| /////////////////////////////////////////////////////////////////////////////// |
| // Copyright (c) 2000-2019 Ericsson Telecom AB // |
| // // |
| // All rights reserved. This program and the accompanying materials // |
| // are made available under the terms of the Eclipse Public License v2.0 // |
| // which accompanies this distribution, and is available at // |
| // https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html // |
| /////////////////////////////////////////////////////////////////////////////// |
| module EPTF_Transport_IPsecHandler_TestCases { |
| |
| import from EPTF_Transport_IPsecHandler_Test_Definitions all; |
| import from EPTF_Transport_IPsecHandler_Test_Functions all; |
| import from TCCIPsec_XFRM_Definitions all; |
| import from TCCIPsec_Definitions all; |
| |
| import from EPTF_CLL_Transport_IPsecHandler_Functions all; |
| import from EPTF_CLL_Transport_Functions all; |
| import from EPTF_CLL_Base_Functions all; |
| |
| import from EPTF_CLL_Transport_IPsecHandler_Logging_Server_Definitions all; |
| import from EPTF_CLL_Transport_IPsecHandler_Logging_Server_Functions all; |
| |
| // starts with: |
| // sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSA_test |
| // creates SP and removes it, checks it with "ip addr policy" |
| testcase tc_Transport_IPsecHandler_createSP_test() runs on EPTF_Transport_IPsecHandler_Test_CT { |
| |
| f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSP_test"); |
| |
| |
| var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_srcPort := 44332; |
| var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_dstPort := 44333; |
| var integer pl_spi := 1; |
| var integer pl_lifeTime := 10; |
| var TCCIPsec_PolicyDirection pl_dir := outDir; |
| var TCCIPsec_Algorithm pl_algo := {encrAndAuth := { |
| ealgo := EALG_AESCBC,//EALG_NONE, |
| ekey := {text := "0123456789012345"}, |
| aalgo := AALG_MD5HMAC, |
| akey := {text := "0123456789012345"} |
| }}; |
| |
| |
| var XFRM_Result vl_XFRM_Result; |
| |
| var SPAddInfo vl_add_pol_info := { |
| update := true, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit}, |
| dir := OUT, |
| tmpl := { |
| { |
| src := omit, |
| dst := omit, |
| spi := 1, |
| reqid := 1, |
| share := omit, |
| ipsec := ESP, |
| mode := TRANSPORT, |
| level := use |
| } |
| }, |
| info := { |
| share := USER, |
| priority := omit, |
| policy_action := ALLOW, |
| index := omit, |
| interface_index := omit, |
| limits := { |
| soft_byte_limit := omit, |
| hard_byte_limit := omit, |
| soft_packet_limit := omit, |
| hard_packet_limit := omit, |
| soft_add_expires_seconds := 3600, |
| hard_add_expires_seconds := 3600, |
| soft_use_expires_seconds := omit, |
| hard_use_expires_seconds := omit |
| } |
| } |
| }; |
| |
| action("vl_add_pol_info: ", vl_add_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info); |
| action("createSP RESULT: ",vl_XFRM_Result); |
| |
| // check pol info by shell command: |
| //var charstring vl_command := "ip xfrm state"; |
| var charstring vl_command := "ip xfrm policy"; |
| var charstring vl_stdout, vl_stderr; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| var boolean vl_passResult := vl_stdout != "" and vl_stderr == ""; |
| |
| |
| // delete SP: |
| |
| var SPDelInfo vl_del_pol_info := { |
| dir := OUT, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit} |
| }; |
| |
| action("vl_del_pol_info: ", vl_del_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info); |
| action("deleteSP RESULT: ",vl_XFRM_Result); |
| |
| // check the result |
| |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == ""; |
| if (vl_passResult) { |
| setverdict (pass) |
