Google Git
Sign in
eclipse / titan / titan.Libraries.CLL / a1c7f90f93ac5396c409fa3d980eaed3881d89f9 / . / test / Transport / EPTF_Transport_IPsecHandler_Test_TestCases.ttcn
blob: 65c4401ccfc4a1f6c99f273b6d9d6991def72f5a [file] [log] [blame]
///////////////////////////////////////////////////////////////////////////////
// Copyright (c) 2000-2019 Ericsson Telecom AB //
// //
// All rights reserved. This program and the accompanying materials //
// are made available under the terms of the Eclipse Public License v2.0 //
// which accompanies this distribution, and is available at //
// https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html //
///////////////////////////////////////////////////////////////////////////////
module EPTF_Transport_IPsecHandler_TestCases {
import from EPTF_Transport_IPsecHandler_Test_Definitions all;
import from EPTF_Transport_IPsecHandler_Test_Functions all;
import from TCCIPsec_XFRM_Definitions all;
import from TCCIPsec_Definitions all;
import from EPTF_CLL_Transport_IPsecHandler_Functions all;
import from EPTF_CLL_Transport_Functions all;
import from EPTF_CLL_Base_Functions all;
import from EPTF_CLL_Transport_IPsecHandler_Logging_Server_Definitions all;
import from EPTF_CLL_Transport_IPsecHandler_Logging_Server_Functions all;
// starts with:
// sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSA_test
// creates SP and removes it, checks it with "ip addr policy"
testcase tc_Transport_IPsecHandler_createSP_test() runs on EPTF_Transport_IPsecHandler_Test_CT {
f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSP_test");
var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
var integer pl_srcPort := 44332;
var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
var integer pl_dstPort := 44333;
var integer pl_spi := 1;
var integer pl_lifeTime := 10;
var TCCIPsec_PolicyDirection pl_dir := outDir;
var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
ealgo := EALG_AESCBC,//EALG_NONE,
ekey := {text := "0123456789012345"},
aalgo := AALG_MD5HMAC,
akey := {text := "0123456789012345"}
}};
var XFRM_Result vl_XFRM_Result;
var SPAddInfo vl_add_pol_info := {
update := true,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit},
dir := OUT,
tmpl := {
{
src := omit,
dst := omit,
spi := 1,
reqid := 1,
share := omit,
ipsec := ESP,
mode := TRANSPORT,
level := use
}
},
info := {
share := USER,
priority := omit,
policy_action := ALLOW,
index := omit,
interface_index := omit,
limits := {
soft_byte_limit := omit,
hard_byte_limit := omit,
soft_packet_limit := omit,
hard_packet_limit := omit,
soft_add_expires_seconds := 3600,
hard_add_expires_seconds := 3600,
soft_use_expires_seconds := omit,
hard_use_expires_seconds := omit
}
}
};
action("vl_add_pol_info: ", vl_add_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
action("createSP RESULT: ",vl_XFRM_Result);
// check pol info by shell command:
//var charstring vl_command := "ip xfrm state";
var charstring vl_command := "ip xfrm policy";
var charstring vl_stdout, vl_stderr;
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
var boolean vl_passResult := vl_stdout != "" and vl_stderr == "";
// delete SP:
var SPDelInfo vl_del_pol_info := {
dir := OUT,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit}
};
action("vl_del_pol_info: ", vl_del_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
action("deleteSP RESULT: ",vl_XFRM_Result);
// check the result
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";
if (vl_passResult) {
setverdict (pass)
} else {
setverdict (fail, "Create/Delete SP failed")
}
f_EPTF_Base_stop(none);
}
// starts with:
// sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSA_test
// creates SA and removes it, checks it with "ip addr policy/state"
