From 289582b3dcbeb23328325d224c7db7de66a3a55f Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 5 Aug 2024 11:56:25 +0200 Subject: Merging upstream version 10.1. Signed-off-by: Daniel Baumann --- tests/topotests/key_sendaccept/r1/frr.conf | 31 +++++ tests/topotests/key_sendaccept/r2/frr.conf | 20 ++++ tests/topotests/key_sendaccept/test_keychain.py | 150 ++++++++++++++++++++++++ 3 files changed, 201 insertions(+) create mode 100644 tests/topotests/key_sendaccept/r1/frr.conf create mode 100644 tests/topotests/key_sendaccept/r2/frr.conf create mode 100644 tests/topotests/key_sendaccept/test_keychain.py (limited to 'tests/topotests/key_sendaccept') diff --git a/tests/topotests/key_sendaccept/r1/frr.conf b/tests/topotests/key_sendaccept/r1/frr.conf new file mode 100644 index 0000000..d231634 --- /dev/null +++ b/tests/topotests/key_sendaccept/r1/frr.conf @@ -0,0 +1,31 @@ +log timestamp precision 6 +log file frr.log debug + +! debug northbound libyang + +debug northbound notifications +debug northbound events +debug northbound callbacks + +debug mgmt backend datastore frontend transaction +debug mgmt client frontend +debug mgmt client backend + +interface r1-eth0 + ip address 1.1.1.1/24 + + ip ospf hello-interval 2 + ip ospf dead-interval 10 +exit + +router ospf + ospf router-id 1.1.1.1 + network 1.1.1.0/24 area 0 +exit + +router rip + network 1.1.1.0/24 + network r1-eth0 +exit + +!ip route 250.0.0.1/32 Null0 \ No newline at end of file diff --git a/tests/topotests/key_sendaccept/r2/frr.conf b/tests/topotests/key_sendaccept/r2/frr.conf new file mode 100644 index 0000000..95bb6e2 --- /dev/null +++ b/tests/topotests/key_sendaccept/r2/frr.conf @@ -0,0 +1,20 @@ +log timestamp precision 6 +log file frr.log debug + +interface r2-eth0 + ip address 1.1.1.2/24 + + ip ospf hello-interval 2 + ip ospf dead-interval 10 +exit + +router ospf + ospf router-id 2.2.2.2 + network 1.1.1.0/24 area 0 +exit + +router rip + network 1.1.1.0/24 +exit + +ip route 250.0.0.2/32 Null0 \ No newline at end of file diff --git a/tests/topotests/key_sendaccept/test_keychain.py b/tests/topotests/key_sendaccept/test_keychain.py new file mode 100644 index 0000000..b11d31b --- /dev/null +++ b/tests/topotests/key_sendaccept/test_keychain.py @@ -0,0 +1,150 @@ +#!/usr/bin/env python +# -*- coding: utf-8 eval: (blacken-mode 1) -*- +# SPDX-License-Identifier: ISC +# +# March 4 2024, Christian Hopps +# +# Copyright (c) 2024, LabN Consulting, L.L.C. +# +""" +Test static route functionality +""" +import json + +import pytest +from lib.topogen import Topogen + +pytestmark = [pytest.mark.ripd, pytest.mark.mgmtd] + + +@pytest.fixture(scope="module") +def tgen(request): + "Setup/Teardown the environment and provide tgen argument to tests" + + topodef = {"s1": ("r1", "r2")} + + tgen = Topogen(topodef, request.module.__name__) + tgen.start_topology() + + router_list = tgen.routers() + for rname, router in router_list.items(): + router.load_frr_config("frr.conf") + + tgen.start_router() + yield tgen + tgen.stop_topology() + + +DIR_SEND = 0 +DIR_ACCEPT = 1 + + +def is_key_active(router, keychain, keyid, direction): + dstr = "send" if direction == DIR_SEND else "accept" + node = f"{dstr}-lifetime-active" + output = router.net.cmd_raises( + "vtysh -c 'show mgmt get-data " + f'/ietf-key-chain:key-chains/key-chain[name="{keychain}"]' + f'/key[key-id="{keyid}"]/{node} json' + "'" + ) + jd = json.loads(output) + return jd["ietf-key-chain:key-chains"]["key-chain"][0]["key"][0][node] + + +def test_send_accept(tgen): + if tgen.routers_have_failure(): + pytest.skip(tgen.errors) + + r1 = tgen.gears["r1"] + + conf = """conf t +key chain kc + key 1 + key-string theSecret + cryptographic-algorithm hmac-sha-256 + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert is_key_active(r1, "kc", 1, DIR_SEND) + assert is_key_active(r1, "kc", 1, DIR_ACCEPT) + + conf = """conf t +key chain kc + key 1 + key-string theSecret + cryptographic-algorithm hmac-sha-256 + send-lifetime 00:00:00 Jan 1 2024 infinite + accept-lifetime 00:00:00 Jan 1 2024 infinite + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert is_key_active(r1, "kc", 1, DIR_SEND) + assert is_key_active(r1, "kc", 1, DIR_ACCEPT) + + conf = """conf t +key chain kc + key 1 + send-lifetime 00:00:00 Jan 1 2035 infinite + accept-lifetime 00:00:00 Jan 1 2035 infinite + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert not is_key_active(r1, "kc", 1, DIR_SEND) + assert not is_key_active(r1, "kc", 1, DIR_ACCEPT) + + secs_in_10_years = 60 * 60 * 24 * 365 * 10 + conf = f"""conf t +key chain kc + key 2 + key-string theSecret + cryptographic-algorithm hmac-sha-256 + send-lifetime 00:00:00 Jan 1 2024 duration {secs_in_10_years} + accept-lifetime 00:00:00 Jan 1 2024 duration {secs_in_10_years} + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert is_key_active(r1, "kc", 2, DIR_SEND) + assert is_key_active(r1, "kc", 2, DIR_ACCEPT) + + conf = f"""conf t +key chain kc + key 2 + send-lifetime 00:00:00 Jan 1 2000 duration 10 + accept-lifetime 00:00:00 Jan 1 2000 duration 10 + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert not is_key_active(r1, "kc", 2, DIR_SEND) + assert not is_key_active(r1, "kc", 2, DIR_ACCEPT) + + conf = """conf t +key chain kc + key 3 + key-string theSecret + cryptographic-algorithm hmac-sha-256 + send-lifetime 00:00:00 Jan 1 2024 23:59:59 Dec 31 2034 + accept-lifetime 00:00:00 Jan 1 2024 23:59:59 Dec 31 2034 + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert is_key_active(r1, "kc", 3, DIR_SEND) + assert is_key_active(r1, "kc", 3, DIR_ACCEPT) + + conf = """conf t +key chain kc + key 3 + send-lifetime 00:00:00 Dec 1 2035 23:59:59 Dec 31 2034 + accept-lifetime 00:00:00 Dec 1 2035 23:59:59 Dec 31 2034 + exit +exit +""" + r1.vtysh_multicmd(conf.split("\n"), pretty_output=True) + assert not is_key_active(r1, "kc", 3, DIR_SEND) + assert not is_key_active(r1, "kc", 3, DIR_ACCEPT) -- cgit v1.2.3