| } else { |
| setverdict (fail, "Create/Delete SP failed") |
| } |
| |
| f_EPTF_Base_stop(none); |
| } |
| |
| // starts with: |
| // sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSA_test |
| // creates SA and removes it, checks it with "ip addr policy/state" |
| testcase tc_Transport_IPsecHandler_createSA_test() runs on EPTF_Transport_IPsecHandler_Test_CT { |
| |
| f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSA_test"); |
| |
| |
| var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_srcPort := 44332; |
| var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_dstPort := 44333; |
| var integer pl_spi := 1; |
| var integer pl_lifeTime := 10; |
| var TCCIPsec_PolicyDirection pl_dir := outDir; |
| var TCCIPsec_Algorithm pl_algo := {encrAndAuth := { |
| ealgo := EALG_AESCBC,//EALG_NONE, |
| ekey := {text := "0123456789012345"}, |
| aalgo := AALG_MD5HMAC, |
| akey := {text := "0123456789012345"} |
| }}; |
| |
| |
| var XFRM_Result vl_XFRM_Result; |
| |
| var SPAddInfo vl_add_pol_info := { |
| update := true, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit}, |
| dir := OUT, |
| tmpl := { |
| { |
| src := omit, |
| dst := omit, |
| spi := 1, |
| reqid := 1, |
| share := omit, |
| ipsec := ESP, |
| mode := TRANSPORT, |
| level := use |
| } |
| }, |
| info := { |
| share := USER, |
| priority := omit, |
| policy_action := ALLOW, |
| index := omit, |
| interface_index := omit, |
| limits := { |
| soft_byte_limit := omit, |
| hard_byte_limit := omit, |
| soft_packet_limit := omit, |
| hard_packet_limit := omit, |
| soft_add_expires_seconds := 3600, |
| hard_add_expires_seconds := 3600, |
| soft_use_expires_seconds := omit, |
| hard_use_expires_seconds := omit |
| } |
| } |
| }; |
| |
| action("vl_add_pol_info: ", vl_add_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info); |
| action("createSP RESULT: ",vl_XFRM_Result); |
| |
| var SAAddInfo vl_sa_add_info := { |
| update := omit, |
| protocol := TCP, |
| ipsec := ESP, |
| ipsec_algos := { |
| auth := { name := HMAC_MD5, key := {text:="0123456789012345"}}, |
| enc := { name := CBC_AES, key := {text:="0123456789012345"}} |
| }, |
| mode := TRANSPORT, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit}, |
| nat_t := omit,//{ESPINUDP,4500,4500,omit}, |
| info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}} |
| }; |
| |
| action("vl_sa_add_info: ", vl_sa_add_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info); |
| action("createSA RESULT: ",vl_XFRM_Result); |
| |
| |
| // check pol info by shell command: |
| //var charstring vl_command := "ip xfrm state"; |
| var charstring vl_command := "ip xfrm policy"; |
| var charstring vl_stdout, vl_stderr; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| var boolean vl_passResult := vl_stdout != "" and vl_stderr == ""; |
| |
| // check association info by shell command: |
| vl_command := "ip xfrm state"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout != "" and vl_stderr == ""; |
| |
| |
| // delete SP |
| |
| var SPDelInfo vl_del_pol_info := { |
| dir := OUT, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit} |
| }; |
| |
| action("vl_del_pol_info: ", vl_del_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info); |
| action("deleteSP RESULT: ",vl_XFRM_Result); |
| |
| |
| // delete SA: |
| |
| var SADelInfo vl_del_sa_info := { |
| proto := ESP, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit} |
| }; |
| |
| action("vl_del_sa_info: ", vl_del_sa_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info); |
| action("deleteSA RESULT: ",vl_XFRM_Result); |
| |
| // check the result: |
| |
