*** Settings ***
Documentation    Module to test IPMI chipher functionality.
Resource         ../lib/ipmi_client.robot
Resource         ../lib/openbmc_ffdc.robot
Resource         ../lib/bmc_network_utils.robot
Library          ../lib/ipmi_utils.py
Library          ../lib/var_funcs.py
Variables        ../data/ipmi_raw_cmd_table.py
Library          String


Suite Setup      IPMI Cipher Suite Setup
Test Setup       Printn
Test Teardown    FFDC On Test Case Fail

Force Tags       IPMI_Cipher

*** Variables  ***
${cipher_suite}      standard
&{payload_type}      ipmi=0  sol=1
@{list_index_value}  0x80  0x00


*** Test Cases ***

Verify Supported Ciphers
    [Documentation]  Execute all supported ciphers and verify.
    [Tags]  Verify_Supported_Ciphers
    FOR  ${cipher}  IN  @{valid_ciphers}
      Run External IPMI Standard Command  power status  C=${cipher}
    END


Verify Unsupported Ciphers
    [Documentation]  Execute all unsupported ciphers and verify error.
    [Tags]  Verify_Unsupported_Ciphers
    FOR  ${cipher}  IN  @{unsupported_ciphers}
      Run Keyword And Expect Error  *invalid * algorithm*
      ...  Run External IPMI Standard Command  power status  C=${cipher}
    END


Verify Supported Ciphers Via Lan Print
    [Documentation]  Verify supported ciphers via IPMI lan print command.
    [Tags]  Verify_Supported_Ciphers_Via_Lan_Print

    ${lan_print}=  Get Lan Print Dict
    # Example 'RMCP+ Cipher Suites' entry: 3,17
    ${ciphers}=  Split String  ${lan_print['RMCP+ Cipher Suites']}  ,
    Rprint Vars  ciphers
    Valid List  ciphers  valid_values=${valid_ciphers}


Verify Supported Cipher Via Getciphers
    [Documentation]  Verify supported cihpers via IPMI getciphers command.
    [Tags]  Verify_Supported_Cipher_Via_Getciphers

    # Example output from 'Channel Getciphers IPMI':
    # ipmi_channel_ciphers:
    #   [0]:
    #     [id]:                                         3
    #     [iana]:                                       N/A
    #     [auth_alg]:                                   hmac_sha1
    #     [integrity_alg]:                              hmac_sha1_96
    #     [confidentiality_alg]:                        aes_cbc_128
    #   [1]:
    #     [id]:                                         17
    #     [iana]:                                       N/A
    #     [auth_alg]:                                   hmac_sha256
    #     [integrity_alg]:                              sha256_128
    #     [confidentiality_alg]:                        aes_cbc_128

    ${ipmi_channel_ciphers}=  Channel Getciphers IPMI
    # Example cipher entry: 3 17
    Rprint Vars  ipmi_channel_ciphers
    ${ipmi_channel_cipher_ids}=  Nested Get  id  ${ipmi_channel_ciphers}
    Rpvars  ipmi_channel_cipher_ids
    Valid List  ipmi_channel_cipher_ids  valid_values=${valid_ciphers}


Verify Cipher Suite And Supported Algorithms Via IPMI Raw Command
    [Documentation]  Verify cipher ID and Supported Algorithms for all Available Channels.
    [Tags]  Verify_Cipher_Suite_And_Supported_Algorithms_Via_IPMI_Raw_Command
    [Template]  Verify Cipher ID and Supported Algorithm For Channel

    FOR  ${channel}  IN  @{active_channel_list}
        FOR  ${name}  ${type}  IN  &{payload_type}
            FOR  ${index_value}  IN  @{list_index_value}
                # Input Channel   Payload type    Index value 0x80 or 0x00
                ${channel}        ${type}         ${index_value}
            END
        END
    END


Verify Get Cipher Suite Command For Invalid Channels
    [Documentation]  Verify Get Cipher Suite Command For all Invalid Channels.
    [Tags]  Verify_Get_Cipher_Suite_Command_For_Invalid_Channels
    [Template]  Verify Cipher Suite For Invalid Channel

    FOR  ${channel}  IN  @{inactive_channel_list}
        # Input Channel
        ${channel}
    END


Verify Get Cipher Suite Raw Command With Invalid Data Length
    [Documentation]  Verify Get Cipher Suite Raw Command With One Extra and Less Byte.
    [Tags]  Verify_Get_Cipher_Suite_Raw_Command_With_Invalid_Data_Length
    [Template]  Verify Cipher Suite Command for Invalid Request Data

    # Byte
    less
    extra


*** Keywords ***

IPMI Cipher Suite Setup
    [Documentation]  Get active and inactive/invalid channels from channel_config.json file
    ...              in list type and set it as suite variable.

