ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

IPSEC: support GCM in ESP

Browse Source 
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d
Signed-off-by: Neale Ranns <nranns@cisco.com>
This commit is contained in:
Neale Ranns
2019-04-11 15:14:07 +00:00
committed by Damjan Marion
parent 3cf215aab7
commit 47feb1146e
18 changed files with 349 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
test/test_ipsec_esp.py
View File

@ -1,5 +1,6 @@
import socket
import unittest
import struct
from scapy.layers.ipsec import ESP
from scapy.layers.inet import UDP
@ -357,23 +358,51 @@ class TestIpsecEspAll(ConfigIpsecESP,
super(TestIpsecEspAll, self).tearDown()
def test_crypto_algs(self):
"""All engines AES-CBC-[128, 192, 256] w/ & w/o ESN"""
"""All engines AES-[CBC, GCM]-[128, 192, 256] w/ & w/o ESN"""
# foreach VPP crypto engine
engines = ["ia32", "ipsecmb", "openssl"]
# foreach crypto algorithm
algos = [{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_128,
'scapy': "AES-CBC",
algos = [{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_GCM_128),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_NONE),
'scapy-crypto': "AES-GCM",
'scapy-integ': "NULL",
'key': "JPjyOWBeVEQiMe7h",
'salt': struct.pack("!L", 0)},
{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_GCM_256),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_NONE),
'scapy-crypto': "AES-GCM",
'scapy-integ': "NULL",
'key': "JPjyOWBeVEQiMe7h0123456787654321",
'salt': struct.pack("!L", 0)},
{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_128),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA1_96),
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
'salt': '',
'key': "JPjyOWBeVEQiMe7h"},
{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_192,
'scapy': "AES-CBC",
{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_192),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA1_96),
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
'salt': '',
'key': "JPjyOWBeVEQiMe7hJPjyOWBe"},
{'vpp': VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_256,
'scapy': "AES-CBC",
{'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
IPSEC_API_CRYPTO_ALG_AES_CBC_256),
'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
IPSEC_API_INTEG_ALG_SHA1_96),
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
'salt': '',
'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
# with and without ESN
@ -404,9 +433,12 @@ class TestIpsecEspAll(ConfigIpsecESP,
self.ipv6_params}
for _, p in self.params.items():
p.crypt_algo_vpp_id = algo['vpp']
p.crypt_algo = algo['scapy']
p.auth_algo_vpp_id = algo['vpp-integ']
p.crypt_algo_vpp_id = algo['vpp-crypto']
p.crypt_algo = algo['scapy-crypto']
p.auth_algo = algo['scapy-integ']
p.crypt_key = algo['key']
p.crypt_salt = algo['salt']
p.flags = p.flags | flag
#
@ -421,8 +453,8 @@ class TestIpsecEspAll(ConfigIpsecESP,
#
self.verify_tra_basic6(count=17)
self.verify_tra_basic4(count=17)
self.verify_tun_66(self.params[socket.AF_INET6], 1)
self.verify_tun_44(self.params[socket.AF_INET], 1)
self.verify_tun_66(self.params[socket.AF_INET6], 17)
self.verify_tun_44(self.params[socket.AF_INET], 17)
#
# remove the SPDs, SAs, etc