| vl_command := "ip xfrm policy"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == ""; |
| |
| vl_command := "ip xfrm state"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == ""; |
| |
| |
| if (vl_passResult) { |
| setverdict (pass) |
| } else { |
| setverdict (fail, "Create/Delete SP/SA failed") |
| } |
| |
| f_EPTF_Base_stop(none); |
| } |
| |
| // starts with: |
| // sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSAWithLogging_test |
| // creates SA and removes it, checks it with "ip addr policy/state" |
| // This is the same test as tc_Transport_IPsecHandler_createSA_test but with IPSec logging enabled |
| testcase tc_Transport_IPsecHandler_createSAWithLogging_test() runs on EPTF_Transport_IPsecHandler_Test_CT { |
| |
| var EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT vl_loggingServer := EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT.create; |
| vl_loggingServer.start(f_EPTF_CLL_Transport_IPsecHandler_Logging_Server_behaviour("./", "IPsec.log")); |
| |
| f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSAWithLogging_test",vl_loggingServer); |
| |
| |
| var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_srcPort := 44332; |
| var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_dstPort := 44333; |
| var integer pl_spi := 1; |
| var integer pl_lifeTime := 10; |
| var TCCIPsec_PolicyDirection pl_dir := outDir; |
| var TCCIPsec_Algorithm pl_algo := {encrAndAuth := { |
| ealgo := EALG_AESCBC,//EALG_NONE, |
| ekey := {text := "0123456789012345"}, |
| aalgo := AALG_MD5HMAC, |
| akey := {text := "0123456789012345"} |
| }}; |
| |
| |
| var XFRM_Result vl_XFRM_Result; |
| |
| var SPAddInfo vl_add_pol_info := { |
| update := true, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit}, |
| dir := OUT, |
| tmpl := { |
| { |
| src := omit, |
| dst := omit, |
| spi := 1, |
| reqid := 1, |
| share := omit, |
| ipsec := ESP, |
| mode := TRANSPORT, |
| level := use |
| } |
| }, |
| info := { |
| share := USER, |
| priority := omit, |
| policy_action := ALLOW, |
| index := omit, |
| interface_index := omit, |
| limits := { |
| soft_byte_limit := omit, |
| hard_byte_limit := omit, |
| soft_packet_limit := omit, |
| hard_packet_limit := omit, |
| soft_add_expires_seconds := 3600, |
| hard_add_expires_seconds := 3600, |
| soft_use_expires_seconds := omit, |
| hard_use_expires_seconds := omit |
| } |
| } |
| }; |
| |
| action("vl_add_pol_info: ", vl_add_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info); |
| action("createSP RESULT: ",vl_XFRM_Result); |
| |
| var SAAddInfo vl_sa_add_info := { |
| update := omit, |
| protocol := TCP, |
| ipsec := ESP, |
| ipsec_algos := { |
| auth := { name := HMAC_MD5, key := {text:="0123456789012345"}}, |
| enc := { name := CBC_AES, key := {text:="0123456789012345"}} |
| }, |
| mode := TRANSPORT, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit}, |
| nat_t := omit,//{ESPINUDP,4500,4500,omit}, |
| info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}} |
| }; |
| |
| action("vl_sa_add_info: ", vl_sa_add_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info); |
| action("createSA RESULT: ",vl_XFRM_Result); |
| |
| |
| // check pol info by shell command: |
| //var charstring vl_command := "ip xfrm state"; |
| var charstring vl_command := "ip xfrm policy"; |
| var charstring vl_stdout, vl_stderr; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| var boolean vl_passResult := vl_stdout != "" and vl_stderr == ""; |
| |
| // check association info by shell command: |
| vl_command := "ip xfrm state"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout != "" and vl_stderr == ""; |
| |
| |
| // delete SP |
| |
| var SPDelInfo vl_del_pol_info := { |
