2.56. test_ikev2 module¶

class test_ikev2.AuthAlgo(name, mac, mod, key_len, trunc_len=None)¶: Bases: object

class test_ikev2.CryptoAlgo(name, cipher, mode)¶

Bases: object

decrypt(data, key, aad=None, icv=None)¶

encrypt(data, key, aad=None)¶

pad(data)¶

class test_ikev2.IKEv2ChildSA(local_ts, remote_ts, is_initiator)¶: Bases: object

class test_ikev2.IKEv2SA(test, is_initiator=True, i_id=None, r_id=None, spi=b'\x01\x02\x03\x04\x05\x06\x07\x08', id_type='fqdn', nonce=None, auth_data=None, local_ts=None, remote_ts=None, auth_method='shared-key', priv_key=None, i_natt=False, r_natt=False, udp_encap=False)¶

Bases: object

auth_init()¶

build_ts_addr(ts, version)¶

calc_child_keys()¶

calc_keys()¶

calc_prf(prf, key, data)¶

calc_prfplus(prf, key, seed, length)¶

complete_dh_data()¶

compute_hmac(integ, key, data)¶

compute_nat_sha1(ip, port, rspi=None)¶

compute_secret()¶

concat(alg, key_len)¶

crypto_attr(key_len)¶

decrypt(data, aad=None, icv=None)¶

encrypt(data, aad=None)¶

esp_crypto_attr()¶

generate_authmsg(prf, packet)¶

generate_dh_data()¶

generate_ts(is_ip4)¶

hmac_and_decrypt(ike)¶

ike_crypto_attr()¶

property my_authkey¶

property my_cryptokey¶

property my_dh_pub_key¶

property natt¶

new_msg_id()¶

property peer_authkey¶

property peer_cryptokey¶

property peer_dh_pub_key¶

set_esp_props(crypto, crypto_key_len, integ)¶

set_ike_props(crypto, crypto_key_len, integ, prf, dh)¶

verify_hmac(ikemsg)¶

property vpp_esp_cypto_alg¶

property vpp_ike_cypto_alg¶

class test_ikev2.IkePeer(methodName='runTest')¶

Bases: framework.VppTestCase

common class for initiator and responder

assert_counter(count, name, version='ip4')¶

create_empty_request()¶

create_packet(src_if, msg, sport=500, dport=500, natt=False, use_ip6=False)¶

create_rekey_request()¶

encrypt_ike_msg(header, plain, first_payload)¶

get_ike_header(packet)¶

setUp()¶: Clear trace before running each test

classmethod setUpClass()¶: Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

tearDown()¶: Show various debug prints after each test

classmethod tearDownClass()¶: Perform final cleanup after running all tests in this test-case

verify_and_remove_non_esp_marker(packet)¶

verify_id(api_id, exp_id)¶

verify_ike_sas()¶

verify_ipsec_sas(is_rekey=False)¶

verify_keymat(api_keys, keys, name)¶

verify_nonce(api_nonce, nonce)¶

verify_ts(api_ts, ts, is_initiator)¶

verify_udp(udp)¶

verify_udp_encap(ipsec_sa)¶

class test_ikev2.Ikev2Params¶

Bases: object

config_params(params={})¶

class test_ikev2.TemplateInitiator(methodName='runTest')¶

Bases: test_ikev2.IkePeer

initiator test template

static find_notify_payload(packet, notify_type)¶

initiate_del_sa_from_initiator()¶

initiate_del_sa_from_responder()¶

initiate_sa_init()¶

send_auth_response()¶

send_init_response()¶

test_initiator()¶

update_esp_transforms(trans, sa)¶

verify_del_sa(packet)¶

verify_nat_detection(packet)¶

verify_sa_auth_req(packet)¶

verify_sa_init_request(packet)¶

class test_ikev2.TemplateResponder(methodName='runTest')¶

Bases: test_ikev2.IkePeer

responder test template

IKE_NODE_SUFFIX = 'ip4'¶

generate_auth_payload(last_payload=None, is_rekey=False)¶

initiate_del_sa_from_initiator()¶

initiate_del_sa_from_responder()¶

send_sa_auth()¶

send_sa_init_req()¶

test_responder()¶

verify_counters()¶

verify_del_sa(packet)¶

verify_sa_auth_resp(packet)¶

verify_sa_init(packet)¶

class test_ikev2.TestAES_CBC_128_SHA256_128_MODP3072_ESP_AES_GCM_16(methodName='runTest')¶

Bases: test_ikev2.TemplateResponder, test_ikev2.Ikev2Params

IKE:AES_CBC_128_SHA256_128,DH=modp3072 ESP:AES_GCM_16

config_tc()¶

test_tags = [<TestCaseTag.FIXME_VPP_WORKERS: 2>]¶

class test_ikev2.TestApi(methodName='runTest')¶

Bases: framework.VppTestCase

Test IKEV2 API

configure_profile(cfg)¶

classmethod setUpClass()¶: Perform class setup before running the testcase Remove shared memory files, start vpp and connect the vpp-api

tearDown()¶: Show various debug prints after each test

classmethod tearDownClass()¶: Perform final cleanup after running all tests in this test-case

test_profile_api()¶: test profile dump API

verify_auth(api_auth, cfg_auth)¶

verify_esp_transforms(api_ts, cfg_ts)¶

verify_id(api_id, cfg_id)¶

verify_ike_transforms(api_ts, cfg_ts)¶

verify_lifetime_data(p, ld)¶

verify_profile(ap, cp)¶

verify_responder(api_r, cfg_r)¶

verify_transforms(api_ts, cfg_ts)¶

verify_ts(api_ts, cfg_ts)¶

class test_ikev2.TestInitiatorDelSAFromResponder(methodName='runTest')¶

Bases: test_ikev2.TemplateInitiator, test_ikev2.Ikev2Params

test ikev2 initiator - delete IKE SA from responder

config_tc()¶

test_tags = [<TestCaseTag.FIXME_VPP_WORKERS: 2>]¶

class test_ikev2.TestInitiatorKeepaliveMsg(methodName='runTest')¶

Bases: test_ikev2.TestInitiatorPsk

Test for keep alive messages

send_empty_req_from_responder()¶

test_initiator()¶

class test_ikev2.TestInitiatorNATT(methodName='runTest')¶

Bases: test_ikev2.TemplateInitiator, test_ikev2.Ikev2Params

test ikev2 initiator - NAT traversal (intitiator behind NAT)

config_tc()¶

test_tags = [<TestCaseTag.FIXME_VPP_WORKERS: 2>]¶

class test_ikev2.TestInitiatorPsk(methodName='runTest')¶

Bases: test_ikev2.TemplateInitiator, test_ikev2.Ikev2Params

test ikev2 initiator - pre shared key auth

config_tc()¶

test_tags = [<TestCaseTag.FIXME_VPP_WORKERS: 2>, <TestCaseTag.FIXME_VPP_WORKERS: 2>, <TestCaseTag.FIXME_VPP_WORKERS: 2>, <TestCaseTag.FIXME_VPP_WORKERS: 2>]¶