xref: /openbmc/openbmc-test-automation/ipmi/test_ipmi_cipher.robot (revision 6fb70d98f2f1cb9273ba912deaa2cebe3c23ea86) 
1d4d43fc8SRahul Maheshwari*** Settings ***
2d4d43fc8SRahul MaheshwariDocumentation    Module to test IPMI chipher functionality.
3d4d43fc8SRahul MaheshwariResource         ../lib/ipmi_client.robot
4d4d43fc8SRahul MaheshwariResource         ../lib/openbmc_ffdc.robot
57fabf794Snagarjunb22Resource         ../lib/bmc_network_utils.robot
6d4d43fc8SRahul MaheshwariLibrary          ../lib/ipmi_utils.py
745511e8dSGeorge KeishingLibrary          ../lib/var_funcs.py
8d4d43fc8SRahul MaheshwariVariables        ../data/ipmi_raw_cmd_table.py
945511e8dSGeorge KeishingLibrary          String
10d4d43fc8SRahul Maheshwari
117fabf794Snagarjunb22
127fabf794Snagarjunb22Suite Setup      IPMI Cipher Suite Setup
1345511e8dSGeorge KeishingTest Setup       Printn
14d4d43fc8SRahul MaheshwariTest Teardown    FFDC On Test Case Fail
15d4d43fc8SRahul Maheshwari
16*6fb70d98SMatt FischerTest Tags       IPMI_Cipher
177fabf794Snagarjunb22
187fabf794Snagarjunb22*** Variables  ***
197fabf794Snagarjunb22${cipher_suite}      standard
207fabf794Snagarjunb22&{payload_type}      ipmi=0  sol=1
217fabf794Snagarjunb22@{list_index_value}  0x80  0x00
227fabf794Snagarjunb22
237fabf794Snagarjunb22
24d4d43fc8SRahul Maheshwari*** Test Cases ***
25d4d43fc8SRahul Maheshwari
2645511e8dSGeorge KeishingVerify Supported Ciphers
2745511e8dSGeorge Keishing    [Documentation]  Execute all supported ciphers and verify.
2845511e8dSGeorge Keishing    [Tags]  Verify_Supported_Ciphers
2945511e8dSGeorge Keishing    FOR  ${cipher}  IN  @{valid_ciphers}
3045511e8dSGeorge Keishing      Run External IPMI Standard Command  power status  C=${cipher}
3145511e8dSGeorge Keishing    END
32d4d43fc8SRahul Maheshwari
33d4d43fc8SRahul Maheshwari
3445511e8dSGeorge KeishingVerify Unsupported Ciphers
3545511e8dSGeorge Keishing    [Documentation]  Execute all unsupported ciphers and verify error.
3645511e8dSGeorge Keishing    [Tags]  Verify_Unsupported_Ciphers
3745511e8dSGeorge Keishing    FOR  ${cipher}  IN  @{unsupported_ciphers}
3845511e8dSGeorge Keishing      Run Keyword And Expect Error  *invalid * algorithm*
3945511e8dSGeorge Keishing      ...  Run External IPMI Standard Command  power status  C=${cipher}
4045511e8dSGeorge Keishing    END
41d4d43fc8SRahul Maheshwari
42d4d43fc8SRahul Maheshwari
4345511e8dSGeorge KeishingVerify Supported Ciphers Via Lan Print
4445511e8dSGeorge Keishing    [Documentation]  Verify supported ciphers via IPMI lan print command.
4545511e8dSGeorge Keishing    [Tags]  Verify_Supported_Ciphers_Via_Lan_Print
4645511e8dSGeorge Keishing
4745511e8dSGeorge Keishing    ${lan_print}=  Get Lan Print Dict
48d4d43fc8SRahul Maheshwari    # Example 'RMCP+ Cipher Suites' entry: 3,17
4945511e8dSGeorge Keishing    ${ciphers}=  Split String  ${lan_print['RMCP+ Cipher Suites']}  ,
5045511e8dSGeorge Keishing    Rprint Vars  ciphers
5145511e8dSGeorge Keishing    Valid List  ciphers  valid_values=${valid_ciphers}
52d4d43fc8SRahul Maheshwari
53d4d43fc8SRahul Maheshwari
54d4d43fc8SRahul MaheshwariVerify Supported Cipher Via Getciphers
5513b7afd3SGeorge Keishing    [Documentation]  Verify supported cihpers via IPMI getciphers command.