| dir := OUT, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit} |
| }; |
| |
| action("vl_del_pol_info: ", vl_del_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info); |
| action("deleteSP RESULT: ",vl_XFRM_Result); |
| |
| |
| // delete SA: |
| |
| var SADelInfo vl_del_sa_info := { |
| proto := ESP, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit} |
| }; |
| |
| action("vl_del_sa_info: ", vl_del_sa_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info); |
| action("deleteSA RESULT: ",vl_XFRM_Result); |
| |
| // check the result: |
| |
| vl_command := "ip xfrm policy"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == ""; |
| |
| vl_command := "ip xfrm state"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == ""; |
| |
| |
| // check IPsec.log created by the server: |
| vl_command := "cat IPsec.log"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| if (vl_stdout == "" or vl_stderr != "") { |
| setverdict(fail, "The IPsecLogging failed to create the log") |
| } else { |
| action("Content of IPsec logfile: "& vl_stdout); |
| } |
| |
| |
| if (vl_passResult) { |
| setverdict (pass) |
| } else { |
| setverdict (fail, "Create/Delete SP/SA failed") |
| } |
| |
| f_EPTF_Base_stop(none); |
| } |
| |
| // starts with: |
| // sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSA_test |
| // creates more then one SP/SA and removes them with flushSA/SP it, checks it with "ip addr policy/state" |
| testcase tc_Transport_IPsecHandler_flushSASP_test() runs on EPTF_Transport_IPsecHandler_Test_CT { |
| |
| f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSA_test"); |
| |
| |
| var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_srcPort := 44332; |
| var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_dstPort := 44333; |
| var integer pl_spi := 1; |
| var integer pl_lifeTime := 10; |
| var TCCIPsec_PolicyDirection pl_dir := outDir; |
| var TCCIPsec_Algorithm pl_algo := {encrAndAuth := { |
| ealgo := EALG_AESCBC,//EALG_NONE, |
| ekey := {text := "0123456789012345"}, |
| aalgo := AALG_MD5HMAC, |
| akey := {text := "0123456789012345"} |
| }}; |
| |
| |
| var XFRM_Result vl_XFRM_Result; |
| |
| var SPAddInfo vl_add_pol_info := { |
| update := true, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit}, |
| dir := OUT, |
| tmpl := { |
| { |
| src := omit, |
| dst := omit, |
| spi := 1, |
| reqid := 1, |
| share := omit, |
| ipsec := ESP, |
| mode := TRANSPORT, |
| level := use |
| } |
| }, |
| info := { |
| share := USER, |
| priority := omit, |
| policy_action := ALLOW, |
| index := omit, |
| interface_index := omit, |
| limits := { |
| soft_byte_limit := omit, |
| hard_byte_limit := omit, |
| soft_packet_limit := omit, |
| hard_packet_limit := omit, |
| soft_add_expires_seconds := 3600, |
| hard_add_expires_seconds := 3600, |
| soft_use_expires_seconds := omit, |
| hard_use_expires_seconds := omit |
| } |
| } |
| }; |
| |
| action("vl_add_pol_info: ", vl_add_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info); |
| action("createSP RESULT: ",vl_XFRM_Result); |
| |
| vl_add_pol_info := { |
| update := true, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort+100,omit}, |
| dst := {pl_dstAddr,pl_dstPort+100,omit}, |
| dir := OUT, |
| tmpl := { |
| { |
| src := omit, |
| dst := omit, |
| spi := 2, |
| reqid := 2, |
| share := omit, |
| ipsec := ESP, |
| mode := TRANSPORT, |
| level := use |
| } |
| }, |
| info := { |
| share := USER, |
| priority := omit, |
| policy_action := ALLOW, |
| index := omit, |
| interface_index := omit, |
| limits := { |
| soft_byte_limit := omit, |
| hard_byte_limit := omit, |
| soft_packet_limit := omit, |