    # Get active channel list and set as a suite variable.
    @{active_channel_list}=  Get Active Ethernet Channel List  current_channel=1
    Set Suite Variable  @{active_channel_list}

    # Get Inactive/Invalid channel list and set as a suite variable.
    @{inactive_channel_list}=  Get Invalid Channel Number List
    Set Suite Variable  @{inactive_channel_list}

Verify Standard Cipher Suite For Channel
    [Documentation]  Get the supported algorithms from data/ipmi_raw_cmd_table.py and
    ...              split into list and compare it with the given data list.
    [Arguments]  ${data_list}  ${channel_number}

    # Description of argument(s):
    # data_list   cipher suite records in list
    #  e.g  [01, c0, 11, 03, 44, 81]

    ${supported_algorithms}=  Split String  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}
    ${cipher_suite_id}=  Convert To Integer  ${data_list}[2]  base=16

    Should Be Equal  ${data_list}[0]  ${channel_number}
    Should Be Equal  ${data_list}[1]  c0
    Should Be Equal As Integers  ${cipher_suite_id}  ${valid_ciphers}[0]
    List Should Contain Value  ${supported_algorithms}  ${data_list}[3]
    List Should Contain Value  ${supported_algorithms}  ${data_list}[4]
    List Should Contain Value  ${supported_algorithms}  ${data_list}[5]

Verify Algorithm by Cipher Suite For Channel
    [Documentation]  Spilt the given response data, store it in a list.
    [Arguments]  ${response_data}  ${channel_number}

    # Description of argument(s):
    # response_data   response data of get channel cipher suite ipmi raw command
    #   e.g  01 c0 11 03 44 81   ---> list of algorithms by cipher suite (0x80 in request data 3rd byte)
    # ${channel_number}  Interface channel number

    @{expected_data_list}=  Split String  ${response_data}

    Run Keyword If  '${cipher_suite}' == 'standard'
    ...  Verify Standard Cipher Suite For Channel  ${expected_data_list}  ${channel_number}

Verify Supported Algorithm For Channel
    [Documentation]  Compare the supported algorithms got from ipmi_raw_cmd_table with
    ...              given response.
    [Arguments]  ${response_data}  ${channel_number}

    # Description of argument(s):
    # response_data    response data of get channel cipher suite ipmi raw command.
    # channel_number   Interface Channel Number.

    # expected data will be like " 01 03 44 81 ".
    ${expected_data}=  Catenate  ${channel_number}  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}

    Should Be Equal  ${expected_data}  ${response_data}

Verify Cipher ID and Supported Algorithm For Channel
    [Documentation]  Verify Cipher ID and Supported Algorithm on given channel.
    [Arguments]  ${channel_num}  ${payload_type}  ${index_value}

    # Description of argument(s):
    # channel_num   Interface channel number.
    # payload_type   IPMI(0x00) or Sol(0x01).
    # index_value    0x80 for list algorithm by cipher suite.
    #                0x00 for supported algorithms.

    ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]}
    ...  ${channel_num} ${payload_type} ${index_value}

    ${resp}=  Run External IPMI Raw Command  ${cmd}
    ${resp}=  Strip String  ${resp}

    # channel 14 represents current channel in which we send request.
    ${channel_num}=  Run Keyword If  '${channel_num}' == '14'
    ...  Convert To Hex  ${CHANNEL_NUMBER}  length=2
    ...  ELSE
    ...  Convert To Hex  ${channel_num}  length=2

    Run Keyword If  '${index_value}' == '0x80'
    ...  Verify Algorithm by Cipher Suite For Channel  ${resp}  ${channel_num}
    ...  ELSE
    ...  Verify Supported Algorithm For Channel  ${resp}  ${channel_num}

Verify Cipher Suite For Invalid Channel
   [Documentation]  Execute cipher suite ipmi cmd for invalid channel and verify Error code.
   [Arguments]  ${channel_number}

   # Description of argument(s):
   # channel_number   Interface channel number.

   ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${channel_number} 00 00

   Verify Invalid IPMI Command  ${cmd}  0xcc

Verify Cipher Suite Command for Invalid Request Data
   [Documentation]  Verify Cipher Suite Command with Invalid data Length.
   [Arguments]  ${byte_length}

   # Description of argument(s):
   # byte_length   extra or less.

   ${req_cmd}=  Run Keyword If  '${byte_length}' == 'less'
   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00
   ...  ELSE
   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00 00 01

   Verify Invalid IPMI Command  ${req_cmd}  0xc7