Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / abc5660c61698fa29252dc202358002a97f2608c / . / test / test_ipsec_api.py
blob: b5b4adac66b8d995f09afa5af191d7c220c9ed37 [file] [log] [blame]
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]1import unittest
2
3from framework import VppTestCase, VppTestRunner
Neale Ranns17dcec02019-01-09 21:22:20 -0800[diff] [blame]4from template_ipsec import TemplateIpsec, IPsecIPv4Params
5from vpp_papi import VppEnum
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]6
7
8class IpsecApiTestCase(VppTestCase):
9 """ IPSec API tests """
10
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]11 @classmethod
12 def setUpClass(cls):
13 super(IpsecApiTestCase, cls).setUpClass()
14
15 @classmethod
16 def tearDownClass(cls):
17 super(IpsecApiTestCase, cls).tearDownClass()
18
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]19 def setUp(self):
20 super(IpsecApiTestCase, self).setUp()
21 self.create_pg_interfaces([0])
22 self.pg0.config_ip4()
23 self.pg0.admin_up()
24
Neale Ranns17dcec02019-01-09 21:22:20 -0800[diff] [blame]25 self.vpp_esp_protocol = (VppEnum.vl_api_ipsec_proto_t.
26 IPSEC_API_PROTO_ESP)
27 self.vpp_ah_protocol = (VppEnum.vl_api_ipsec_proto_t.
28 IPSEC_API_PROTO_AH)
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]29 self.ipv4_params = IPsecIPv4Params()
30
31 def tearDown(self):
32 self.pg0.unconfig_ip4()
33 self.pg0.admin_down()
34 super(IpsecApiTestCase, self).tearDown()
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]35
36 def test_backend_dump(self):
37 """ backend dump """
38 d = self.vapi.ipsec_backend_dump()
39 self.assert_equal(len(d), 2, "number of ipsec backends in dump")
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]40 self.assert_equal(d[0].protocol, self.vpp_ah_protocol,
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]41 "ipsec protocol in dump entry")
42 self.assert_equal(d[0].index, 0, "index in dump entry")
43 self.assert_equal(d[0].active, 1, "active flag in dump entry")
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]44 self.assert_equal(d[1].protocol, self.vpp_esp_protocol,
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]45 "ipsec protocol in dump entry")
46 self.assert_equal(d[1].index, 0, "index in dump entry")
47 self.assert_equal(d[1].active, 1, "active flag in dump entry")
48
49 def test_select_valid_backend(self):
50 """ select valid backend """
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]51 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 0)
52 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 0)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]53
54 def test_select_invalid_backend(self):
55 """ select invalid backend """
56 with self.vapi.assert_negative_api_retval():
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]57 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 200)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]58 with self.vapi.assert_negative_api_retval():
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]59 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 200)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]60
61 def test_select_backend_in_use(self):
62 """ attempt to change backend while sad configured """
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]63 params = self.ipv4_params
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]64 addr_type = params.addr_type
65 is_ipv6 = params.is_ipv6
66 scapy_tun_sa_id = params.scapy_tun_sa_id
67 scapy_tun_spi = params.scapy_tun_spi
68 auth_algo_vpp_id = params.auth_algo_vpp_id
69 auth_key = params.auth_key
70 crypt_algo_vpp_id = params.crypt_algo_vpp_id
71 crypt_key = params.crypt_key
72
Neale Rannsabc56602020-04-01 09:45:23 +0000[diff] [blame^]73 self.vapi.ipsec_sad_entry_add_del(
74 is_add=1,
75 entry={
76 'sad_id': scapy_tun_sa_id,
77 'spi': scapy_tun_spi,
78 'integrity_algorithm': auth_algo_vpp_id,
79 'integrity_key': {
80 'data': auth_key,
81 'length': len(auth_key),
82 },
83 'crypto_algorithm': crypt_algo_vpp_id,
84 'crypto_key': {
85 'data': crypt_key,
86 'length': len(crypt_key),
87 },
88 'protocol': self.vpp_ah_protocol,
89 'tunnel_src': self.pg0.local_addr[addr_type],
90 'tunnel_dst': self.pg0.remote_addr[addr_type]
91 })
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]92 with self.vapi.assert_negative_api_retval():
93 self.vapi.ipsec_select_backend(
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]94 protocol=self.vpp_ah_protocol, index=0)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]95
Neale Rannsabc56602020-04-01 09:45:23 +0000[diff] [blame^]96 self.vapi.ipsec_sad_entry_add_del(
97 is_add=0,
98 entry={
99 'sad_id': scapy_tun_sa_id,
100 'spi': scapy_tun_spi,
101 'integrity_algorithm': auth_algo_vpp_id,
102 'integrity_key': {
103 'data': auth_key,
104 'length': len(auth_key),
105 },
106 'crypto_algorithm': crypt_algo_vpp_id,
107 'crypto_key': {
108 'data': crypt_key,
109 'length': len(crypt_key),
110 },
111 'protocol': self.vpp_ah_protocol,
112 'tunnel_src': self.pg0.local_addr[addr_type],
113 'tunnel_dst': self.pg0.remote_addr[addr_type]
114 })
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]115 self.vapi.ipsec_select_backend(
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]116 protocol=self.vpp_ah_protocol, index=0)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]117
118
119if __name__ == '__main__':
120 unittest.main(testRunner=VppTestRunner)