summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-02-27 22:59:00 +0100
committerChristian Poessinger <christian@poessinger.com>2021-02-28 00:54:37 +0100
commit5bcc549edeaeaa767d77a68b33751e834d467c34 (patch)
tree55d8f3d6eec096a58e5099b77d223b5d31ace095 /smoketest
parent857294427afba3259e683f2360c735f0f4be32b6 (diff)
downloadvyos-1x-5bcc549edeaeaa767d77a68b33751e834d467c34.tar.gz
vyos-1x-5bcc549edeaeaa767d77a68b33751e834d467c34.zip
macsec: T3368: add support for gcm-aes-256 cipher
Diffstat (limited to 'smoketest')
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_macsec.py39
1 files changed, 37 insertions, 2 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py
index 3a3e7bff3..d6bef993a 100755
--- a/smoketest/scripts/cli/test_interfaces_macsec.py
+++ b/smoketest/scripts/cli/test_interfaces_macsec.py
@@ -14,6 +14,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import os
import re
import unittest
@@ -22,6 +23,7 @@ from netifaces import interfaces
from vyos.configsession import ConfigSessionError
from vyos.ifconfig import Section
+from vyos.util import cmd
from vyos.util import read_file
from vyos.util import process_named_running
@@ -30,6 +32,16 @@ def get_config_value(interface, key):
tmp = re.findall(r'\n?{}=(.*)'.format(key), tmp)
return tmp[0]
+def get_cipher(interface):
+ """ Returns the used encapsulation protocol for given interface.
+ If interface does not exist, None is returned.
+ """
+ if not os.path.exists(f'/sys/class/net/{interface}'):
+ return None
+ from json import loads
+ tmp = loads(cmd(f'ip -d -j link show {interface}'))[0]
+ return tmp['linkinfo']['info_data']['cipher_suite'].lower()
+
class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
@classmethod
def setUpClass(cls):
@@ -107,8 +119,30 @@ class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
# Check for running process
self.assertTrue(process_named_running('wpa_supplicant'))
- def test_macsec_mandatory_options(self):
+ def test_macsec_gcm_aes_128(self):
interface = 'macsec1'
+ cipher = 'gcm-aes-128'
+ self.session.set(self._base_path + [interface])
+
+ # check validate() - source interface is mandatory
+ with self.assertRaises(ConfigSessionError):
+ self.session.commit()
+ self.session.set(self._base_path + [interface, 'source-interface', 'eth0'])
+
+ # check validate() - cipher is mandatory
+ with self.assertRaises(ConfigSessionError):
+ self.session.commit()
+ self.session.set(self._base_path + [interface, 'security', 'cipher', cipher])
+
+ # final commit and verify
+ self.session.commit()
+ self.assertIn(interface, interfaces())
+ self.assertIn(interface, interfaces())
+ self.assertEqual(cipher, get_cipher(interface))
+
+ def test_macsec_gcm_aes_256(self):
+ interface = 'macsec4'
+ cipher = 'gcm-aes-256'
self.session.set(self._base_path + [interface])
# check validate() - source interface is mandatory
@@ -119,11 +153,12 @@ class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
# check validate() - cipher is mandatory
with self.assertRaises(ConfigSessionError):
self.session.commit()
- self.session.set(self._base_path + [interface, 'security', 'cipher', 'gcm-aes-128'])
+ self.session.set(self._base_path + [interface, 'security', 'cipher', cipher])
# final commit and verify
self.session.commit()
self.assertIn(interface, interfaces())
+ self.assertEqual(cipher, get_cipher(interface))
def test_macsec_source_interface(self):
# Ensure source-interface can bot be part of any other bond or bridge