2.56. test_ikev2 module¶
-
class
test_ikev2.AuthAlgo(name, mac, mod, key_len, trunc_len=None)¶ Bases:
object
-
class
test_ikev2.CryptoAlgo(name, cipher, mode)¶ Bases:
object-
decrypt(data, key, aad=None, icv=None)¶
-
encrypt(data, key, aad=None)¶
-
pad(data)¶
-
-
class
test_ikev2.IKEv2ChildSA(local_ts, remote_ts, is_initiator)¶ Bases:
object
-
class
test_ikev2.IKEv2SA(test, is_initiator=True, i_id=None, r_id=None, spi=b'x01x02x03x04x05x06x07x08', id_type='fqdn', nonce=None, auth_data=None, local_ts=None, remote_ts=None, auth_method='shared-key', priv_key=None, i_natt=False, r_natt=False, udp_encap=False)¶ Bases:
object-
auth_init()¶
-
build_ts_addr(ts, version)¶
-
calc_child_keys()¶
-
calc_keys()¶
-
calc_prf(prf, key, data)¶
-
calc_prfplus(prf, key, seed, length)¶
-
complete_dh_data()¶
-
compute_hmac(integ, key, data)¶
-
compute_nat_sha1(ip, port, rspi=None)¶
-
compute_secret()¶
-
concat(alg, key_len)¶
-
crypto_attr(key_len)¶
-
decrypt(data, aad=None, icv=None)¶
-
encrypt(data, aad=None)¶
-
esp_crypto_attr()¶
-
generate_authmsg(prf, packet)¶
-
generate_dh_data()¶
-
generate_ts(is_ip4)¶
-
hmac_and_decrypt(ike)¶
-
ike_crypto_attr()¶
-
property
my_authkey¶
-
property
my_cryptokey¶
-
property
my_dh_pub_key¶
-
property
natt¶
-
new_msg_id()¶
-
property
peer_authkey¶
-
property
peer_cryptokey¶
-
property
peer_dh_pub_key¶
-
set_esp_props(crypto, crypto_key_len, integ)¶
-
set_ike_props(crypto, crypto_key_len, integ, prf, dh)¶
-
verify_hmac(ikemsg)¶
-
property
vpp_esp_cypto_alg¶
-
property
vpp_ike_cypto_alg¶
-
-
class
test_ikev2.IkePeer(methodName='runTest')¶ Bases:
framework.VppTestCasecommon class for initiator and responder
-
assert_counter(count, name, version='ip4')¶
-
create_empty_request()¶
-
create_packet(src_if, msg, sport=500, dport=500, natt=False, use_ip6=False)¶
-
create_rekey_request()¶
-
encrypt_ike_msg(header, plain, first_payload)¶
-
get_ike_header(packet)¶
-
setUp()¶ Clear trace before running each test
-
classmethod
setUpClass()¶ Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api
-
tearDown()¶ Show various debug prints after each test
-
classmethod
tearDownClass()¶ Perform final cleanup after running all tests in this test-case
-
verify_and_remove_non_esp_marker(packet)¶
-
verify_id(api_id, exp_id)¶
-
verify_ike_sas()¶
-
verify_ipsec_sas(is_rekey=False)¶
-
verify_keymat(api_keys, keys, name)¶
-
verify_nonce(api_nonce, nonce)¶
-
verify_ts(api_ts, ts, is_initiator)¶
-
verify_udp(udp)¶
-
verify_udp_encap(ipsec_sa)¶
-
-
class
test_ikev2.TemplateInitiator(methodName='runTest')¶ Bases:
test_ikev2.IkePeerinitiator test template
-
static
find_notify_payload(packet, notify_type)¶
-
initiate_del_sa_from_initiator()¶
-
initiate_del_sa_from_responder()¶
-
initiate_sa_init()¶
-
send_auth_response()¶
-
send_init_response()¶
-
test_initiator()¶
-
update_esp_transforms(trans, sa)¶
-
verify_del_sa(packet)¶
-
verify_nat_detection(packet)¶
-
verify_sa_auth_req(packet)¶
-
verify_sa_init_request(packet)¶
-
static
-
class
test_ikev2.TemplateResponder(methodName='runTest')¶ Bases:
test_ikev2.IkePeerresponder test template
-
IKE_NODE_SUFFIX= 'ip4'¶
-
generate_auth_payload(last_payload=None, is_rekey=False)¶
-
initiate_del_sa_from_initiator()¶
-
initiate_del_sa_from_responder()¶
-
send_sa_auth()¶
-
send_sa_init_req()¶
-
test_responder()¶
-
verify_counters()¶
-
verify_del_sa(packet)¶
-
verify_sa_auth_resp(packet)¶
-
verify_sa_init(packet)¶
-
-
class
test_ikev2.TestAES_CBC_128_SHA256_128_MODP3072_ESP_AES_GCM_16(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder,test_ikev2.Ikev2ParamsIKE:AES_CBC_128_SHA256_128,DH=modp3072 ESP:AES_GCM_16
-
config_tc()¶
-
-
class
test_ikev2.TestApi(methodName='runTest')¶ Bases:
framework.VppTestCaseTest IKEV2 API
-
configure_profile(cfg)¶
-
classmethod
setUpClass()¶ Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api
-
