2.56. test_ikev2 module¶
-
class
test_ikev2.
AuthAlgo
(name, mac, mod, key_len, trunc_len=None)¶ Bases:
object
-
class
test_ikev2.
CryptoAlgo
(name, cipher, mode)¶ Bases:
object
-
decrypt
(data, key, aad=None, icv=None)¶
-
encrypt
(data, key, aad=None)¶
-
pad
(data)¶
-
-
class
test_ikev2.
IKEv2ChildSA
(local_ts, remote_ts, is_initiator)¶ Bases:
object
-
class
test_ikev2.
IKEv2SA
(test, is_initiator=True, i_id=None, r_id=None, spi=b'x01x02x03x04x05x06x07x08', id_type='fqdn', nonce=None, auth_data=None, local_ts=None, remote_ts=None, auth_method='shared-key', priv_key=None, i_natt=False, r_natt=False, udp_encap=False)¶ Bases:
object
-
auth_init
()¶
-
build_ts_addr
(ts, version)¶
-
calc_child_keys
()¶
-
calc_keys
()¶
-
calc_prf
(prf, key, data)¶
-
calc_prfplus
(prf, key, seed, length)¶
-
complete_dh_data
()¶
-
compute_hmac
(integ, key, data)¶
-
compute_nat_sha1
(ip, port, rspi=None)¶
-
compute_secret
()¶
-
concat
(alg, key_len)¶
-
crypto_attr
(key_len)¶
-
decrypt
(data, aad=None, icv=None)¶
-
encrypt
(data, aad=None)¶
-
esp_crypto_attr
()¶
-
generate_authmsg
(prf, packet)¶
-
generate_dh_data
()¶
-
generate_ts
(is_ip4)¶
-
hmac_and_decrypt
(ike)¶
-
ike_crypto_attr
()¶
-
property
my_authkey
¶
-
property
my_cryptokey
¶
-
property
my_dh_pub_key
¶
-
property
natt
¶
-
new_msg_id
()¶
-
property
peer_authkey
¶
-
property
peer_cryptokey
¶
-
property
peer_dh_pub_key
¶
-
set_esp_props
(crypto, crypto_key_len, integ)¶
-
set_ike_props
(crypto, crypto_key_len, integ, prf, dh)¶
-
verify_hmac
(ikemsg)¶
-
property
vpp_esp_cypto_alg
¶
-
property
vpp_ike_cypto_alg
¶
-
-
class
test_ikev2.
IkePeer
(methodName='runTest')¶ Bases:
framework.VppTestCase
common class for initiator and responder
-
assert_counter
(count, name, version='ip4')¶
-
create_empty_request
()¶
-
create_packet
(src_if, msg, sport=500, dport=500, natt=False, use_ip6=False)¶
-
create_rekey_request
()¶
-
encrypt_ike_msg
(header, plain, first_payload)¶
-
get_ike_header
(packet)¶
-
setUp
()¶ Clear trace before running each test
-
classmethod
setUpClass
()¶ Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api
-
tearDown
()¶ Show various debug prints after each test
-
classmethod
tearDownClass
()¶ Perform final cleanup after running all tests in this test-case
-
verify_and_remove_non_esp_marker
(packet)¶
-
verify_id
(api_id, exp_id)¶
-
verify_ike_sas
()¶
-
verify_ipsec_sas
(is_rekey=False)¶
-
verify_keymat
(api_keys, keys, name)¶
-
verify_nonce
(api_nonce, nonce)¶
-
verify_ts
(api_ts, ts, is_initiator)¶
-
verify_udp
(udp)¶
-
verify_udp_encap
(ipsec_sa)¶
-
-
class
test_ikev2.
TemplateInitiator
(methodName='runTest')¶ Bases:
test_ikev2.IkePeer
initiator test template
-
static
find_notify_payload
(packet, notify_type)¶
-
initiate_del_sa_from_initiator
()¶
-
initiate_del_sa_from_responder
()¶
-
initiate_sa_init
()¶
-
send_auth_response
()¶
-
send_init_response
()¶
-
test_initiator
()¶
-
update_esp_transforms
(trans, sa)¶
-
verify_del_sa
(packet)¶
-
verify_nat_detection
(packet)¶
-
verify_sa_auth_req
(packet)¶
-
verify_sa_init_request
(packet)¶
-
static
-
class
test_ikev2.
TemplateResponder
(methodName='runTest')¶ Bases:
test_ikev2.IkePeer
responder test template
-
IKE_NODE_SUFFIX
= 'ip4'¶
-
generate_auth_payload
(last_payload=None, is_rekey=False)¶
-
initiate_del_sa_from_initiator
()¶
-
initiate_del_sa_from_responder
()¶
-
send_sa_auth
()¶
-
send_sa_init_req
()¶
-
test_responder
()¶
-
verify_counters
()¶
-
verify_del_sa
(packet)¶
-
verify_sa_auth_resp
(packet)¶
-
verify_sa_init
(packet)¶
-
-
class
test_ikev2.
TestAES_CBC_128_SHA256_128_MODP3072_ESP_AES_GCM_16
(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder
,test_ikev2.Ikev2Params
IKE:AES_CBC_128_SHA256_128,DH=modp3072 ESP:AES_GCM_16
-
config_tc
()¶
-
-
class
test_ikev2.