| hard_packet_limit := omit, |
| soft_add_expires_seconds := 3600, |
| hard_add_expires_seconds := 3600, |
| soft_use_expires_seconds := omit, |
| hard_use_expires_seconds := omit |
| } |
| } |
| }; action("vl_add_pol_info: ", vl_add_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info); |
| action("createSP RESULT: ",vl_XFRM_Result); |
| |
| var SAAddInfo vl_sa_add_info := { |
| update := omit, |
| protocol := TCP, |
| ipsec := ESP, |
| ipsec_algos := { |
| auth := { name := HMAC_MD5, key := {text:="0123456789012345"}}, |
| enc := { name := CBC_AES, key := {text:="0123456789012345"}} |
| }, |
| mode := TRANSPORT, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit}, |
| nat_t := omit,//{ESPINUDP,4500,4500,omit}, |
| info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}} |
| }; |
| |
| action("vl_sa_add_info: ", vl_sa_add_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info); |
| action("createSA RESULT: ",vl_XFRM_Result); |
| |
| vl_sa_add_info := { |
| update := omit, |
| protocol := TCP, |
| ipsec := ESP, |
| ipsec_algos := { |
| auth := { name := HMAC_MD5, key := {text:="0123456789012345"}}, |
| enc := { name := CBC_AES, key := {text:="0123456789012345"}} |
| }, |
| mode := TRANSPORT, |
| spi := 2, |
| src := {pl_srcAddr,pl_srcPort+100, omit}, |
| dst := {pl_dstAddr,pl_dstPort+100, omit}, |
| nat_t := omit,//{ESPINUDP,4500,4500,omit}, |
| info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}} |
| }; |
| |
| action("vl_sa_add_info: ", vl_sa_add_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info); |
| action("createSA RESULT: ",vl_XFRM_Result); |
| |
| |
| // check pol info by shell command: |
| //var charstring vl_command := "ip xfrm state"; |
| var charstring vl_command := "ip xfrm policy"; |
| var charstring vl_stdout, vl_stderr; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| var boolean vl_passResult := vl_stdout != "" and vl_stderr == ""; |
| |
| // check association info by shell command: |
| vl_command := "ip xfrm state"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout != "" and vl_stderr == ""; |
| |
| |
| // delete all SA/SP with the flush functions: |
| |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_flushSP(); |
| action("flushSP RESULT: ",vl_XFRM_Result); |
| |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_flushSA(); |
| action("flushSA RESULT: ",vl_XFRM_Result); |
| |
| // check the result: |
| vl_command := "ip xfrm policy"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == ""; |
| |
| vl_command := "ip xfrm state"; |
| if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) { |
| setverdict(inconc,"Cannot execute the command "&vl_command); |
| } |
| action("Result: ", vl_stdout, " errors: ",vl_stderr); |
| vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == ""; |
| |
| |
| if (vl_passResult) { |
| setverdict (pass) |
| } else { |
| setverdict (fail, "flush SA/SP failed") |
| } |
| |
| f_EPTF_Base_stop(none); |
| } |
| |
| // client(B) + server(A) (uses same host, => no encryption) without sudo there is no enrcyption either |
| // starts with: |
| // sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_basic_SA_testAB |
| // creates IPsec connection B-->A, no encryption!!, message is sent from B to A |
| testcase tc_Transport_IPsecHandler_basic_SA_testAB() runs on EPTF_Transport_IPsecHandler_Test_CT { |
| |
| f_EPTF_Transport_IPsecHandler_init_CT("Transport_IPsecHandler_basic_SA_testAB"); |
| |
| // from function f_IMS_SIP_Auth_AKA_createIPSecSA |
| |
| |
| var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_srcPort := 44332; |
| var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_dstPort := 44333; |