tearDown()¶ Show various debug prints after each test
-
classmethod
tearDownClass()¶ Perform final cleanup after running all tests in this test-case
-
test_profile_api()¶ test profile dump API
-
verify_auth(api_auth, cfg_auth)¶
-
verify_esp_transforms(api_ts, cfg_ts)¶
-
verify_id(api_id, cfg_id)¶
-
verify_ike_transforms(api_ts, cfg_ts)¶
-
verify_lifetime_data(p, ld)¶
-
verify_profile(ap, cp)¶
-
verify_responder(api_r, cfg_r)¶
-
verify_transforms(api_ts, cfg_ts)¶
-
verify_ts(api_ts, cfg_ts)¶
-
-
class
test_ikev2.TestInitiatorDelSAFromResponder(methodName='runTest')¶ Bases:
test_ikev2.TemplateInitiator,test_ikev2.Ikev2Paramstest ikev2 initiator - delete IKE SA from responder
-
config_tc()¶
-
-
class
test_ikev2.TestInitiatorKeepaliveMsg(methodName='runTest')¶ Bases:
test_ikev2.TestInitiatorPskTest for keep alive messages
-
send_empty_req_from_responder()¶
-
test_initiator()¶
-
-
class
test_ikev2.TestInitiatorNATT(methodName='runTest')¶ Bases:
test_ikev2.TemplateInitiator,test_ikev2.Ikev2Paramstest ikev2 initiator - NAT traversal (intitiator behind NAT)
-
config_tc()¶
-
-
class
test_ikev2.TestInitiatorPsk(methodName='runTest')¶ Bases:
test_ikev2.TemplateInitiator,test_ikev2.Ikev2Paramstest ikev2 initiator - pre shared key auth
-
config_tc()¶
-
-
class
test_ikev2.TestInitiatorRekey(methodName='runTest')¶ Bases:
test_ikev2.TestInitiatorPsktest ikev2 initiator - rekey
-
rekey_from_initiator()¶
-
test_initiator()¶
-
-
class
test_ikev2.TestInitiatorRequestWindowSize(methodName='runTest')¶ Bases:
test_ikev2.TestInitiatorPsktest initiator - request window size (1)
-
rekey_respond(req, update_child_sa_data)¶
-
test_initiator()¶
-
-
class
test_ikev2.TestMalformedMessages(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder,test_ikev2.Ikev2Paramsmalformed packet test
-
config_tc()¶
-
create_ike_init_msg(length=None, payload=None)¶
-
tearDown()¶ Show various debug prints after each test
-
test_responder()¶
-
verify_bad_packet_length()¶
-
verify_bad_sa_payload_length()¶
-
-
class
test_ikev2.TestResponderBehindNAT(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder,test_ikev2.Ikev2Paramstest responder - responder behind NAT
-
IKE_NODE_SUFFIX= 'ip4-natt'¶
-
config_tc()¶
-
-
class
test_ikev2.TestResponderDpd(methodName='runTest')¶ Bases:
test_ikev2.TestResponderPskDead peer detection test
-
config_tc()¶
-
tearDown()¶ Show various debug prints after each test
-
test_responder()¶
-
-
class
test_ikev2.TestResponderInitBehindNATT(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder,test_ikev2.Ikev2Paramstest ikev2 responder - initiator behind NAT
-
IKE_NODE_SUFFIX= 'ip4-natt'¶
-
config_tc()¶
-
-
class
test_ikev2.TestResponderPsk(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder,test_ikev2.Ikev2Paramstest ikev2 responder - pre shared key auth
-
config_tc()¶
-
-
class
test_ikev2.TestResponderRekey(methodName='runTest')¶ Bases:
test_ikev2.TestResponderPsktest ikev2 responder - rekey
-
rekey_from_initiator()¶
-
test_responder()¶
-
-
class
test_ikev2.TestResponderRsaSign(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder,test_ikev2.Ikev2Paramstest ikev2 responder - cert based auth
-
config_tc()¶
-
-
class
test_ikev2.TestResponderVrf(methodName='runTest')¶ Bases:
test_ikev2.TestResponderPsk,test_ikev2.Ikev2Paramstest ikev2 responder - non-default table id
-
config_tc()¶
-
classmethod
setUpClass()¶ Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api
-
test_responder()¶
-
-
class
test_ikev2.Test_IKE_AES_CBC_128_SHA256_128_MODP2048_ESP_AES_CBC_192_SHA_384_192(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder,test_ikev2.Ikev2ParamsIKE:AES_CBC_128_SHA256_128,DH=modp2048 ESP:AES_CBC_192_SHA_384_192
-
config_tc()¶
-
-
class
test_ikev2.Test_IKE_AES_GCM_16_256(methodName='runTest')¶ Bases:
test_ikev2.TemplateResponder,test_ikev2.Ikev2ParamsIKE:AES_GCM_16_256
-
IKE_NODE_SUFFIX= 'ip6'¶
-
config_tc()¶
-