Neale Ranns12989b52019-09-26 16:20:19 +0000[diff] [blame]106 config_tun_params(p, self.encryption_type, self.tun_if)
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]107 for p in params:
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]108 d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]109 r = VppIpRoute(
110 self,
111 p.remote_tun_if_host,
112 p.addr_len,
113 [
114 VppRoutePath(
115 self.tun_if.remote_addr[p.addr_type], 0xFFFFFFFF, proto=d
116 )
117 ],
118 )
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]119 r.add_vpp_config()
120 self.net_objs.append(r)
121 self.logger.info(self.vapi.ppcli("show ipsec all"))
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]122
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]123 def unconfig_network(self):
124 for o in reversed(self.net_objs):
125 o.remove_vpp_config()
126 self.net_objs = []
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]127
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]128 def config_ah_tun(self, params):
129 addr_type = params.addr_type
130 scapy_tun_sa_id = params.scapy_tun_sa_id
131 scapy_tun_spi = params.scapy_tun_spi
132 vpp_tun_sa_id = params.vpp_tun_sa_id
133 vpp_tun_spi = params.vpp_tun_spi
134 auth_algo_vpp_id = params.auth_algo_vpp_id
135 auth_key = params.auth_key
136 crypt_algo_vpp_id = params.crypt_algo_vpp_id
137 crypt_key = params.crypt_key
138 remote_tun_if_host = params.remote_tun_if_host
139 addr_any = params.addr_any
140 addr_bcast = params.addr_bcast
Neale Ranns3833ffd2019-03-21 14:34:09 +0000[diff] [blame]141 flags = params.flags
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]142 tun_flags = params.tun_flags
Neale Ranns17dcec02019-01-09 21:22:20 -0800[diff] [blame]143 e = VppEnum.vl_api_ipsec_spd_action_t
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]144 objs = []
Neale Ranns9ec846c2021-02-09 14:04:02 +0000[diff] [blame]145 params.outer_hop_limit = 253
146 params.outer_flow_label = 0x12345
Neale Ranns17dcec02019-01-09 21:22:20 -0800[diff] [blame]147
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]148 params.tun_sa_in = VppIpsecSA(
149 self,
150 scapy_tun_sa_id,
151 scapy_tun_spi,
152 auth_algo_vpp_id,
153 auth_key,
154 crypt_algo_vpp_id,
155 crypt_key,
156 self.vpp_ah_protocol,
157 self.tun_if.local_addr[addr_type],
158 self.tun_if.remote_addr[addr_type],
159 tun_flags=tun_flags,
160 flags=flags,
161 dscp=params.dscp,
162 )
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]163
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]164 params.tun_sa_out = VppIpsecSA(
165 self,
166 vpp_tun_sa_id,
167 vpp_tun_spi,
168 auth_algo_vpp_id,
169 auth_key,
170 crypt_algo_vpp_id,
171 crypt_key,
172 self.vpp_ah_protocol,
173 self.tun_if.remote_addr[addr_type],
174 self.tun_if.local_addr[addr_type],
175 tun_flags=tun_flags,
176 flags=flags,
177 dscp=params.dscp,
178 )
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]179
180 objs.append(params.tun_sa_in)
181 objs.append(params.tun_sa_out)
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]182
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]183 params.spd_policy_in_any = VppIpsecSpdEntry(
184 self,
185 self.tun_spd,
186 vpp_tun_sa_id,
187 addr_any,
188 addr_bcast,
189 addr_any,
190 addr_bcast,
191 socket.IPPROTO_AH,
192 )
193 params.spd_policy_out_any = VppIpsecSpdEntry(
194 self,
195 self.tun_spd,
196 vpp_tun_sa_id,
197 addr_any,
198 addr_bcast,
199 addr_any,
200 addr_bcast,
201 socket.IPPROTO_AH,
202 is_outbound=0,
203 )
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]204
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]205 objs.append(params.spd_policy_out_any)
206 objs.append(params.spd_policy_in_any)
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]207
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]208 e1 = VppIpsecSpdEntry(
209 self,
210 self.tun_spd,
211 vpp_tun_sa_id,
212 remote_tun_if_host,
213 remote_tun_if_host,
214 self.pg1.remote_addr[addr_type],
215 self.pg1.remote_addr[addr_type],
Piotr Bronowski815c6a42022-06-09 09:09:28 +0000[diff] [blame]216 socket.IPPROTO_RAW,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]217 priority=10,
218 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
219 is_outbound=0,
220 )
221 e2 = VppIpsecSpdEntry(
222 self,
223 self.tun_spd,
224 scapy_tun_sa_id,
225 self.pg1.remote_addr[addr_type],
226 self.pg1.remote_addr[addr_type],
227 remote_tun_if_host,
228 remote_tun_if_host,
Piotr Bronowski815c6a42022-06-09 09:09:28 +0000[diff] [blame]229 socket.IPPROTO_RAW,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]230 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
231 priority=10,
232 )
233 e3 = VppIpsecSpdEntry(
234 self,
235 self.tun_spd,
236 vpp_tun_sa_id,
237 remote_tun_if_host,
238 remote_tun_if_host,
239 self.pg0.local_addr[addr_type],