testcase tc_Transport_IPsecHandler_createSA_test() runs on EPTF_Transport_IPsecHandler_Test_CT {
f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSA_test");
var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
var integer pl_srcPort := 44332;
var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
var integer pl_dstPort := 44333;
var integer pl_spi := 1;
var integer pl_lifeTime := 10;
var TCCIPsec_PolicyDirection pl_dir := outDir;
var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
ealgo := EALG_AESCBC,//EALG_NONE,
ekey := {text := "0123456789012345"},
aalgo := AALG_MD5HMAC,
akey := {text := "0123456789012345"}
}};
var XFRM_Result vl_XFRM_Result;
var SPAddInfo vl_add_pol_info := {
update := true,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit},
dir := OUT,
tmpl := {
{
src := omit,
dst := omit,
spi := 1,
reqid := 1,
share := omit,
ipsec := ESP,
mode := TRANSPORT,
level := use
}
},
info := {
share := USER,
priority := omit,
policy_action := ALLOW,
index := omit,
interface_index := omit,
limits := {
soft_byte_limit := omit,
hard_byte_limit := omit,
soft_packet_limit := omit,
hard_packet_limit := omit,
soft_add_expires_seconds := 3600,
hard_add_expires_seconds := 3600,
soft_use_expires_seconds := omit,
hard_use_expires_seconds := omit
}
}
};
action("vl_add_pol_info: ", vl_add_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
action("createSP RESULT: ",vl_XFRM_Result);
var SAAddInfo vl_sa_add_info := {
update := omit,
protocol := TCP,
ipsec := ESP,
ipsec_algos := {
auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
enc := { name := CBC_AES, key := {text:="0123456789012345"}}
},
mode := TRANSPORT,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit},
nat_t := omit,//{ESPINUDP,4500,4500,omit},
info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
};
action("vl_sa_add_info: ", vl_sa_add_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
action("createSA RESULT: ",vl_XFRM_Result);
// check pol info by shell command:
//var charstring vl_command := "ip xfrm state";
var charstring vl_command := "ip xfrm policy";
var charstring vl_stdout, vl_stderr;
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
var boolean vl_passResult := vl_stdout != "" and vl_stderr == "";
// check association info by shell command:
vl_command := "ip xfrm state";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout != "" and vl_stderr == "";
// delete SP
var SPDelInfo vl_del_pol_info := {
dir := OUT,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit}
};
action("vl_del_pol_info: ", vl_del_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
action("deleteSP RESULT: ",vl_XFRM_Result);
// delete SA:
var SADelInfo vl_del_sa_info := {
proto := ESP,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit}
};
action("vl_del_sa_info: ", vl_del_sa_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
action("deleteSA RESULT: ",vl_XFRM_Result);
// check the result:
vl_command := "ip xfrm policy";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";
vl_command := "ip xfrm state";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";
if (vl_passResult) {
setverdict (pass)
} else {
setverdict (fail, "Create/Delete SP/SA failed")
}
f_EPTF_Base_stop(none);
}
// starts with:
// sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSAWithLogging_test
// creates SA and removes it, checks it with "ip addr policy/state"
// This is the same test as tc_Transport_IPsecHandler_createSA_test but with IPSec logging enabled
testcase tc_Transport_IPsecHandler_createSAWithLogging_test() runs on EPTF_Transport_IPsecHandler_Test_CT {
var EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT vl_loggingServer := EPTF_CLL_Transport_IPsecHandler_Logging_Server_CT.create;