| var integer pl_spi := 1; |
| var integer pl_lifeTime := 10; |
| var TCCIPsec_PolicyDirection pl_dir := outDir; |
| var TCCIPsec_Algorithm pl_algo := {encrAndAuth := { |
| ealgo := EALG_AESCBC,//EALG_NONE, |
| ekey := {text := "0123456789012345"}, |
| aalgo := AALG_MD5HMAC, |
| akey := {text := "0123456789012345"} |
| }}; |
| |
| |
| var XFRM_Result vl_XFRM_Result; |
| |
| var SPAddInfo vl_add_pol_info := { |
| update := true, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit}, |
| dir := OUT, |
| tmpl := { |
| { |
| src := omit, |
| dst := omit, |
| spi := 1, |
| reqid := 1, |
| share := omit, |
| ipsec := ESP, |
| mode := TRANSPORT, |
| level := use |
| } |
| }, |
| info := { |
| share := USER, |
| priority := omit, |
| policy_action := ALLOW, |
| index := omit, |
| interface_index := omit, |
| limits := { |
| soft_byte_limit := omit, |
| hard_byte_limit := omit, |
| soft_packet_limit := omit, |
| hard_packet_limit := omit, |
| soft_add_expires_seconds := 3600, |
| hard_add_expires_seconds := 3600, |
| soft_use_expires_seconds := omit, |
| hard_use_expires_seconds := omit |
| } |
| } |
| }; |
| |
| action("vl_add_pol_info: ", vl_add_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info); |
| action("createSP RESULT: ",vl_XFRM_Result); |
| |
| var SAAddInfo vl_sa_add_info := { |
| update := omit, |
| protocol := TCP, |
| ipsec := ESP, |
| ipsec_algos := { |
| auth := { name := HMAC_MD5, key := {text:="0123456789012345"}}, |
| enc := { name := CBC_AES, key := {text:="0123456789012345"}} |
| }, |
| mode := TRANSPORT, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit}, |
| nat_t := omit,//{ESPINUDP,4500,4500,omit}, |
| info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}} |
| }; |
| |
| action("vl_sa_add_info: ", vl_sa_add_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info); |
| action("createSA RESULT: ",vl_XFRM_Result); |
| |
| |
| var integer vl_connId; |
| var integer vl_listenId; |
| |
| f_EPTF_Transport_IPsecHandler_Test_createConnection( |
| pl_transportType := IPL4, |
| pl_proto := {tcp := {}}, |
| pl_srcAddr := pl_srcAddr, |
| pl_srcPort := pl_srcPort, |
| pl_dstAddr := pl_dstAddr, |
| pl_dstPort := pl_dstPort, |
| pl_listenId := vl_listenId, |
| pl_connId := vl_connId |
| ); |
| |
| f_EPTF_Transport_IPsecHandler_Test_sendMsg( |
| pl_transportType := IPL4, |
| pl_connId := vl_connId, |
| pl_msg := '0102030405060708'O, |
| pl_proto := {tcp := {}} |
| ); |
| |
| |
| f_EPTF_Transport_IPsecHandler_Test_closeConnection( IPL4, vl_connId, vl_listenId); |
| |
| |
| var SPDelInfo vl_del_pol_info := { |
| dir := OUT, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit} |
| }; |
| |
| action("vl_del_pol_info: ", vl_del_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info); |
| action("deleteSP RESULT: ",vl_XFRM_Result); |
| |
| var SADelInfo vl_del_sa_info := { |
| proto := ESP, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit} |
| }; |
| |
| action("vl_del_sa_info: ", vl_del_sa_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info); |
| action("deleteSA RESULT: ",vl_XFRM_Result); |
| |
| |
| f_EPTF_Base_stop(none); |
| } |
| |
| // server: runs on toolserver159, |
| // starts with: |
| // sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_basic_SA_testA_Manual |
| // creates IPsec connection B-->A, message should be received from B |
| // should be started before tc_Transport_IPsecHandler_basic_SA_testB_Manual |
| testcase tc_Transport_IPsecHandler_basic_SA_testA_Manual() runs on EPTF_Transport_IPsecHandler_Test_CT { |
| |
| f_EPTF_Transport_IPsecHandler_init_CT("Transport_IPsecHandler_basic_SA_testA"); |
| |
