ipsec: T6101: Add validation for proposal option used in IKE group

author: Nataliia Solomko <natalirs1985@gmail.com> 2024-10-02 16:18:32 +0300
committer: Nataliia Solomko <natalirs1985@gmail.com> 2024-10-02 17:13:31 +0300
commit: 34bbc3be98d20b7ce704cc498f070e70bf8f0213 (patch)
tree: 4e4f7a7f38234e155283f490cb8dcda1a1365bf5 /smoketest
parent: 6b7159f2927f004320c77043d0c819a6b660806d (diff)
download: vyos-1x-34bbc3be98d20b7ce704cc498f070e70bf8f0213.tar.gz
vyos-1x-34bbc3be98d20b7ce704cc498f070e70bf8f0213.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index 3b8687b93..de18d0427 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -947,7 +947,8 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
         self.cli_set(base_path + ['ike-group', ike_group, 'lifetime', ike_lifetime])
         self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'dh-group', '14'])
         self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'encryption', 'aes256'])
-        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'hash', 'sha512'])
+        # a hash algorithm that cannot be mapped to an equivalent PRF
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1',  'hash', 'aes192gmac'])
 
         # ESP
         self.cli_set(base_path + ['esp-group', esp_group, 'lifetime', eap_lifetime])
@@ -968,6 +969,11 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
         self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'name-server', name_server])
         self.cli_set(base_path + ['remote-access', 'pool', ip_pool_name, 'prefix', prefix])
 
+        # verify() - IKE group use not mapped hash algorithm
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+
+        self.cli_set(base_path + ['ike-group', ike_group, 'proposal', '1', 'hash', 'sha512'])
         self.cli_commit()
 
         self.assertTrue(os.path.exists(dhcp_interfaces_file))
author	Nataliia Solomko <natalirs1985@gmail.com>	2024-10-02 16:18:32 +0300
committer	Nataliia Solomko <natalirs1985@gmail.com>	2024-10-02 17:13:31 +0300
commit	34bbc3be98d20b7ce704cc498f070e70bf8f0213 (patch)
tree	4e4f7a7f38234e155283f490cb8dcda1a1365bf5 /smoketest
parent	6b7159f2927f004320c77043d0c819a6b660806d (diff)
download	vyos-1x-34bbc3be98d20b7ce704cc498f070e70bf8f0213.tar.gz vyos-1x-34bbc3be98d20b7ce704cc498f070e70bf8f0213.zip