test-network: add tests for MACsec

2019-04-05 15:58:50 +09:00 · 2019-04-05 15:58:50 +09:00 · 02849d8b4f
parent e57319dd54
commit 02849d8b4f
5 changed files with 117 additions and 0 deletions
--- a/test/test-network/conf/25-macsec.key
+++ b/test/test-network/conf/25-macsec.key
@ -0,0 +1 @@
+85858585858585858585858585858585
--- a/test/test-network/conf/25-macsec.netdev
+++ b/test/test-network/conf/25-macsec.netdev
@ -0,0 +1,68 @@
+[NetDev]
+Name=macsec99
+Kind=macsec
+
+[MACsec]
+Port=11
+Encrypt=yes
+
+[MACsecTransmitAssociation]
+PacketNumber=1024
+KeyId=01
+Key=81818181818181818181818181818181
+Activate=yes
+
+[MACsecTransmitAssociation]
+PacketNumber=512
+KeyId=0203
+Key=82828282828282828282828282828282
+UseForEncoding=yes
+
+[MACsecReceiveChannel]
+Port=2
+MACAddress=8c:16:45:6c:83:a9
+
+[MACsecReceiveAssociation]
+Port=2
+MACAddress=8c:16:45:6c:83:a9
+PacketNumber=16
+KeyId=020304
+Key=83838383838383838383838383838383
+
+[MACsecReceiveAssociation]
+Port=256
+MACAddress=c6:19:52:8f:e6:a0
+PacketNumber=32
+KeyId=02030405
+Key=84848484848484848484848484848484
+Activate=yes
+
+[MACsecReceiveAssociation]
+Port=256
+MACAddress=c6:19:52:8f:e6:a0
+PacketNumber=128
+KeyId=0203040506
+KeyFile=/run/systemd/network/25-macsec.key
+Activate=yes
+
+[MACsecReceiveAssociation]
+Port=256
+MACAddress=c6:19:52:8f:e6:a0
+KeyId=020304050607
+Key=86868686868686868686868686868686
+Activate=no
+
+[MACsecReceiveAssociation]
+Port=256
+MACAddress=c6:19:52:8f:e6:a0
+KeyId=02030405060708
+Key=87878787878787878787878787878787
+Activate=no
+
+[MACsecReceiveAssociation]
+# This section should be dropped.
+Port=256
+MACAddress=c6:19:52:8f:e6:a0
+KeyId=0203040506070809
+Key=88888888888888888888888888888888
+Activate=no
--- a/test/test-network/conf/25-macsec.network
+++ b/test/test-network/conf/25-macsec.network
@ -0,0 +1,6 @@
+[Match]
+Name=macsec99
+
+[Network]
+IPv6AcceptRA=no
+Address=10.1.2.3/16
--- a/test/test-network/conf/macsec.network
+++ b/test/test-network/conf/macsec.network
@ -0,0 +1,9 @@
+[Match]
+Name=dummy98
+
+[Link]
+MACAddress=00:50:56:c0:00:19
+
+[Network]
+IPv6AcceptRA=no
+MACsec=macsec99
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@ -290,6 +290,9 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
        '25-ipip-tunnel.netdev',
        '25-ipvlan.netdev',
        '25-isatap-tunnel.netdev',
+        '25-macsec.key',
+        '25-macsec.netdev',
+        '25-macsec.network',
        '25-sit-tunnel-local-any.netdev',
        '25-sit-tunnel-remote-any.netdev',
        '25-sit-tunnel.netdev',
@ -322,6 +325,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
        'ipip.network',
        'ipvlan.network',
        'isatap.network',
+        'macsec.network',
        'macvlan.network',
        'macvtap.network',
        'sit.network',
@ -875,6 +879,35 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
        self.assertRegex(output, 'remcsumrx')
        self.assertRegex(output, 'gbp')

+    def test_macsec(self):
+        self.copy_unit_to_networkd_unit_path('25-macsec.netdev', '25-macsec.network', '25-macsec.key',
+                                             'macsec.network', '12-dummy.netdev')
+        self.start_networkd(0)
+
+        self.wait_online(['dummy98:degraded', 'macsec99:routable'])
+
+        output = subprocess.check_output(['ip', '-d', 'link', 'show', 'macsec99']).rstrip().decode('utf-8')
+        print(output)
+        self.assertRegex(output, 'macsec99@dummy98')
+        self.assertRegex(output, 'macsec sci [0-9a-f]*000b')
+        self.assertRegex(output, 'encrypt on')
+
+        output = subprocess.check_output(['ip', 'macsec', 'show', 'macsec99']).rstrip().decode('utf-8')
+        print(output)
+        self.assertRegex(output, 'encrypt on')
+        self.assertRegex(output, 'TXSC: [0-9a-f]*000b on SA 1')
+        self.assertRegex(output, '0: PN [0-9]*, state on, key 01000000000000000000000000000000')
+        self.assertRegex(output, '1: PN [0-9]*, state on, key 02030000000000000000000000000000')
+        self.assertRegex(output, 'RXSC: c619528fe6a00100, state on')
+        self.assertRegex(output, '0: PN [0-9]*, state on, key 02030405000000000000000000000000')
+        self.assertRegex(output, '1: PN [0-9]*, state on, key 02030405060000000000000000000000')
+        self.assertRegex(output, '2: PN [0-9]*, state off, key 02030405060700000000000000000000')
+        self.assertRegex(output, '3: PN [0-9]*, state off, key 02030405060708000000000000000000')
+        self.assertNotRegex(output, 'key 02030405067080900000000000000000')
+        self.assertRegex(output, 'RXSC: 8c16456c83a90002, state on')
+        self.assertRegex(output, '0: PN [0-9]*, state off, key 02030400000000000000000000000000')
+
+
 class NetworkdL2TPTests(unittest.TestCase, Utilities):

    links =[