vl_loggingServer.start(f_EPTF_CLL_Transport_IPsecHandler_Logging_Server_behaviour("./", "IPsec.log"));
f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSAWithLogging_test",vl_loggingServer);
var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
var integer pl_srcPort := 44332;
var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
var integer pl_dstPort := 44333;
var integer pl_spi := 1;
var integer pl_lifeTime := 10;
var TCCIPsec_PolicyDirection pl_dir := outDir;
var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
ealgo := EALG_AESCBC,//EALG_NONE,
ekey := {text := "0123456789012345"},
aalgo := AALG_MD5HMAC,
akey := {text := "0123456789012345"}
}};
var XFRM_Result vl_XFRM_Result;
var SPAddInfo vl_add_pol_info := {
update := true,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit},
dir := OUT,
tmpl := {
{
src := omit,
dst := omit,
spi := 1,
reqid := 1,
share := omit,
ipsec := ESP,
mode := TRANSPORT,
level := use
}
},
info := {
share := USER,
priority := omit,
policy_action := ALLOW,
index := omit,
interface_index := omit,
limits := {
soft_byte_limit := omit,
hard_byte_limit := omit,
soft_packet_limit := omit,
hard_packet_limit := omit,
soft_add_expires_seconds := 3600,
hard_add_expires_seconds := 3600,
soft_use_expires_seconds := omit,
hard_use_expires_seconds := omit
}
}
};
action("vl_add_pol_info: ", vl_add_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
action("createSP RESULT: ",vl_XFRM_Result);
var SAAddInfo vl_sa_add_info := {
update := omit,
protocol := TCP,
ipsec := ESP,
ipsec_algos := {
auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
enc := { name := CBC_AES, key := {text:="0123456789012345"}}
},
mode := TRANSPORT,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit},
nat_t := omit,//{ESPINUDP,4500,4500,omit},
info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
};
action("vl_sa_add_info: ", vl_sa_add_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
action("createSA RESULT: ",vl_XFRM_Result);
// check pol info by shell command:
//var charstring vl_command := "ip xfrm state";
var charstring vl_command := "ip xfrm policy";
var charstring vl_stdout, vl_stderr;
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
var boolean vl_passResult := vl_stdout != "" and vl_stderr == "";
// check association info by shell command:
vl_command := "ip xfrm state";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout != "" and vl_stderr == "";
// delete SP
var SPDelInfo vl_del_pol_info := {
dir := OUT,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit}
};
action("vl_del_pol_info: ", vl_del_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
action("deleteSP RESULT: ",vl_XFRM_Result);
// delete SA:
var SADelInfo vl_del_sa_info := {
proto := ESP,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit}
};
action("vl_del_sa_info: ", vl_del_sa_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
action("deleteSA RESULT: ",vl_XFRM_Result);
// check the result:
vl_command := "ip xfrm policy";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";
vl_command := "ip xfrm state";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";
// check IPsec.log created by the server:
vl_command := "cat IPsec.log";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
if (vl_stdout == "" or vl_stderr != "") {
setverdict(fail, "The IPsecLogging failed to create the log")
} else {
action("Content of IPsec logfile: "& vl_stdout);
}
if (vl_passResult) {
setverdict (pass)
} else {
setverdict (fail, "Create/Delete SP/SA failed")
}
f_EPTF_Base_stop(none);
}
// starts with:
// sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_createSA_test
