tests: Split IPSec ESP into parameterized tests per engine
Type: feature Change-Id: Icb1bd3fce768aebf8919c63a104f771ca7fa1d6f Signed-off-by: Neale Ranns <nranns@cisco.com>
This commit is contained in:
Neale Ranns
committed by
Paul Vinciguerra
Paul Vinciguerra
parent
1404698df3
commit
00625a64f4
@ -973,8 +973,6 @@ class VppTestCase(unittest.TestCase):
|
|||||||
def assert_packet_checksums_valid(self, packet,
|
def assert_packet_checksums_valid(self, packet,
|
||||||
ignore_zero_udp_checksums=True):
|
ignore_zero_udp_checksums=True):
|
||||||
received = packet.__class__(scapy.compat.raw(packet))
|
received = packet.__class__(scapy.compat.raw(packet))
|
||||||
self.logger.debug(
|
|
||||||
ppp("Verifying packet checksums for packet:", received))
|
|
||||||
udp_layers = ['UDP', 'UDPerror']
|
udp_layers = ['UDP', 'UDPerror']
|
||||||
checksum_fields = ['cksum', 'chksum']
|
checksum_fields = ['cksum', 'chksum']
|
||||||
checksums = []
|
checksums = []
|
||||||
|
|||||||
@ -3,6 +3,7 @@ import unittest
|
|||||||
from scapy.layers.ipsec import ESP
|
from scapy.layers.ipsec import ESP
|
||||||
from scapy.layers.inet import UDP
|
from scapy.layers.inet import UDP
|
||||||
|
|
||||||
|
from parameterized import parameterized
|
||||||
from framework import VppTestRunner
|
from framework import VppTestRunner
|
||||||
from template_ipsec import IpsecTra46Tests, IpsecTun46Tests, TemplateIpsec, \
|
from template_ipsec import IpsecTra46Tests, IpsecTun46Tests, TemplateIpsec, \
|
||||||
IpsecTcpTests, IpsecTun4Tests, IpsecTra4Tests, config_tra_params, \
|
IpsecTcpTests, IpsecTun4Tests, IpsecTra4Tests, config_tra_params, \
|
||||||
@ -363,11 +364,9 @@ class TestIpsecEspAll(ConfigIpsecESP,
|
|||||||
def tearDown(self):
|
def tearDown(self):
|
||||||
super(TestIpsecEspAll, self).tearDown()
|
super(TestIpsecEspAll, self).tearDown()
|
||||||
|
|
||||||
def test_crypto_algs(self):
|
@parameterized.expand(["ia32", "ipsecmb", "openssl"])
|
||||||
"""All engines AES-[CBC, GCM]-[128, 192, 256] 3DES-CBC w/ & w/o ESN"""
|
def test_crypto_algs(self, engine):
|
||||||
|
"""AES-[CBC, GCM]-[128, 192, 256] 3DES-CBC w/ & w/o ESN"""
|
||||||
# foreach VPP crypto engine
|
|
||||||
engines = ["ia32", "ipsecmb", "openssl"]
|
|
||||||
|
|
||||||
# foreach crypto algorithm
|
# foreach crypto algorithm
|
||||||
algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
|
algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
|
||||||
@ -431,68 +430,64 @@ class TestIpsecEspAll(ConfigIpsecESP,
|
|||||||
flags = [0,
|
flags = [0,
|
||||||
VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN]
|
VppEnum.vl_api_ipsec_sad_flags_t.IPSEC_API_SAD_FLAG_USE_ESN]
|
||||||
|
|
||||||
|
self.vapi.cli("set crypto handler all %s" % engine)
|
||||||
#
|
#
|
||||||
# loop through the VPP engines
|
# loop through each of the algorithms
|
||||||
#
|
#
|
||||||
for engine in engines:
|
for algo in algos:
|
||||||
self.vapi.cli("set crypto handler all %s" % engine)
|
# with self.subTest(algo=algo['scapy']):
|
||||||
#
|
for flag in flags:
