ipsec package

eth2p-ethip4ipsectnl-ip4base-func module

TC01: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC02: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC03: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC04: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-256-128 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC05: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-256-128 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC06: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-256-128 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC07: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-384-192 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC08: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-384-192 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC09: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-384-192 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC10: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-512-256 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC11: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-512-256 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC12: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-512-256 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC13: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send an ESP packet encrypted by encryption key different fromencryption key stored on VPP node from TG to VPP node and expect noresponse to be received on TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC14: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send an ESP packet authenticated by integrity key differentfrom integrity key stored on VPP node from TG to VPP node and expectno response to be received on TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC15: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send an ESP packet authenticated by integrity key and encryptedby encryption key different from integrity and encryption keys storedon VPP node from TG to VPP node and expect no response to be receivedon TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC16: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnelmode. Then update SA keys - use new keys. [Ver] Send and receive ESP packet between TG and VPP node beforeand after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${new_encr_key}  ${auth_alg}  ${new_auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC17: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. Then update SA keys - use new keys. [Ver] Send an ESP packet encrypted by encryption key different fromencryption key stored on VPP node from TG to VPP node and expect noresponse to be received on TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${new_auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC18: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different integrity alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnelmode. Then update SA keys - use new keys. [Ver] Send an ESP packet authenticated by integrity key differentfrom integrity key stored on VPP node from TG to VPP node and expectno response to be received on TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${new_encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC19: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption and integrity alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnelmode. Then update SA keys - use new keys. [Ver] Send an ESP packet authenticated by integrity key and encryptedby encryption key different from integrity and encryption keys storedon VPP node from TG to VPP node and expect no response to be receivedon TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

Get Second Random String


${req_key_len}=  Run Keyword  Get ${req_type} Alg Key Len  ${req_alg}
${key}=  Set Variable If  '${req_type}' == 'Crypto'  ${encr_key}  '${req_type}' == 'Integ'  ${auth_key}
: FOR  ${index}  IN RANGE  100
\    ${req_key}=  Generate Random String  ${req_key_len}
\    Return From Keyword If  '${req_key}' != '${key}'  ${req_key}

eth2p-ethip4ipsectpt-ip4base-func module

TC01: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC02: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA1-96 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC03: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA1-96 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC04: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-256-128 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC05: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-256-128 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC06: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-256-128 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC07: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-384-192 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC08: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-384-192 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC09: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-384-192 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC10: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-512-256 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC11: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-512-256 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC12: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-512-256 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC13: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. [Ver] Send an ESP packet encrypted by encryption key different fromencryption key stored on VPP node from TG to VPP node and expect noresponse to be received on TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC14: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. [Ver] Send an ESP packet authenticated by integrity key differentfrom integrity key stored on VPP node from TG to VPP node and expectno response to be received on TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC15: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. [Ver] Send an ESP packet authenticated by integrity key and encryptedby encryption key different from integrity and encryption keys storedon VPP node from TG to VPP node and expect no response to be receivedon TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC16: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. Then update SA keys - use new keys. [Ver] Send and receive ESP packet between TG and VPP node beforeand after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${new_encr_key}  ${auth_alg}  ${new_auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC17: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. Then update SA keys - use new keys. [Ver] Send an ESP packet encrypted by encryption key different fromencryption key stored on VPP node from TG to VPP node and expect noresponse to be received on TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${new_auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC18: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different integrity alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. Then update SA keys - use new keys. [Ver] Send an ESP packet authenticated by integrity key differentfrom integrity key stored on VPP node from TG to VPP node and expectno response to be received on TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${new_encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC19: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption and integrity alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. Then update SA keys - use new keys. [Ver] Send an ESP packet authenticated by integrity key and encryptedby encryption key different from integrity and encryption keys storedon VPP node from TG to VPP node and expect no response to be receivedon TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

Get Second Random String


${req_key_len}=  Run Keyword  Get ${req_type} Alg Key Len  ${req_alg}
${key}=  Set Variable If  '${req_type}' == 'Crypto'  ${encr_key}  '${req_type}' == 'Integ'  ${auth_key}
: FOR  ${index}  IN RANGE  100
\    ${req_key}=  Generate Random String  ${req_key_len}
\    Return From Keyword If  '${req_key}' != '${key}'  ${req_key}

eth2p-ethip6ipsectnl-ip6base-func module

TC01: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC02: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC03: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC04: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-256-128 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC05: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-256-128 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC06: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-256-128 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC07: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-384-192 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC08: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-384-192 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC09: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-384-192 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC10: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-512-256 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC11: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-512-256 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC12: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-512-256 in tunnelmode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC13: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send an ESP packet encrypted by encryption key different fromencryption key stored on VPP node from TG to VPP node and expect noresponse to be received on TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC14: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send an ESP packet authenticated by integrity key differentfrom integrity key stored on VPP node from TG to VPP node and expectno response to be received on TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC15: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. [Ver] Send an ESP packet authenticated by integrity key and encryptedby encryption key different from integrity and encryption keys storedon VPP node from TG to VPP node and expect no response to be receivedon TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC16: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnelmode. Then update SA keys - use new keys. [Ver] Send and receive ESP packet between TG and VPP node beforeand after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${new_encr_key}  ${auth_alg}  ${new_auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC17: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnel mode. Then update SA keys - use new keys. [Ver] Send an ESP packet encrypted by encryption key different fromencryption key stored on VPP node from TG to VPP node and expect noresponse to be received on TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${new_auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC18: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different integrity alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnelmode. Then update SA keys - use new keys. [Ver] Send an ESP packet authenticated by integrity key differentfrom integrity key stored on VPP node from TG to VPP node and expectno response to be received on TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${new_encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