// creates more then one SP/SA and removes them with flushSA/SP it, checks it with "ip addr policy/state"
testcase tc_Transport_IPsecHandler_flushSASP_test() runs on EPTF_Transport_IPsecHandler_Test_CT {
f_EPTF_Transport_IPsecHandler_init_CT("tc_Transport_IPsecHandler_createSA_test");
var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
var integer pl_srcPort := 44332;
var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
var integer pl_dstPort := 44333;
var integer pl_spi := 1;
var integer pl_lifeTime := 10;
var TCCIPsec_PolicyDirection pl_dir := outDir;
var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
ealgo := EALG_AESCBC,//EALG_NONE,
ekey := {text := "0123456789012345"},
aalgo := AALG_MD5HMAC,
akey := {text := "0123456789012345"}
}};
var XFRM_Result vl_XFRM_Result;
var SPAddInfo vl_add_pol_info := {
update := true,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit},
dir := OUT,
tmpl := {
{
src := omit,
dst := omit,
spi := 1,
reqid := 1,
share := omit,
ipsec := ESP,
mode := TRANSPORT,
level := use
}
},
info := {
share := USER,
priority := omit,
policy_action := ALLOW,
index := omit,
interface_index := omit,
limits := {
soft_byte_limit := omit,
hard_byte_limit := omit,
soft_packet_limit := omit,
hard_packet_limit := omit,
soft_add_expires_seconds := 3600,
hard_add_expires_seconds := 3600,
soft_use_expires_seconds := omit,
hard_use_expires_seconds := omit
}
}
};
action("vl_add_pol_info: ", vl_add_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
action("createSP RESULT: ",vl_XFRM_Result);
vl_add_pol_info := {
update := true,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort+100,omit},
dst := {pl_dstAddr,pl_dstPort+100,omit},
dir := OUT,
tmpl := {
{
src := omit,
dst := omit,
spi := 2,
reqid := 2,
share := omit,
ipsec := ESP,
mode := TRANSPORT,
level := use
}
},
info := {
share := USER,
priority := omit,
policy_action := ALLOW,
index := omit,
interface_index := omit,
limits := {
soft_byte_limit := omit,
hard_byte_limit := omit,
soft_packet_limit := omit,
hard_packet_limit := omit,
soft_add_expires_seconds := 3600,
hard_add_expires_seconds := 3600,
soft_use_expires_seconds := omit,
hard_use_expires_seconds := omit
}
}
}; action("vl_add_pol_info: ", vl_add_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
action("createSP RESULT: ",vl_XFRM_Result);
var SAAddInfo vl_sa_add_info := {
update := omit,
protocol := TCP,
ipsec := ESP,
ipsec_algos := {
auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
enc := { name := CBC_AES, key := {text:="0123456789012345"}}
},
mode := TRANSPORT,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit},
nat_t := omit,//{ESPINUDP,4500,4500,omit},
info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
};
action("vl_sa_add_info: ", vl_sa_add_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
action("createSA RESULT: ",vl_XFRM_Result);
vl_sa_add_info := {
update := omit,
protocol := TCP,
ipsec := ESP,
ipsec_algos := {
auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
enc := { name := CBC_AES, key := {text:="0123456789012345"}}
},
mode := TRANSPORT,
spi := 2,
src := {pl_srcAddr,pl_srcPort+100, omit},
dst := {pl_dstAddr,pl_dstPort+100, omit},
nat_t := omit,//{ESPINUDP,4500,4500,omit},
info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
};
action("vl_sa_add_info: ", vl_sa_add_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
action("createSA RESULT: ",vl_XFRM_Result);
// check pol info by shell command:
//var charstring vl_command := "ip xfrm state";
var charstring vl_command := "ip xfrm policy";
var charstring vl_stdout, vl_stderr;
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
var boolean vl_passResult := vl_stdout != "" and vl_stderr == "";
// check association info by shell command:
vl_command := "ip xfrm state";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout != "" and vl_stderr == "";
// delete all SA/SP with the flush functions:
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_flushSP();
action("flushSP RESULT: ",vl_XFRM_Result);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_flushSA();
action("flushSA RESULT: ",vl_XFRM_Result);
// check the result:
vl_command := "ip xfrm policy";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";
vl_command := "ip xfrm state";
if ( 0 != f_EPTF_Base_executeShell(vl_command,vl_stdout,vl_stderr, false) ) {
setverdict(inconc,"Cannot execute the command "&vl_command);
}
action("Result: ", vl_stdout, " errors: ",vl_stderr);
vl_passResult := vl_passResult and vl_stdout == "" and vl_stderr == "";
if (vl_passResult) {
setverdict (pass)
} else {
setverdict (fail, "flush SA/SP failed")
}
f_EPTF_Base_stop(none);
}
// client(B) + server(A) (uses same host, => no encryption) without sudo there is no enrcyption either
// starts with:
// sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_basic_SA_testAB
// creates IPsec connection B-->A, no encryption!!, message is sent from B to A
testcase tc_Transport_IPsecHandler_basic_SA_testAB() runs on EPTF_Transport_IPsecHandler_Test_CT {
f_EPTF_Transport_IPsecHandler_init_CT("Transport_IPsecHandler_basic_SA_testAB");
// from function f_IMS_SIP_Auth_AKA_createIPSecSA
var charstring pl_srcAddr := "127.0.0.1";//"6.0.0.86";//"127.0.0.1";
var integer pl_srcPort := 44332;
var charstring pl_dstAddr := "127.0.0.1";//"6.0.0.159";//"6.0.0.86";//"127.0.0.1";
var integer pl_dstPort := 44333;
var integer pl_spi := 1;
var integer pl_lifeTime := 10;
var TCCIPsec_PolicyDirection pl_dir := outDir;
var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
ealgo := EALG_AESCBC,//EALG_NONE,
ekey := {text := "0123456789012345"},
aalgo := AALG_MD5HMAC,
akey := {text := "0123456789012345"}
}};
var XFRM_Result vl_XFRM_Result;
var SPAddInfo vl_add_pol_info := {
update := true,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit},
dir := OUT,
tmpl := {
{
src := omit,
dst := omit,
spi := 1,
reqid := 1,
share := omit,
ipsec := ESP,
mode := TRANSPORT,
level := use
}
},
info := {
share := USER,
priority := omit,
policy_action := ALLOW,
index := omit,
interface_index := omit,
limits := {
soft_byte_limit := omit,
hard_byte_limit := omit,
soft_packet_limit := omit,
hard_packet_limit := omit,
soft_add_expires_seconds := 3600,
hard_add_expires_seconds := 3600,
soft_use_expires_seconds := omit,
hard_use_expires_seconds := omit
}
}
};
action("vl_add_pol_info: ", vl_add_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
action("createSP RESULT: ",vl_XFRM_Result);
var SAAddInfo vl_sa_add_info := {
update := omit,
protocol := TCP,
ipsec := ESP,
ipsec_algos := {
auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
enc := { name := CBC_AES, key := {text:="0123456789012345"}}
},
mode := TRANSPORT,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit},
nat_t := omit,//{ESPINUDP,4500,4500,omit},
info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
};
action("vl_sa_add_info: ", vl_sa_add_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
action("createSA RESULT: ",vl_XFRM_Result);
var integer vl_connId;
var integer vl_listenId;
f_EPTF_Transport_IPsecHandler_Test_createConnection(
pl_transportType := IPL4,
pl_proto := {tcp := {}},
pl_srcAddr := pl_srcAddr,
pl_srcPort := pl_srcPort,
pl_dstAddr := pl_dstAddr,
pl_dstPort := pl_dstPort,
pl_listenId := vl_listenId,
pl_connId := vl_connId
);
f_EPTF_Transport_IPsecHandler_Test_sendMsg(
pl_transportType := IPL4,
pl_connId := vl_connId,
pl_msg := '0102030405060708'O,
pl_proto := {tcp := {}}
);
f_EPTF_Transport_IPsecHandler_Test_closeConnection( IPL4, vl_connId, vl_listenId);