240 self.pg0.local_addr[addr_type],
Piotr Bronowski815c6a42022-06-09 09:09:28 +0000[diff] [blame]241 socket.IPPROTO_RAW,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]242 priority=20,
243 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
244 is_outbound=0,
245 )
246 e4 = VppIpsecSpdEntry(
247 self,
248 self.tun_spd,
249 scapy_tun_sa_id,
250 self.pg0.local_addr[addr_type],
251 self.pg0.local_addr[addr_type],
252 remote_tun_if_host,
253 remote_tun_if_host,
Piotr Bronowski815c6a42022-06-09 09:09:28 +0000[diff] [blame]254 socket.IPPROTO_RAW,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]255 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
256 priority=20,
257 )
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]258
259 objs = objs + [e1, e2, e3, e4]
260
261 for o in objs:
262 o.add_vpp_config()
263
264 self.net_objs = self.net_objs + objs
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]265
266 def config_ah_tra(self, params):
267 addr_type = params.addr_type
268 scapy_tra_sa_id = params.scapy_tra_sa_id
269 scapy_tra_spi = params.scapy_tra_spi
270 vpp_tra_sa_id = params.vpp_tra_sa_id
271 vpp_tra_spi = params.vpp_tra_spi
272 auth_algo_vpp_id = params.auth_algo_vpp_id
273 auth_key = params.auth_key
274 crypt_algo_vpp_id = params.crypt_algo_vpp_id
275 crypt_key = params.crypt_key
276 addr_any = params.addr_any
277 addr_bcast = params.addr_bcast
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]278 flags = params.flags | (
279 VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY
280 )
Neale Ranns17dcec02019-01-09 21:22:20 -0800[diff] [blame]281 e = VppEnum.vl_api_ipsec_spd_action_t
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]282 objs = []
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]283
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]284 params.tra_sa_in = VppIpsecSA(
285 self,
286 scapy_tra_sa_id,
287 scapy_tra_spi,
288 auth_algo_vpp_id,
289 auth_key,
290 crypt_algo_vpp_id,
291 crypt_key,
292 self.vpp_ah_protocol,
293 flags=flags,
294 )
295 params.tra_sa_out = VppIpsecSA(
296 self,
297 vpp_tra_sa_id,
298 vpp_tra_spi,
299 auth_algo_vpp_id,
300 auth_key,
301 crypt_algo_vpp_id,
302 crypt_key,
303 self.vpp_ah_protocol,
304 flags=flags,
305 )
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]306
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]307 objs.append(params.tra_sa_in)
308 objs.append(params.tra_sa_out)
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]309
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]310 objs.append(
311 VppIpsecSpdEntry(
312 self,
313 self.tra_spd,
314 vpp_tra_sa_id,
315 addr_any,
316 addr_bcast,
317 addr_any,
318 addr_bcast,
319 socket.IPPROTO_AH,
320 )
321 )
322 objs.append(
323 VppIpsecSpdEntry(
324 self,
325 self.tra_spd,
326 scapy_tra_sa_id,
327 addr_any,
328 addr_bcast,
329 addr_any,
330 addr_bcast,
331 socket.IPPROTO_AH,
332 is_outbound=0,
333 )
334 )
335 objs.append(
336 VppIpsecSpdEntry(
337 self,
338 self.tra_spd,
339 vpp_tra_sa_id,
340 self.tra_if.local_addr[addr_type],
341 self.tra_if.local_addr[addr_type],
342 self.tra_if.remote_addr[addr_type],
343 self.tra_if.remote_addr[addr_type],
Piotr Bronowski815c6a42022-06-09 09:09:28 +0000[diff] [blame]344 socket.IPPROTO_RAW,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]345 priority=10,
346 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
347 is_outbound=0,
348 )
349 )
350 objs.append(
351 VppIpsecSpdEntry(
352 self,
353 self.tra_spd,
354 scapy_tra_sa_id,
355 self.tra_if.local_addr[addr_type],
356 self.tra_if.local_addr[addr_type],
357 self.tra_if.remote_addr[addr_type],
358 self.tra_if.remote_addr[addr_type],
Piotr Bronowski815c6a42022-06-09 09:09:28 +0000[diff] [blame]359 socket.IPPROTO_RAW,
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]360 policy=e.IPSEC_API_SPD_ACTION_PROTECT,
361 priority=10,
362 )
363 )
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]364
365 for o in objs:
366 o.add_vpp_config()
367 self.net_objs = self.net_objs + objs
368
369
370class TemplateIpsecAh(ConfigIpsecAH):
371 """
372 Basic test for IPSEC using AH transport and Tunnel mode
373
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]374 TRANSPORT MODE::
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]375
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]376 --- encrypt ---
377 |pg2| <-------> |VPP|
378 --- decrypt ---
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]379
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]380 TUNNEL MODE::
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]381
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]382 --- encrypt --- plain ---
383 |pg0| <------- |VPP| <------ |pg1|
384 --- --- ---
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]385
Dave Wallaced1706812021-08-12 18:36:02 -0400[diff] [blame]386 --- decrypt --- plain ---