56d4d43fc8SRahul Maheshwari    [Tags]  Verify_Supported_Cipher_Via_Getciphers
57d4d43fc8SRahul Maheshwari
5845511e8dSGeorge Keishing    # Example output from 'Channel Getciphers IPMI':
5945511e8dSGeorge Keishing    # ipmi_channel_ciphers:
6045511e8dSGeorge Keishing    #   [0]:
6145511e8dSGeorge Keishing    #     [id]:                                         3
6245511e8dSGeorge Keishing    #     [iana]:                                       N/A
6345511e8dSGeorge Keishing    #     [auth_alg]:                                   hmac_sha1
6445511e8dSGeorge Keishing    #     [integrity_alg]:                              hmac_sha1_96
6545511e8dSGeorge Keishing    #     [confidentiality_alg]:                        aes_cbc_128
6645511e8dSGeorge Keishing    #   [1]:
6745511e8dSGeorge Keishing    #     [id]:                                         17
6845511e8dSGeorge Keishing    #     [iana]:                                       N/A
6945511e8dSGeorge Keishing    #     [auth_alg]:                                   hmac_sha256
7045511e8dSGeorge Keishing    #     [integrity_alg]:                              sha256_128
7145511e8dSGeorge Keishing    #     [confidentiality_alg]:                        aes_cbc_128
72d4d43fc8SRahul Maheshwari
7345511e8dSGeorge Keishing    ${ipmi_channel_ciphers}=  Channel Getciphers IPMI
7445511e8dSGeorge Keishing    # Example cipher entry: 3 17
7545511e8dSGeorge Keishing    Rprint Vars  ipmi_channel_ciphers
7645511e8dSGeorge Keishing    ${ipmi_channel_cipher_ids}=  Nested Get  id  ${ipmi_channel_ciphers}
7745511e8dSGeorge Keishing    Rpvars  ipmi_channel_cipher_ids
7845511e8dSGeorge Keishing    Valid List  ipmi_channel_cipher_ids  valid_values=${valid_ciphers}
797fabf794Snagarjunb22
807fabf794Snagarjunb22
817fabf794Snagarjunb22Verify Cipher Suite And Supported Algorithms Via IPMI Raw Command
827fabf794Snagarjunb22    [Documentation]  Verify cipher ID and Supported Algorithms for all Available Channels.
837fabf794Snagarjunb22    [Tags]  Verify_Cipher_Suite_And_Supported_Algorithms_Via_IPMI_Raw_Command
847fabf794Snagarjunb22    [Template]  Verify Cipher ID and Supported Algorithm For Channel
857fabf794Snagarjunb22
867fabf794Snagarjunb22    FOR  ${channel}  IN  @{active_channel_list}
877fabf794Snagarjunb22        FOR  ${name}  ${type}  IN  &{payload_type}
887fabf794Snagarjunb22            FOR  ${index_value}  IN  @{list_index_value}
897fabf794Snagarjunb22                # Input Channel   Payload type    Index value 0x80 or 0x00
907fabf794Snagarjunb22                ${channel}        ${type}         ${index_value}
917fabf794Snagarjunb22            END
927fabf794Snagarjunb22        END
937fabf794Snagarjunb22    END
947fabf794Snagarjunb22
957fabf794Snagarjunb22
967fabf794Snagarjunb22Verify Get Cipher Suite Command For Invalid Channels
977fabf794Snagarjunb22    [Documentation]  Verify Get Cipher Suite Command For all Invalid Channels.
987fabf794Snagarjunb22    [Tags]  Verify_Get_Cipher_Suite_Command_For_Invalid_Channels
997fabf794Snagarjunb22    [Template]  Verify Cipher Suite For Invalid Channel
1007fabf794Snagarjunb22
1017fabf794Snagarjunb22    FOR  ${channel}  IN  @{inactive_channel_list}
1027fabf794Snagarjunb22        # Input Channel
1037fabf794Snagarjunb22        ${channel}
1047fabf794Snagarjunb22    END
1057fabf794Snagarjunb22
1067fabf794Snagarjunb22
1077fabf794Snagarjunb22Verify Get Cipher Suite Raw Command With Invalid Data Length
1087fabf794Snagarjunb22    [Documentation]  Verify Get Cipher Suite Raw Command With One Extra and Less Byte.