| // from function f_IMS_SIP_Auth_AKA_createIPSecSA |
| |
| |
| var charstring pl_srcAddr := "6.0.0.86";//"127.0.0.1"; |
| var integer pl_srcPort := 44332; |
| var charstring pl_dstAddr := "6.0.0.159";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_dstPort := 44333; |
| var integer pl_spi := 1; |
| var integer pl_lifeTime := 10; |
| var TCCIPsec_PolicyDirection pl_dir := outDir; |
| var TCCIPsec_Algorithm pl_algo := {encrAndAuth := { |
| ealgo := EALG_AESCBC,//EALG_NONE, |
| ekey := {text := "0123456789012345"}, |
| aalgo := AALG_MD5HMAC, |
| akey := {text := "0123456789012345"} |
| }}; |
| |
| |
| var XFRM_Result vl_XFRM_Result; |
| |
| var SPAddInfo vl_add_pol_info := { |
| update := true, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit}, |
| dir := OUT, |
| tmpl := { |
| { |
| src := omit, |
| dst := omit, |
| spi := 1, |
| reqid := 1, |
| share := omit, |
| ipsec := ESP, |
| mode := TRANSPORT, |
| level := use |
| } |
| }, |
| info := { |
| share := USER, |
| priority := omit, |
| policy_action := ALLOW, |
| index := omit, |
| interface_index := omit, |
| limits := { |
| soft_byte_limit := omit, |
| hard_byte_limit := omit, |
| soft_packet_limit := omit, |
| hard_packet_limit := omit, |
| soft_add_expires_seconds := 3600, |
| hard_add_expires_seconds := 3600, |
| soft_use_expires_seconds := omit, |
| hard_use_expires_seconds := omit |
| } |
| } |
| }; |
| |
| action("vl_add_pol_info: ", vl_add_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info); |
| action("createSP RESULT: ",vl_XFRM_Result); |
| |
| var SAAddInfo vl_sa_add_info := { |
| update := omit, |
| protocol := TCP, |
| ipsec := ESP, |
| ipsec_algos := { |
| auth := { name := HMAC_MD5, key := {text:="0123456789012345"}}, |
| enc := { name := CBC_AES, key := {text:="0123456789012345"}} |
| }, |
| mode := TRANSPORT, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit}, |
| nat_t := omit,//{ESPINUDP,4500,4500,omit}, |
| info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}} |
| }; |
| |
| action("vl_sa_add_info: ", vl_sa_add_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info); |
| action("createSA RESULT: ",vl_XFRM_Result); |
| |
| |
| var integer vl_listenId; |
| |
| f_EPTF_Transport_IPsecHandler_Test_listen( |
| pl_transportType := IPL4, |
| pl_proto := {tcp := {}}, |
| pl_srcAddr := pl_srcAddr, |
| pl_srcPort := pl_srcPort, |
| pl_dstAddr := pl_dstAddr, |
| pl_dstPort := pl_dstPort, |
| pl_listenId := vl_listenId |
| ); |
| |
| timer t_wait := 20.0; |
| t_wait.start; |
| t_wait.timeout; // wait for connection... |
| |
| f_EPTF_Transport_IPsecHandler_Test_closeConnection( IPL4, -1, vl_listenId); |
| |
| |
| var SPDelInfo vl_del_pol_info := { |
| dir := OUT, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit} |
| }; |
| |
| action("vl_del_pol_info: ", vl_del_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info); |
| action("deleteSP RESULT: ",vl_XFRM_Result); |
| |
| var SADelInfo vl_del_sa_info := { |
| proto := ESP, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit} |
| }; |
| |
| action("vl_del_sa_info: ", vl_del_sa_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info); |
| action("deleteSA RESULT: ",vl_XFRM_Result); |
| |
| |
| f_EPTF_Base_stop(none); |
| } |
| |
| // client: runs on toolserver086 |
| // starts with: |
| // sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_basic_SA_testB_Manual |
| // creates IPsec connection B-->A and send a message to A, |
| // should be started after tc_Transport_IPsecHandler_basic_SA_testA_Manual |
| testcase tc_Transport_IPsecHandler_basic_SA_testB_Manual() runs on EPTF_Transport_IPsecHandler_Test_CT { |
| |