TC19: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption and integrity alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in tunnelmode. Then update SA keys - use new keys. [Ver] Send an ESP packet authenticated by integrity key and encryptedby encryption key different from integrity and encryption keys storedon VPP node from TG to VPP node and expect no response to be receivedon TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_src_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${dut_src_ip}  ${tg_tun_ip}  ${dut_tun_ip}

Get Second Random String


${req_key_len}=  Run Keyword  Get ${req_type} Alg Key Len  ${req_alg}
${key}=  Set Variable If  '${req_type}' == 'Crypto'  ${encr_key}  '${req_type}' == 'Integ'  ${auth_key}
: FOR  ${index}  IN RANGE  100
\    ${req_key}=  Generate Random String  ${req_key_len}
\    Return From Keyword If  '${req_key}' != '${key}'  ${req_key}

eth2p-ethip6ipsectpt-ip6base-func module

TC01: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC02: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA1-96 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC03: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA1-96 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA1-96 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC04: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-256-128 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC05: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-256-128 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC06: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-256-128 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-256-128 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 256 128
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC07: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-384-192 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC08: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-384-192 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC09: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-384-192 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-384-192 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 384 192
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC10: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA-512-256 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC11: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-192 and integrity algorithm SHA-512-256 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 192
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC12: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-512-256 integrity

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-256 and integrity algorithm SHA-512-256 in transport mode. [Ver] Send and receive ESP packet between TG and VPP node.


${encr_alg}=  Crypto Alg AES CBC 256
${auth_alg}=  Integ Alg SHA 512 256
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC13: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. [Ver] Send an ESP packet encrypted by encryption key different fromencryption key stored on VPP node from TG to VPP node and expect noresponse to be received on TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC14: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. [Ver] Send an ESP packet authenticated by integrity key differentfrom integrity key stored on VPP node from TG to VPP node and expectno response to be received on TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC15: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used

[Top] TG-DUT1. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. [Ver] Send an ESP packet authenticated by integrity key and encryptedby encryption key different from integrity and encryption keys storedon VPP node from TG to VPP node and expect no response to be receivedon TG. [Ref] RFC4303.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC16: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. Then update SA keys - use new keys. [Ver] Send and receive ESP packet between TG and VPP node beforeand after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${new_encr_key}  ${auth_alg}  ${new_auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC17: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. Then update SA keys - use new keys. [Ver] Send an ESP packet encrypted by encryption key different fromencryption key stored on VPP node from TG to VPP node and expect noresponse to be received on TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${new_auth_key}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC18: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different integrity alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. Then update SA keys - use new keys. [Ver] Send an ESP packet authenticated by integrity key differentfrom integrity key stored on VPP node from TG to VPP node and expectno response to be received on TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${new_encr_key}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

TC19: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption and integrity alogrithms used

[Top] TG-DUT1. [Ref] RFC4303. [Cfg] On DUT1 configure IPsec manual keyed connection with encryptionalgorithm AES-CBC-128 and integrity algorithm SHA1-96 in transportmode. Then update SA keys - use new keys. [Ver] Send an ESP packet authenticated by integrity key and encryptedby encryption key different from integrity and encryption keys storedon VPP node from TG to VPP node and expect no response to be receivedon TG before and after SA keys update.


${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA1 96
Given IPsec Generate Keys  ${encr_alg}  ${auth_alg}
 When VPP Setup IPsec Manual Keyed Connection  ${dut_node}  ${dut_if}  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${dut_tun_ip}  ${tg_tun_ip}
${encr_key2}=  And Get Second Random String  ${encr_alg}  Crypto
${auth_key2}=  And Get Second Random String  ${auth_alg}  Integ
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}
${new_encr_key}=  Given Get Second Random String  ${encr_alg}  Crypto
${new_auth_key}=  And Get Second Random String  ${auth_alg}  Integ
 When VPP Update IPsec SA Keys  ${dut_node}  ${l_sa_id}  ${r_sa_id}  ${new_encr_key}  ${new_auth_key}
 Then Run Keyword And Expect Error  ESP packet Rx timeout  Send And Receive IPsec Packet  ${tg_node}  ${tg_if}  ${dut_if_mac}  ${encr_alg}  ${encr_key2}  ${auth_alg}  ${auth_key2}  ${tg_spi}  ${dut_spi}  ${tg_tun_ip}  ${dut_tun_ip}

Get Second Random String


${req_key_len}=  Run Keyword  Get ${req_type} Alg Key Len  ${req_alg}
${key}=  Set Variable If  '${req_type}' == 'Crypto'  ${encr_key}  '${req_type}' == 'Integ'  ${auth_key}
: FOR  ${index}  IN RANGE  100
\    ${req_key}=  Generate Random String  ${req_key_len}
\    Return From Keyword If  '${req_key}' != '${key}'  ${req_key}