var SPDelInfo vl_del_pol_info := {
dir := OUT,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit}
};
action("vl_del_pol_info: ", vl_del_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
action("deleteSP RESULT: ",vl_XFRM_Result);
var SADelInfo vl_del_sa_info := {
proto := ESP,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit}
};
action("vl_del_sa_info: ", vl_del_sa_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
action("deleteSA RESULT: ",vl_XFRM_Result);
f_EPTF_Base_stop(none);
}
// server: runs on toolserver159,
// starts with:
// sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_basic_SA_testA_Manual
// creates IPsec connection B-->A, message should be received from B
// should be started before tc_Transport_IPsecHandler_basic_SA_testB_Manual
testcase tc_Transport_IPsecHandler_basic_SA_testA_Manual() runs on EPTF_Transport_IPsecHandler_Test_CT {
f_EPTF_Transport_IPsecHandler_init_CT("Transport_IPsecHandler_basic_SA_testA");
// from function f_IMS_SIP_Auth_AKA_createIPSecSA
var charstring pl_srcAddr := "6.0.0.86";//"127.0.0.1";
var integer pl_srcPort := 44332;
var charstring pl_dstAddr := "6.0.0.159";//"6.0.0.86";//"127.0.0.1";
var integer pl_dstPort := 44333;
var integer pl_spi := 1;
var integer pl_lifeTime := 10;
var TCCIPsec_PolicyDirection pl_dir := outDir;
var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
ealgo := EALG_AESCBC,//EALG_NONE,
ekey := {text := "0123456789012345"},
aalgo := AALG_MD5HMAC,
akey := {text := "0123456789012345"}
}};
var XFRM_Result vl_XFRM_Result;
var SPAddInfo vl_add_pol_info := {
update := true,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit},
dir := OUT,
tmpl := {
{
src := omit,
dst := omit,
spi := 1,
reqid := 1,
share := omit,
ipsec := ESP,
mode := TRANSPORT,
level := use
}
},
info := {
share := USER,
priority := omit,
policy_action := ALLOW,
index := omit,
interface_index := omit,
limits := {
soft_byte_limit := omit,
hard_byte_limit := omit,
soft_packet_limit := omit,
hard_packet_limit := omit,
soft_add_expires_seconds := 3600,
hard_add_expires_seconds := 3600,
soft_use_expires_seconds := omit,
hard_use_expires_seconds := omit
}
}
};
action("vl_add_pol_info: ", vl_add_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
action("createSP RESULT: ",vl_XFRM_Result);
var SAAddInfo vl_sa_add_info := {
update := omit,
protocol := TCP,
ipsec := ESP,
ipsec_algos := {
auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
enc := { name := CBC_AES, key := {text:="0123456789012345"}}
},
mode := TRANSPORT,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit},
nat_t := omit,//{ESPINUDP,4500,4500,omit},
info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
};
action("vl_sa_add_info: ", vl_sa_add_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
action("createSA RESULT: ",vl_XFRM_Result);
var integer vl_listenId;
f_EPTF_Transport_IPsecHandler_Test_listen(
pl_transportType := IPL4,
pl_proto := {tcp := {}},
pl_srcAddr := pl_srcAddr,
pl_srcPort := pl_srcPort,
pl_dstAddr := pl_dstAddr,
pl_dstPort := pl_dstPort,
pl_listenId := vl_listenId
);
timer t_wait := 20.0;
t_wait.start;
t_wait.timeout; // wait for connection...
f_EPTF_Transport_IPsecHandler_Test_closeConnection( IPL4, -1, vl_listenId);
var SPDelInfo vl_del_pol_info := {
dir := OUT,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit}
};
action("vl_del_pol_info: ", vl_del_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
action("deleteSP RESULT: ",vl_XFRM_Result);
var SADelInfo vl_del_sa_info := {
proto := ESP,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit}
};
action("vl_del_sa_info: ", vl_del_sa_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