387 |pg0| -------> |VPP| ------> |pg1|
388 --- --- ---
389
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]390 """
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]391
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]392 @classmethod
393 def setUpClass(cls):
394 super(TemplateIpsecAh, cls).setUpClass()
395
396 @classmethod
397 def tearDownClass(cls):
398 super(TemplateIpsecAh, cls).tearDownClass()
399
400 def setUp(self):
401 super(TemplateIpsecAh, self).setUp()
402 self.config_network(self.params.values())
403
404 def tearDown(self):
405 self.unconfig_network()
406 super(TemplateIpsecAh, self).tearDown()
Neale Ranns311124e2019-01-24 04:52:25 -0800[diff] [blame]407
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]408
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]409class TestIpsecAh1(TemplateIpsecAh, IpsecTcpTests):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]410 """Ipsec AH - TCP tests"""
411
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]412 pass
413
414
415class TestIpsecAh2(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]416 """Ipsec AH w/ SHA1"""
417
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]418 pass
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]419
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]420
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]421class TestIpsecAhTun(TemplateIpsecAh, IpsecTun46Tests):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]422 """Ipsec AH - TUN encap tests"""
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]423
424 def setUp(self):
425 self.ipv4_params = IPsecIPv4Params()
426 self.ipv6_params = IPsecIPv6Params()
427
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]428 c = (
429 VppEnum.vl_api_tunnel_encap_decap_flags_t.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP
430 )
431 c1 = c | (
432 VppEnum.vl_api_tunnel_encap_decap_flags_t.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN
433 )
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]434
435 self.ipv4_params.tun_flags = c
436 self.ipv6_params.tun_flags = c1
437
438 super(TestIpsecAhTun, self).setUp()
439
440 def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54):
441 # set the DSCP + ECN - flags are set to copy only DSCP
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]442 return [
443 Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac)
444 / IP(src=src, dst=dst, tos=5)
445 / UDP(sport=4444, dport=4444)
446 / Raw(b"X" * payload_size)
447 for i in range(count)
448 ]
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]449
Neale Ranns9ec846c2021-02-09 14:04:02 +0000[diff] [blame]450 def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]451 # set the DSCP + ECN - flags are set to copy both
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]452 return [
453 Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac)
454 / IPv6(src=src, dst=dst, tc=5)
455 / UDP(sport=4444, dport=4444)
456 / Raw(b"X" * payload_size)
457 for i in range(count)
458 ]
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]459
460 def verify_encrypted(self, p, sa, rxs):
461 # just check that only the DSCP is copied
462 for rx in rxs:
463 self.assertEqual(rx[IP].tos, 4)
464
465 def verify_encrypted6(self, p, sa, rxs):
466 # just check that the DSCP & ECN are copied
467 for rx in rxs:
468 self.assertEqual(rx[IPv6].tc, 5)
469
470
471class TestIpsecAhTun2(TemplateIpsecAh, IpsecTun46Tests):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]472 """Ipsec AH - TUN encap tests"""
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]473
474 def setUp(self):
475 self.ipv4_params = IPsecIPv4Params()
476 self.ipv6_params = IPsecIPv6Params()
477
478 self.ipv4_params.dscp = 3
479 self.ipv6_params.dscp = 4
480
481 super(TestIpsecAhTun2, self).setUp()
482
483 def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=54):
484 # set the DSCP + ECN - flags are set to copy only DSCP
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]485 return [
486 Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac)
487 / IP(src=src, dst=dst, tos=0)
488 / UDP(sport=4444, dport=4444)
489 / Raw(b"X" * payload_size)
490 for i in range(count)
491 ]
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]492
Neale Ranns9ec846c2021-02-09 14:04:02 +0000[diff] [blame]493 def gen_pkts6(self, p, sw_intf, src, dst, count=1, payload_size=54):
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]494 # set the DSCP + ECN - flags are set to copy both
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]495 return [
496 Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac)
497 / IPv6(src=src, dst=dst, tc=0)
498 / UDP(sport=4444, dport=4444)
499 / Raw(b"X" * payload_size)
500 for i in range(count)
501 ]