TestApi
(methodName='runTest')¶ Bases:
framework.VppTestCase
Test IKEV2 API
-
configure_profile
(cfg)¶
-
classmethod
setUpClass
()¶ Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api
-
tearDown
()¶ Show various debug prints after each test
-
classmethod
tearDownClass
()¶ Perform final cleanup after running all tests in this test-case
-
test_profile_api
()¶ test profile dump API
-
verify_auth
(api_auth, cfg_auth)¶
-
verify_esp_transforms
(api_ts, cfg_ts)¶
-
verify_id
(api_id, cfg_id)¶
-
verify_ike_transforms
(api_ts, cfg_ts)¶
-
verify_lifetime_data
(p, ld)¶
-
verify_profile
(ap, cp)¶
-
verify_responder
(api_r, cfg_r)¶
-
verify_transforms
(api_ts, cfg_ts)¶
-
verify_ts
(api_ts, cfg_ts)¶
-
-
class
test_ikev2.
TestInitiatorDelSAFromResponder
(methodName='runTest')¶ Bases:
test_ikev2.TemplateInitiator
,test_ikev2.Ikev2Params
test ikev2 initiator - delete IKE SA from responder
-
config_tc
()¶
-
-
class
test_ikev2.
TestInitiatorKeepaliveMsg
(methodName='runTest')¶ Bases:
test_ikev2.TestInitiatorPsk
Test for keep alive messages
-
send_empty_req_from_responder
()¶
-
test_initiator
()¶
-
-
class
test_ikev2.
TestInitiatorNATT
(methodName='runTest')¶ Bases:
test_ikev2.TemplateInitiator
,test_ikev2.Ikev2Params
test ikev2 initiator - NAT traversal (intitiator behind NAT)
-
config_tc
()¶
-
-
class
test_ikev2.
TestInitiatorPsk
(methodName='runTest')¶ Bases:
test_ikev2.TemplateInitiator
,test_ikev2.Ikev2Params
test ikev2 initiator - pre shared key auth
-
config_tc
()¶
-
-
class
test_ikev2.
TestInitiatorRekey
(methodName='runTest')¶ Bases:
test_ikev2.TestInitiatorPsk
test ikev2 initiator - rekey
-
rekey_from_initiator
()¶
-
test_initiator
()¶
-
-
class
test_ikev2.
TestInitiatorRequestWindowSize
(methodName='runTest')¶ Bases:
test_ikev2.TestInitiatorPsk
test initiator - request window size (1)
-
rekey_respond
(req, update_child_sa_data)¶
-
test_initiator
()¶
-
-
class
test_ikev2.
TestMalformedMessages
(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder
,test_ikev2.Ikev2Params
malformed packet test
-
config_tc
()¶
-
create_ike_init_msg
(length=None, payload=None)¶
-
tearDown
()¶ Show various debug prints after each test
-
test_responder
()¶
-
verify_bad_packet_length
()¶
-
verify_bad_sa_payload_length
()¶
-
-
class
test_ikev2.
TestResponderBehindNAT
(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder
,test_ikev2.Ikev2Params
test responder - responder behind NAT
-
IKE_NODE_SUFFIX
= 'ip4-natt'¶
-
config_tc
()¶
-
-
class
test_ikev2.
TestResponderDpd
(methodName='runTest')¶ Bases:
test_ikev2.TestResponderPsk
Dead peer detection test
-
config_tc
()¶
-
tearDown
()¶ Show various debug prints after each test
-
test_responder
()¶
-
-
class
test_ikev2.
TestResponderInitBehindNATT
(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder
,test_ikev2.Ikev2Params
test ikev2 responder - initiator behind NAT
-
IKE_NODE_SUFFIX
= 'ip4-natt'¶
-
config_tc
()¶
-
-
class
test_ikev2.
TestResponderPsk
(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder
,test_ikev2.Ikev2Params
test ikev2 responder - pre shared key auth
-
config_tc
()¶
-
-
class
test_ikev2.
TestResponderRekey
(methodName='runTest')¶ Bases:
test_ikev2.TestResponderPsk
test ikev2 responder - rekey
-
rekey_from_initiator
()¶
-
test_responder
()¶
-
-
class
test_ikev2.
TestResponderRsaSign
(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder
,test_ikev2.Ikev2Params
test ikev2 responder - cert based auth
-
config_tc
()¶
-
-
class
test_ikev2.
TestResponderVrf
(methodName='runTest')¶ Bases:
test_ikev2.TestResponderPsk
,test_ikev2.Ikev2Params
test ikev2 responder - non-default table id
-
config_tc
()¶
-
classmethod
setUpClass
()¶ Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api
-
test_responder
()¶
-
-
class
test_ikev2.
Test_IKE_AES_CBC_128_SHA256_128_MODP2048_ESP_AES_CBC_192_SHA_384_192
(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder
,test_ikev2.Ikev2Params
IKE:AES_CBC_128_SHA256_128,DH=modp2048 ESP:AES_CBC_192_SHA_384_192
-
config_tc
()¶
-
-
class
test_ikev2.
Test_IKE_AES_GCM_16_256
(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder
,test_ikev2.Ikev2Params
IKE:AES_GCM_16_256
-
IKE_NODE_SUFFIX
= 'ip6'¶
-
config_tc
()¶
-