1097fabf794Snagarjunb22    [Tags]  Verify_Get_Cipher_Suite_Raw_Command_With_Invalid_Data_Length
1107fabf794Snagarjunb22    [Template]  Verify Cipher Suite Command for Invalid Request Data
1117fabf794Snagarjunb22
1127fabf794Snagarjunb22    # Byte
1137fabf794Snagarjunb22    less
1147fabf794Snagarjunb22    extra
1157fabf794Snagarjunb22
1167fabf794Snagarjunb22
1177fabf794Snagarjunb22*** Keywords ***
1187fabf794Snagarjunb22
1197fabf794Snagarjunb22IPMI Cipher Suite Setup
1207fabf794Snagarjunb22    [Documentation]  Get active and inactive/invalid channels from channel_config.json file
1217fabf794Snagarjunb22    ...              in list type and set it as suite variable.
1227fabf794Snagarjunb22
1237fabf794Snagarjunb22    # Get active channel list and set as a suite variable.
1247fabf794Snagarjunb22    @{active_channel_list}=  Get Active Ethernet Channel List  current_channel=1
1257fabf794Snagarjunb22    Set Suite Variable  @{active_channel_list}
1267fabf794Snagarjunb22
1277fabf794Snagarjunb22    # Get Inactive/Invalid channel list and set as a suite variable.
1287fabf794Snagarjunb22    @{inactive_channel_list}=  Get Invalid Channel Number List
1297fabf794Snagarjunb22    Set Suite Variable  @{inactive_channel_list}
1307fabf794Snagarjunb22
1317fabf794Snagarjunb22Verify Standard Cipher Suite For Channel
1327fabf794Snagarjunb22    [Documentation]  Get the supported algorithms from data/ipmi_raw_cmd_table.py and
1337fabf794Snagarjunb22    ...              split into list and compare it with the given data list.
1347fabf794Snagarjunb22    [Arguments]  ${data_list}  ${channel_number}
1357fabf794Snagarjunb22
1367fabf794Snagarjunb22    # Description of argument(s):
1377fabf794Snagarjunb22    # data_list   cipher suite records in list
1387fabf794Snagarjunb22    #  e.g  [01, c0, 11, 03, 44, 81]
1397fabf794Snagarjunb22
1407fabf794Snagarjunb22    ${supported_algorithms}=  Split String  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}
1417fabf794Snagarjunb22    ${cipher_suite_id}=  Convert To Integer  ${data_list}[2]  base=16
1427fabf794Snagarjunb22
1437fabf794Snagarjunb22    Should Be Equal  ${data_list}[0]  ${channel_number}
1447fabf794Snagarjunb22    Should Be Equal  ${data_list}[1]  c0
1457fabf794Snagarjunb22    Should Be Equal As Integers  ${cipher_suite_id}  ${valid_ciphers}[0]
1467fabf794Snagarjunb22    List Should Contain Value  ${supported_algorithms}  ${data_list}[3]
1477fabf794Snagarjunb22    List Should Contain Value  ${supported_algorithms}  ${data_list}[4]
1487fabf794Snagarjunb22    List Should Contain Value  ${supported_algorithms}  ${data_list}[5]
1497fabf794Snagarjunb22
1507fabf794Snagarjunb22Verify Algorithm by Cipher Suite For Channel
1517fabf794Snagarjunb22    [Documentation]  Spilt the given response data, store it in a list.
1527fabf794Snagarjunb22    [Arguments]  ${response_data}  ${channel_number}
1537fabf794Snagarjunb22
1547fabf794Snagarjunb22    # Description of argument(s):
1557fabf794Snagarjunb22    # response_data   response data of get channel cipher suite ipmi raw command
1567fabf794Snagarjunb22    #   e.g  01 c0 11 03 44 81   ---> list of algorithms by cipher suite (0x80 in request data 3rd byte)
1577fabf794Snagarjunb22    # ${channel_number}  Interface channel number
1587fabf794Snagarjunb22
1597fabf794Snagarjunb22    @{expected_data_list}=  Split String  ${response_data}
1607fabf794Snagarjunb22
1617fabf794Snagarjunb22    Run Keyword If  '${cipher_suite}' == 'standard'
1627fabf794Snagarjunb22    ...  Verify Standard Cipher Suite For Channel  ${expected_data_list}  ${channel_number}
1637fabf794Snagarjunb22
1647fabf794Snagarjunb22Verify Supported Algorithm For Channel
1657fabf794Snagarjunb22    [Documentation]  Compare the supported algorithms got from ipmi_raw_cmd_table with
16613b7afd3SGeorge Keishing    ...              given response.
