Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / d826a602696eb337dcce191d7d24ae1869e81ec2 / . / test / test_ipsec_api.py
blob: 521762b8181399305367ae94a854824c5657af97 [file] [log] [blame]
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]1import unittest
2
3from framework import VppTestCase, VppTestRunner
Neale Ranns17dcec02019-01-09 21:22:20 -0800[diff] [blame]4from template_ipsec import TemplateIpsec, IPsecIPv4Params
5from vpp_papi import VppEnum
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]6
Maxime Peim1271e3a2023-03-20 14:13:56 +0000[diff] [blame]7from vpp_ipsec import VppIpsecSA
8
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]9
10class IpsecApiTestCase(VppTestCase):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]11 """IPSec API tests"""
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]12
Maxime Peim1271e3a2023-03-20 14:13:56 +0000[diff] [blame]13 vpp_worker_count = 2
14
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]15 @classmethod
16 def setUpClass(cls):
17 super(IpsecApiTestCase, cls).setUpClass()
18
19 @classmethod
20 def tearDownClass(cls):
21 super(IpsecApiTestCase, cls).tearDownClass()
22
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]23 def setUp(self):
24 super(IpsecApiTestCase, self).setUp()
25 self.create_pg_interfaces([0])
26 self.pg0.config_ip4()
27 self.pg0.admin_up()
28
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]29 self.vpp_esp_protocol = VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_ESP
30 self.vpp_ah_protocol = VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_AH
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]31 self.ipv4_params = IPsecIPv4Params()
32
33 def tearDown(self):
34 self.pg0.unconfig_ip4()
35 self.pg0.admin_down()
36 super(IpsecApiTestCase, self).tearDown()
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]37
38 def test_backend_dump(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]39 """backend dump"""
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]40 d = self.vapi.ipsec_backend_dump()
41 self.assert_equal(len(d), 2, "number of ipsec backends in dump")
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]42 self.assert_equal(
43 d[0].protocol, self.vpp_ah_protocol, "ipsec protocol in dump entry"
44 )
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]45 self.assert_equal(d[0].index, 0, "index in dump entry")
46 self.assert_equal(d[0].active, 1, "active flag in dump entry")
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]47 self.assert_equal(
48 d[1].protocol, self.vpp_esp_protocol, "ipsec protocol in dump entry"
49 )
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]50 self.assert_equal(d[1].index, 0, "index in dump entry")
51 self.assert_equal(d[1].active, 1, "active flag in dump entry")
52
53 def test_select_valid_backend(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]54 """select valid backend"""
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]55 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 0)
56 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 0)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]57
58 def test_select_invalid_backend(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]59 """select invalid backend"""
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]60 with self.vapi.assert_negative_api_retval():
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]61 self.vapi.ipsec_select_backend(self.vpp_ah_protocol, 200)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]62 with self.vapi.assert_negative_api_retval():
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]63 self.vapi.ipsec_select_backend(self.vpp_esp_protocol, 200)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]64
65 def test_select_backend_in_use(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]66 """attempt to change backend while sad configured"""
Neale Ranns8e4a89b2019-01-23 08:16:17 -0800[diff] [blame]67 params = self.ipv4_params
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]68 addr_type = params.addr_type
69 is_ipv6 = params.is_ipv6
70 scapy_tun_sa_id = params.scapy_tun_sa_id
71 scapy_tun_spi = params.scapy_tun_spi
72 auth_algo_vpp_id = params.auth_algo_vpp_id
73 auth_key = params.auth_key
74 crypt_algo_vpp_id = params.crypt_algo_vpp_id
75 crypt_key = params.crypt_key
76
Neale Rannsabc56602020-04-01 09:45:23 +0000[diff] [blame]77 self.vapi.ipsec_sad_entry_add_del(
78 is_add=1,
79 entry={
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]80 "sad_id": scapy_tun_sa_id,
81 "spi": scapy_tun_spi,
82 "integrity_algorithm": auth_algo_vpp_id,
83 "integrity_key": {
84 "data": auth_key,
85 "length": len(auth_key),
Neale Rannsabc56602020-04-01 09:45:23 +0000[diff] [blame]86 },
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]87 "crypto_algorithm": crypt_algo_vpp_id,
88 "crypto_key": {
89 "data": crypt_key,
90 "length": len(crypt_key),
Neale Rannsabc56602020-04-01 09:45:23 +0000[diff] [blame]91 },
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]92 "protocol": self.vpp_ah_protocol,
93 "tunnel_src": self.pg0.local_addr[addr_type],
94 "tunnel_dst": self.pg0.remote_addr[addr_type],
95 },
96 )
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]97 with self.vapi.assert_negative_api_retval():
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]98 self.vapi.ipsec_select_backend(protocol=self.vpp_ah_protocol, index=0)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]99
Neale Rannsabc56602020-04-01 09:45:23 +0000[diff] [blame]100 self.vapi.ipsec_sad_entry_add_del(
101 is_add=0,
102 entry={
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]103 "sad_id": scapy_tun_sa_id,
104 "spi": scapy_tun_spi,
105 "integrity_algorithm": auth_algo_vpp_id,
106 "integrity_key": {
107 "data": auth_key,
108 "length": len(auth_key),
Neale Rannsabc56602020-04-01 09:45:23 +0000[diff] [blame]109 },
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]110 "crypto_algorithm": crypt_algo_vpp_id,
111 "crypto_key": {
112 "data": crypt_key,
113 "length": len(crypt_key),
Neale Rannsabc56602020-04-01 09:45:23 +0000[diff] [blame]114 },
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]115 "protocol": self.vpp_ah_protocol,
116 "tunnel_src": self.pg0.local_addr[addr_type],
117 "tunnel_dst": self.pg0.remote_addr[addr_type],
118 },
119 )
120 self.vapi.ipsec_select_backend(protocol=self.vpp_ah_protocol, index=0)
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]121
Maxime Peim1271e3a2023-03-20 14:13:56 +0000[diff] [blame]122 def __check_sa_binding(self, sa_id, thread_index):
123 found_sa = False
124 sa_dumps = self.vapi.ipsec_sa_v4_dump()
125 for dump in sa_dumps:
126 if dump.entry.sad_id == sa_id:
127 self.assertEqual(dump.thread_index, thread_index)
128 found_sa = True
129 break
130
131 if not found_sa:
132 self.fail("SA not found in VPP")
133
134 def test_sa_worker_bind(self):
135 """Bind an SA to a worker"""
136 sa = VppIpsecSA(
137 self,
138 self.ipv4_params.scapy_tun_sa_id,
139 self.ipv4_params.scapy_tun_spi,
140 self.ipv4_params.auth_algo_vpp_id,
141 self.ipv4_params.auth_key,
142 self.ipv4_params.crypt_algo_vpp_id,
143 self.ipv4_params.crypt_key,
144 VppEnum.vl_api_ipsec_proto_t.IPSEC_API_PROTO_ESP,
145 )
146 sa.add_vpp_config()
147
148 self.__check_sa_binding(sa.id, 0xFFFF)
149
150 self.vapi.ipsec_sad_bind(sa_id=sa.id, worker=1)
151
152 self.__check_sa_binding(sa.id, 2)
153
154 sa.remove_vpp_config()
155
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]156
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]157if __name__ == "__main__":
Klement Sekerab4d30532018-11-08 13:00:02 +0100[diff] [blame]158 unittest.main(testRunner=VppTestRunner)