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]502
503 def verify_encrypted(self, p, sa, rxs):
504 # just check that only the DSCP is copied
505 for rx in rxs:
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]506 self.assertEqual(rx[IP].tos, 0xC)
Neale Ranns041add72020-01-02 04:06:10 +0000[diff] [blame]507
508 def verify_encrypted6(self, p, sa, rxs):
509 # just check that the DSCP & ECN are copied
510 for rx in rxs:
511 self.assertEqual(rx[IPv6].tc, 0x10)
512
513
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]514class TestIpsecAhHandoff(TemplateIpsecAh, IpsecTun6HandoffTests, IpsecTun4HandoffTests):
515 """Ipsec AH Handoff"""
516
Neale Ranns4a56f4e2019-12-23 04:10:25 +0000[diff] [blame]517 pass
518
519
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]520class TestIpsecAhAll(ConfigIpsecAH, IpsecTra4, IpsecTra6, IpsecTun4, IpsecTun6):
521 """Ipsec AH all Algos"""
Neale Ranns3833ffd2019-03-21 14:34:09 +0000[diff] [blame]522
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]523 def setUp(self):
524 super(TestIpsecAhAll, self).setUp()
Neale Ranns3833ffd2019-03-21 14:34:09 +0000[diff] [blame]525
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]526 def tearDown(self):
527 super(TestIpsecAhAll, self).tearDown()
Neale Ranns3833ffd2019-03-21 14:34:09 +0000[diff] [blame]528
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]529 def test_integ_algs(self):
Damjan Marion4cb83812019-04-24 17:32:01 +0200[diff] [blame]530 """All Engines SHA[1_96, 256, 384, 512] w/ & w/o ESN"""
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]531 # foreach VPP crypto engine
532 engines = ["ia32", "ipsecmb", "openssl"]
533
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]534 algos = [
535 {
536 "vpp": VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_SHA1_96,
537 "scapy": "HMAC-SHA1-96",
538 },
539 {
540 "vpp": VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_SHA_256_128,
541 "scapy": "SHA2-256-128",
542 },
543 {
544 "vpp": VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_SHA_384_192,
545 "scapy": "SHA2-384-192",
546 },
547 {
548 "vpp": VppEnum.vl_api_ipsec_integ_alg_t.IPSEC_API_INTEG_ALG_SHA_512_256,
549 "scapy": "SHA2-512-256",
550 },
551 ]
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]552
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]553 flags = [0, (VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN)]
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]554
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]555 #
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]556 # loop through the VPP engines
Neale Ranns4f33c802019-04-10 12:39:10 +0000[diff] [blame]557 #
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]558 for engine in engines:
Neale Ranns21ada3b2019-04-11 08:18:34 +0000[diff] [blame]559 self.vapi.cli("set crypto handler all %s" % engine)
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]560 #
561 # loop through each of the algorithms
562 #
563 for algo in algos:
564 # with self.subTest(algo=algo['scapy']):
565 for flag in flags:
566 #
567 # setup up the config paramters
568 #
569 self.ipv4_params = IPsecIPv4Params()
570 self.ipv6_params = IPsecIPv6Params()
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]571
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]572 self.params = {
573 self.ipv4_params.addr_type: self.ipv4_params,
574 self.ipv6_params.addr_type: self.ipv6_params,
575 }
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]576
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]577 for _, p in self.params.items():
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]578 p.auth_algo_vpp_id = algo["vpp"]
579 p.auth_algo = algo["scapy"]
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]580 p.flags = p.flags | flag
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]581
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]582 #
583 # configure the SPDs. SAs, etc
584 #
585 self.config_network(self.params.values())
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]586
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]587 #
588 # run some traffic.
589 # An exhautsive 4o6, 6o4 is not necessary for each algo
590 #
591 self.verify_tra_basic6(count=17)
592 self.verify_tra_basic4(count=17)
593 self.verify_tun_66(self.params[socket.AF_INET6], count=17)
594 self.verify_tun_44(self.params[socket.AF_INET], count=17)
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]595
Neale Ranns92e93842019-04-08 07:36:50 +0000[diff] [blame]596 #
597 # remove the SPDs, SAs, etc
598 #
599 self.unconfig_network()
Neale Ranns1091c4a2019-04-08 14:48:23 +0000[diff] [blame]600
601
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]602if __name__ == "__main__":
“mystarrocks”23f0c452017-12-11 07:11:51 -0800[diff] [blame]603 unittest.main(testRunner=VppTestRunner)