|
||||||
# loop through each of the algorithms
|
#
|
||||||
#
|
# setup up the config paramters
|
||||||
for algo in algos:
|
#
|
||||||
# with self.subTest(algo=algo['scapy']):
|
self.ipv4_params = IPsecIPv4Params()
|
||||||
for flag in flags:
|
self.ipv6_params = IPsecIPv6Params()
|
||||||
#
|
|
||||||
# setup up the config paramters
|
|
||||||
#
|
|
||||||
self.ipv4_params = IPsecIPv4Params()
|
|
||||||
self.ipv6_params = IPsecIPv6Params()
|
|
||||||
|
|
||||||
self.params = {self.ipv4_params.addr_type:
|
self.params = {self.ipv4_params.addr_type:
|
||||||
self.ipv4_params,
|
self.ipv4_params,
|
||||||
self.ipv6_params.addr_type:
|
self.ipv6_params.addr_type:
|
||||||
self.ipv6_params}
|
self.ipv6_params}
|
||||||
|
|
||||||
for _, p in self.params.items():
|
for _, p in self.params.items():
|
||||||
p.auth_algo_vpp_id = algo['vpp-integ']
|
p.auth_algo_vpp_id = algo['vpp-integ']
|
||||||
p.crypt_algo_vpp_id = algo['vpp-crypto']
|
p.crypt_algo_vpp_id = algo['vpp-crypto']
|
||||||
p.crypt_algo = algo['scapy-crypto']
|
p.crypt_algo = algo['scapy-crypto']
|
||||||
p.auth_algo = algo['scapy-integ']
|
p.auth_algo = algo['scapy-integ']
|
||||||
p.crypt_key = algo['key']
|
p.crypt_key = algo['key']
|
||||||
p.salt = algo['salt']
|
p.salt = algo['salt']
|
||||||
p.flags = p.flags | flag
|
p.flags = p.flags | flag
|
||||||
|
|
||||||
self.reporter.send_keep_alive(self)
|
self.reporter.send_keep_alive(self)
|
||||||
|
|
||||||
#
|
#
|
||||||
# configure the SPDs. SAs, etc
|
# configure the SPDs. SAs, etc
|
||||||
#
|
#
|
||||||
self.config_network(self.params.values())
|
self.config_network(self.params.values())
|
||||||
|
|
||||||
#
|
#
|
||||||
# run some traffic.
|
# run some traffic.
|
||||||
# An exhautsive 4o6, 6o4 is not necessary
|
# An exhautsive 4o6, 6o4 is not necessary
|
||||||
# for each algo
|
# for each algo
|
||||||
#
|
#
|
||||||
self.verify_tra_basic6(count=NUM_PKTS)
|
self.verify_tra_basic6(count=NUM_PKTS)
|
||||||
self.verify_tra_basic4(count=NUM_PKTS)
|
self.verify_tra_basic4(count=NUM_PKTS)
|
||||||
self.verify_tun_66(self.params[socket.AF_INET6],
|
self.verify_tun_66(self.params[socket.AF_INET6],
|
||||||
count=NUM_PKTS)
|
count=NUM_PKTS)
|
||||||
self.verify_tun_44(self.params[socket.AF_INET],
|
self.verify_tun_44(self.params[socket.AF_INET],
|
||||||
count=NUM_PKTS)
|
count=NUM_PKTS)
|
||||||
|
|
||||||
#
|
#
|
||||||
# remove the SPDs, SAs, etc
|
# remove the SPDs, SAs, etc
|
||||||
#
|
#
|
||||||
self.unconfig_network()
|
self.unconfig_network()
|
||||||
|
|
||||||
#
|
#
|
||||||
# reconfigure the network and SA to run the
|
# reconfigure the network and SA to run the
|
||||||
# anti replay tests
|
# anti replay tests
|
||||||
#
|
#
|
||||||
self.config_network(self.params.values())
|
self.config_network(self.params.values())
|
||||||
self.verify_tra_anti_replay()
|
self.verify_tra_anti_replay()
|
||||||
self.unconfig_network()
|
self.unconfig_network()
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
|||||||
Reference in New Issue
Block a user