1677fabf794Snagarjunb22    [Arguments]  ${response_data}  ${channel_number}
1687fabf794Snagarjunb22
1697fabf794Snagarjunb22    # Description of argument(s):
1707fabf794Snagarjunb22    # response_data    response data of get channel cipher suite ipmi raw command.
1717fabf794Snagarjunb22    # channel_number   Interface Channel Number.
1727fabf794Snagarjunb22
1737fabf794Snagarjunb22    # expected data will be like " 01 03 44 81 ".
1747fabf794Snagarjunb22    ${expected_data}=  Catenate  ${channel_number}  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}
1757fabf794Snagarjunb22
1767fabf794Snagarjunb22    Should Be Equal  ${expected_data}  ${response_data}
1777fabf794Snagarjunb22
1787fabf794Snagarjunb22Verify Cipher ID and Supported Algorithm For Channel
1797fabf794Snagarjunb22    [Documentation]  Verify Cipher ID and Supported Algorithm on given channel.
1807fabf794Snagarjunb22    [Arguments]  ${channel_num}  ${payload_type}  ${index_value}
1817fabf794Snagarjunb22
1827fabf794Snagarjunb22    # Description of argument(s):
1837fabf794Snagarjunb22    # channel_num   Interface channel number.
1847fabf794Snagarjunb22    # payload_type   IPMI(0x00) or Sol(0x01).
1857fabf794Snagarjunb22    # index_value    0x80 for list algorithm by cipher suite.
1867fabf794Snagarjunb22    #                0x00 for supported algorithms.
1877fabf794Snagarjunb22
1887fabf794Snagarjunb22    ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]}
1897fabf794Snagarjunb22    ...  ${channel_num} ${payload_type} ${index_value}
1907fabf794Snagarjunb22
191372cd862Sishwaryamathim    ${resp}=  Run IPMI Command  ${cmd}
1927fabf794Snagarjunb22    ${resp}=  Strip String  ${resp}
1937fabf794Snagarjunb22
1947fabf794Snagarjunb22    # channel 14 represents current channel in which we send request.
1957fabf794Snagarjunb22    ${channel_num}=  Run Keyword If  '${channel_num}' == '14'
1967fabf794Snagarjunb22    ...  Convert To Hex  ${CHANNEL_NUMBER}  length=2
1977fabf794Snagarjunb22    ...  ELSE
1987fabf794Snagarjunb22    ...  Convert To Hex  ${channel_num}  length=2
1997fabf794Snagarjunb22
2007fabf794Snagarjunb22    Run Keyword If  '${index_value}' == '0x80'
2017fabf794Snagarjunb22    ...  Verify Algorithm by Cipher Suite For Channel  ${resp}  ${channel_num}
2027fabf794Snagarjunb22    ...  ELSE
2037fabf794Snagarjunb22    ...  Verify Supported Algorithm For Channel  ${resp}  ${channel_num}
2047fabf794Snagarjunb22
2057fabf794Snagarjunb22Verify Cipher Suite For Invalid Channel
2067fabf794Snagarjunb22   [Documentation]  Execute cipher suite ipmi cmd for invalid channel and verify Error code.
2077fabf794Snagarjunb22   [Arguments]  ${channel_number}
2087fabf794Snagarjunb22
2097fabf794Snagarjunb22   # Description of argument(s):
2107fabf794Snagarjunb22   # channel_number   Interface channel number.
2117fabf794Snagarjunb22
2127fabf794Snagarjunb22   ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${channel_number} 00 00
2137fabf794Snagarjunb22
2147fabf794Snagarjunb22   Verify Invalid IPMI Command  ${cmd}  0xcc
2157fabf794Snagarjunb22
2167fabf794Snagarjunb22Verify Cipher Suite Command for Invalid Request Data
2177fabf794Snagarjunb22   [Documentation]  Verify Cipher Suite Command with Invalid data Length.
2187fabf794Snagarjunb22   [Arguments]  ${byte_length}
2197fabf794Snagarjunb22
2207fabf794Snagarjunb22   # Description of argument(s):
2217fabf794Snagarjunb22   # byte_length   extra or less.
2227fabf794Snagarjunb22
2237fabf794Snagarjunb22   ${req_cmd}=  Run Keyword If  '${byte_length}' == 'less'
2247fabf794Snagarjunb22   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00
2257fabf794Snagarjunb22   ...  ELSE
2267fabf794Snagarjunb22   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00 00 01
2277fabf794Snagarjunb22
2287fabf794Snagarjunb22   Verify Invalid IPMI Command  ${req_cmd}  0xc7
229