| f_EPTF_Transport_IPsecHandler_init_CT("Transport_IPsecHandler_basic_SA_testB"); |
| |
| // from function f_IMS_SIP_Auth_AKA_createIPSecSA |
| |
| |
| var charstring pl_srcAddr := "6.0.0.86";//"127.0.0.1"; |
| var integer pl_srcPort := 44332; |
| var charstring pl_dstAddr := "6.0.0.159";//"6.0.0.86";//"127.0.0.1"; |
| var integer pl_dstPort := 44333; |
| var integer pl_spi := 1; |
| var integer pl_lifeTime := 10; |
| var TCCIPsec_PolicyDirection pl_dir := outDir; |
| var TCCIPsec_Algorithm pl_algo := {encrAndAuth := { |
| ealgo := EALG_AESCBC,//EALG_NONE, |
| ekey := {text := "0123456789012345"}, |
| aalgo := AALG_MD5HMAC, |
| akey := {text := "0123456789012345"} |
| }}; |
| |
| |
| var XFRM_Result vl_XFRM_Result; |
| |
| var SPAddInfo vl_add_pol_info := { |
| update := true, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit}, |
| dir := OUT, |
| tmpl := { |
| { |
| src := omit, |
| dst := omit, |
| spi := 1, |
| reqid := 1, |
| share := omit, |
| ipsec := ESP, |
| mode := TRANSPORT, |
| level := use |
| } |
| }, |
| info := { |
| share := USER, |
| priority := omit, |
| policy_action := ALLOW, |
| index := omit, |
| interface_index := omit, |
| limits := { |
| soft_byte_limit := omit, |
| hard_byte_limit := omit, |
| soft_packet_limit := omit, |
| hard_packet_limit := omit, |
| soft_add_expires_seconds := 3600, |
| hard_add_expires_seconds := 3600, |
| soft_use_expires_seconds := omit, |
| hard_use_expires_seconds := omit |
| } |
| } |
| }; |
| |
| action("vl_add_pol_info: ", vl_add_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info); |
| action("createSP RESULT: ",vl_XFRM_Result); |
| |
| var SAAddInfo vl_sa_add_info := { |
| update := omit, |
| protocol := TCP, |
| ipsec := ESP, |
| ipsec_algos := { |
| auth := { name := HMAC_MD5, key := {text:="0123456789012345"}}, |
| enc := { name := CBC_AES, key := {text:="0123456789012345"}} |
| }, |
| mode := TRANSPORT, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit}, |
| nat_t := omit,//{ESPINUDP,4500,4500,omit}, |
| info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}} |
| }; |
| |
| action("vl_sa_add_info: ", vl_sa_add_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info); |
| action("createSA RESULT: ",vl_XFRM_Result); |
| |
| |
| var integer vl_connId; |
| |
| f_EPTF_Transport_IPsecHandler_Test_connect( |
| pl_transportType := IPL4, |
| pl_proto := {tcp := {}}, |
| pl_srcAddr := pl_srcAddr, |
| pl_srcPort := pl_srcPort, |
| pl_dstAddr := pl_dstAddr, |
| pl_dstPort := pl_dstPort, |
| pl_connId := vl_connId |
| ); |
| |
| f_EPTF_Transport_IPsecHandler_Test_sendMsg( |
| pl_transportType := IPL4, |
| pl_connId := vl_connId, |
| pl_msg := '0102030405060708'O, |
| pl_proto := {tcp := {}} |
| ); |
| |
| timer t_wait := 10.0; |
| t_wait.start; t_wait.timeout; |
| f_EPTF_Transport_IPsecHandler_Test_closeConnection( IPL4, vl_connId, -1); |
| |
| |
| var SPDelInfo vl_del_pol_info := { |
| dir := OUT, |
| protocol := TCP, |
| src := {pl_srcAddr,pl_srcPort,omit}, |
| dst := {pl_dstAddr,pl_dstPort,omit} |
| }; |
| |
| action("vl_del_pol_info: ", vl_del_pol_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info); |
| action("deleteSP RESULT: ",vl_XFRM_Result); |
| |
| var SADelInfo vl_del_sa_info := { |
| proto := ESP, |
| spi := 1, |
| src := {pl_srcAddr,pl_srcPort, omit}, |
| dst := {pl_dstAddr,pl_dstPort, omit} |
| }; |
| |
| action("vl_del_sa_info: ", vl_del_sa_info); |
| vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info); |
| action("deleteSA RESULT: ",vl_XFRM_Result); |
| |
| |
| f_EPTF_Base_stop(pass); |
| } |
| |
| control { |
| execute(tc_Transport_IPsecHandler_basic_SA_testAB()); |
| } |
| |
| } // module |