IPSEC TEST: various hash alogrithms

Change-Id: I925aa5bf9472e81f98072d63df499b19e6ddf43d
Signed-off-by: Neale Ranns <nranns@cisco.com>

src/vnet/ipsec/esp.h

@@ -57,7 +57,7 @@ typedef CLIB_PACKED (struct {
 #define ESP_SEQ_MAX		(4294967295UL)
 #define ESP_MAX_BLOCK_SIZE	(16)
 #define ESP_MAX_IV_SIZE		(16)
-#define ESP_MAX_ICV_SIZE	(16)
+#define ESP_MAX_ICV_SIZE	(32)
 
 u8 *format_esp_header (u8 * s, va_list * args);
 

test/template_ipsec.py

@@ -69,8 +69,8 @@ class IPsecIPv6Params(object):
         self.vpp_tra_spi = 4000
 
         self.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
-                                 IPSEC_API_INTEG_ALG_SHA_256_128)
-        self.auth_algo = 'SHA2-256-128'  # scapy name
+                                 IPSEC_API_INTEG_ALG_SHA1_96)
+        self.auth_algo = 'HMAC-SHA1-96'  # scapy name
         self.auth_key = 'C91KUR9GYMm5GfkEvNjX'
 
         self.crypt_algo_vpp_id = (VppEnum.vl_api_ipsec_crypto_alg_t.

test/test_ipsec_ah.py

@@ -207,8 +207,13 @@ class TemplateIpsecAh(TemplateIpsec):
                          priority=10).add_vpp_config()
 
 
-class TestIpsecAh1(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
-    """ Ipsec AH - TUN & TRA tests """
+class TestIpsecAh1(TemplateIpsecAh, IpsecTcpTests):
+    """ Ipsec AH - TCP tests """
+    pass
+
+
+class TestIpsecAh2(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
+    """ Ipsec AH w/ SHA1 """
     tra4_encrypt_node_name = "ah4-encrypt"
     tra4_decrypt_node_name = "ah4-decrypt"
     tra6_encrypt_node_name = "ah6-encrypt"
@@ -219,13 +224,8 @@ class TestIpsecAh1(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
     tun6_decrypt_node_name = "ah6-decrypt"
 
 
-class TestIpsecAh2(TemplateIpsecAh, IpsecTcpTests):
-    """ Ipsec AH - TCP tests """
-    pass
-
-
 class TestIpsecAh3(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
-    """ Ipsec AH w/ ESN - TCP tests """
+    """ Ipsec AH w/ SHA1 & ESN """
 
     tra4_encrypt_node_name = "ah4-encrypt"
     tra4_decrypt_node_name = "ah4-decrypt"
@@ -245,5 +245,84 @@ class TestIpsecAh3(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
             p.flags = (VppEnum.vl_api_ipsec_sad_flags_t.
                        IPSEC_API_SAD_FLAG_USE_ESN)
 
+
+class TestIpsecAh4(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
+    """ Ipsec AH w/ SHA256 """
+
+    tra4_encrypt_node_name = "ah4-encrypt"
+    tra4_decrypt_node_name = "ah4-decrypt"
+    tra6_encrypt_node_name = "ah6-encrypt"
+    tra6_decrypt_node_name = "ah6-decrypt"
+    tun4_encrypt_node_name = "ah4-encrypt"
+    tun4_decrypt_node_name = "ah4-decrypt"
+    tun6_encrypt_node_name = "ah6-encrypt"
+    tun6_decrypt_node_name = "ah6-decrypt"
+
+    def setup_params(self):
+        self.ipv4_params = IPsecIPv4Params()
+        self.ipv6_params = IPsecIPv6Params()
+        self.ipv4_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+                                             IPSEC_API_INTEG_ALG_SHA_256_128)
+        self.ipv4_params.auth_algo = 'SHA2-256-128'  # scapy name
+        self.ipv6_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+                                             IPSEC_API_INTEG_ALG_SHA_256_128)
+        self.ipv6_params.auth_algo = 'SHA2-256-128'  # scapy name
+
+        self.params = {self.ipv4_params.addr_type: self.ipv4_params,
+                       self.ipv6_params.addr_type: self.ipv6_params}
+
+
+class TestIpsecAh5(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
+    """ Ipsec AH w/ SHA384 """
+
+    tra4_encrypt_node_name = "ah4-encrypt"
+    tra4_decrypt_node_name = "ah4-decrypt"
+    tra6_encrypt_node_name = "ah6-encrypt"
+    tra6_decrypt_node_name = "ah6-decrypt"
+    tun4_encrypt_node_name = "ah4-encrypt"
+    tun4_decrypt_node_name = "ah4-decrypt"
+    tun6_encrypt_node_name = "ah6-encrypt"
+    tun6_decrypt_node_name = "ah6-decrypt"
+
+    def setup_params(self):
+        self.ipv4_params = IPsecIPv4Params()
+        self.ipv6_params = IPsecIPv6Params()
+        self.ipv4_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+                                             IPSEC_API_INTEG_ALG_SHA_384_192)
+        self.ipv4_params.auth_algo = 'SHA2-384-192'  # scapy name
+        self.ipv6_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+                                             IPSEC_API_INTEG_ALG_SHA_384_192)
+        self.ipv6_params.auth_algo = 'SHA2-384-192'  # scapy name
+
+        self.params = {self.ipv4_params.addr_type: self.ipv4_params,
+                       self.ipv6_params.addr_type: self.ipv6_params}
+
+
+class TestIpsecAh6(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
+    """ Ipsec AH w/ SHA512 """
+
+    tra4_encrypt_node_name = "ah4-encrypt"
+    tra4_decrypt_node_name = "ah4-decrypt"
+    tra6_encrypt_node_name = "ah6-encrypt"
+    tra6_decrypt_node_name = "ah6-decrypt"
+    tun4_encrypt_node_name = "ah4-encrypt"
+    tun4_decrypt_node_name = "ah4-decrypt"
+    tun6_encrypt_node_name = "ah6-encrypt"
+    tun6_decrypt_node_name = "ah6-decrypt"
+
+    def setup_params(self):
+        self.ipv4_params = IPsecIPv4Params()
+        self.ipv6_params = IPsecIPv6Params()
+        self.ipv4_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+                                             IPSEC_API_INTEG_ALG_SHA_512_256)
+        self.ipv4_params.auth_algo = 'SHA2-512-256'  # scapy name
+        self.ipv6_params.auth_algo_vpp_id = (VppEnum.vl_api_ipsec_integ_alg_t.
+                                             IPSEC_API_INTEG_ALG_SHA_512_256)
+        self.ipv6_params.auth_algo = 'SHA2-512-256'  # scapy name
+
+        self.params = {self.ipv4_params.addr_type: self.ipv4_params,
+                       self.ipv6_params.addr_type: self.ipv6_params}
+
+
 if __name__ == '__main__':
     unittest.main(testRunner=VppTestRunner)