action("deleteSA RESULT: ",vl_XFRM_Result);
f_EPTF_Base_stop(none);
}
// client: runs on toolserver086
// starts with:
// sudo ~/ethjgi/sudo.sh ttcn3_start ./EPTF_Transport_IPsecHandler_Test EPTF_Transport_IPsecHandler_TestCases.tc_Transport_IPsecHandler_basic_SA_testB_Manual
// creates IPsec connection B-->A and send a message to A,
// should be started after tc_Transport_IPsecHandler_basic_SA_testA_Manual
testcase tc_Transport_IPsecHandler_basic_SA_testB_Manual() runs on EPTF_Transport_IPsecHandler_Test_CT {
f_EPTF_Transport_IPsecHandler_init_CT("Transport_IPsecHandler_basic_SA_testB");
// from function f_IMS_SIP_Auth_AKA_createIPSecSA
var charstring pl_srcAddr := "6.0.0.86";//"127.0.0.1";
var integer pl_srcPort := 44332;
var charstring pl_dstAddr := "6.0.0.159";//"6.0.0.86";//"127.0.0.1";
var integer pl_dstPort := 44333;
var integer pl_spi := 1;
var integer pl_lifeTime := 10;
var TCCIPsec_PolicyDirection pl_dir := outDir;
var TCCIPsec_Algorithm pl_algo := {encrAndAuth := {
ealgo := EALG_AESCBC,//EALG_NONE,
ekey := {text := "0123456789012345"},
aalgo := AALG_MD5HMAC,
akey := {text := "0123456789012345"}
}};
var XFRM_Result vl_XFRM_Result;
var SPAddInfo vl_add_pol_info := {
update := true,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit},
dir := OUT,
tmpl := {
{
src := omit,
dst := omit,
spi := 1,
reqid := 1,
share := omit,
ipsec := ESP,
mode := TRANSPORT,
level := use
}
},
info := {
share := USER,
priority := omit,
policy_action := ALLOW,
index := omit,
interface_index := omit,
limits := {
soft_byte_limit := omit,
hard_byte_limit := omit,
soft_packet_limit := omit,
hard_packet_limit := omit,
soft_add_expires_seconds := 3600,
hard_add_expires_seconds := 3600,
soft_use_expires_seconds := omit,
hard_use_expires_seconds := omit
}
}
};
action("vl_add_pol_info: ", vl_add_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSP(vl_add_pol_info);
action("createSP RESULT: ",vl_XFRM_Result);
var SAAddInfo vl_sa_add_info := {
update := omit,
protocol := TCP,
ipsec := ESP,
ipsec_algos := {
auth := { name := HMAC_MD5, key := {text:="0123456789012345"}},
enc := { name := CBC_AES, key := {text:="0123456789012345"}}
},
mode := TRANSPORT,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit},
nat_t := omit,//{ESPINUDP,4500,4500,omit},
info := {omit, omit ,1, {omit, omit, omit, omit, 444, 333, omit, omit}}
};
action("vl_sa_add_info: ", vl_sa_add_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_createSA(vl_sa_add_info);
action("createSA RESULT: ",vl_XFRM_Result);
var integer vl_connId;
f_EPTF_Transport_IPsecHandler_Test_connect(
pl_transportType := IPL4,
pl_proto := {tcp := {}},
pl_srcAddr := pl_srcAddr,
pl_srcPort := pl_srcPort,
pl_dstAddr := pl_dstAddr,
pl_dstPort := pl_dstPort,
pl_connId := vl_connId
);
f_EPTF_Transport_IPsecHandler_Test_sendMsg(
pl_transportType := IPL4,
pl_connId := vl_connId,
pl_msg := '0102030405060708'O,
pl_proto := {tcp := {}}
);
timer t_wait := 10.0;
t_wait.start; t_wait.timeout;
f_EPTF_Transport_IPsecHandler_Test_closeConnection( IPL4, vl_connId, -1);
var SPDelInfo vl_del_pol_info := {
dir := OUT,
protocol := TCP,
src := {pl_srcAddr,pl_srcPort,omit},
dst := {pl_dstAddr,pl_dstPort,omit}
};
action("vl_del_pol_info: ", vl_del_pol_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSP(vl_del_pol_info);
action("deleteSP RESULT: ",vl_XFRM_Result);
var SADelInfo vl_del_sa_info := {
proto := ESP,
spi := 1,
src := {pl_srcAddr,pl_srcPort, omit},
dst := {pl_dstAddr,pl_dstPort, omit}
};
action("vl_del_sa_info: ", vl_del_sa_info);
vl_XFRM_Result := f_EPTF_Transport_IPsecHandler_deleteSA(vl_del_sa_info);
action("deleteSA RESULT: ",vl_XFRM_Result);
f_EPTF_Base_stop(pass);
}
control {
execute(tc_Transport_IPsecHandler_basic_SA_testAB());
}
} // module