xref: /openbmc/openbmc-test-automation/ipmi/test_ipmi_cipher.robot (revision 069b266e40a93fda3992c888062745b1ac920473) 
1*** Settings ***
2Documentation    Module to test IPMI chipher functionality.
3
4Resource         ../lib/ipmi_client.robot
5Resource         ../lib/openbmc_ffdc.robot
6Resource         ../lib/bmc_network_utils.robot
7Library          ../lib/ipmi_utils.py
8Library          ../lib/var_funcs.py
9Variables        ../data/ipmi_raw_cmd_table.py
10Library          String
11
12
13Suite Setup      IPMI Cipher Suite Setup
14Test Setup       Printn
15Test Teardown    FFDC On Test Case Fail
16
17Test Tags       IPMI_Cipher
18
19*** Variables ***
20${cipher_suite}      standard
21&{payload_type}      ipmi=0  sol=1
22@{list_index_value}  0x80  0x00
23
24
25*** Test Cases ***
26
27Verify Supported Ciphers
28    [Documentation]  Execute all supported ciphers and verify.
29    [Tags]  Verify_Supported_Ciphers
30    FOR  ${cipher}  IN  @{valid_ciphers}
31      Run External IPMI Standard Command  power status  C=${cipher}
32    END
33
34
35Verify Unsupported Ciphers
36    [Documentation]  Execute all unsupported ciphers and verify error.
37    [Tags]  Verify_Unsupported_Ciphers
38    FOR  ${cipher}  IN  @{unsupported_ciphers}
39      Run Keyword And Expect Error  *invalid * algorithm*
40      ...  Run External IPMI Standard Command  power status  C=${cipher}
41    END
42
43
44Verify Supported Ciphers Via Lan Print
45    [Documentation]  Verify supported ciphers via IPMI lan print command.
46    [Tags]  Verify_Supported_Ciphers_Via_Lan_Print
47
48    ${lan_print}=  Get Lan Print Dict
49    # Example 'RMCP+ Cipher Suites' entry: 3,17
50    ${ciphers}=  Split String  ${lan_print['RMCP+ Cipher Suites']}  ,
51    Rprint Vars  ciphers
52    Valid List  ciphers  valid_values=${valid_ciphers}
53
54
55Verify Supported Cipher Via Getciphers
56    [Documentation]  Verify supported cihpers via IPMI getciphers command.
57    [Tags]  Verify_Supported_Cipher_Via_Getciphers
58
59    # Example output from 'Channel Getciphers IPMI':
60    # ipmi_channel_ciphers:
61    #   [0]:
62    #     [id]:                                         3
63    #     [iana]:                                       N/A
64    #     [auth_alg]:                                   hmac_sha1
65    #     [integrity_alg]:                              hmac_sha1_96
66    #     [confidentiality_alg]:                        aes_cbc_128
67    #   [1]:
68    #     [id]:                                         17
69    #     [iana]:                                       N/A
70    #     [auth_alg]:                                   hmac_sha256
71    #     [integrity_alg]:                              sha256_128
72    #     [confidentiality_alg]:                        aes_cbc_128
73
74    ${ipmi_channel_ciphers}=  Channel Getciphers IPMI
75    # Example cipher entry: 3 17
76    Rprint Vars  ipmi_channel_ciphers
77    ${ipmi_channel_cipher_ids}=  Nested Get  id  ${ipmi_channel_ciphers}
78    Rpvars  ipmi_channel_cipher_ids
79    Valid List  ipmi_channel_cipher_ids  valid_values=${valid_ciphers}
80
81
82Verify Cipher Suite And Supported Algorithms Via IPMI Raw Command
83    [Documentation]  Verify cipher ID and Supported Algorithms for all Available
84    ...  Channels.
85    [Tags]  Verify_Cipher_Suite_And_Supported_Algorithms_Via_IPMI_Raw_Command
86    [Template]  Verify Cipher ID and Supported Algorithm For Channel
87
88    FOR  ${channel}  IN  @{active_channel_list}
89        FOR  ${name}  ${type}  IN  &{payload_type}
90            FOR  ${index_value}  IN  @{list_index_value}
91                # Input Channel   Payload type    Index value 0x80 or 0x00
92                ${channel}        ${type}         ${index_value}
93            END
94        END
95    END
96
97
98Verify Get Cipher Suite Command For Invalid Channels
99    [Documentation]  Verify Get Cipher Suite Command For all Invalid Channels.
100    [Tags]  Verify_Get_Cipher_Suite_Command_For_Invalid_Channels
101    [Template]  Verify Cipher Suite For Invalid Channel
102
103    FOR  ${channel}  IN  @{inactive_channel_list}
104        # Input Channel
105        ${channel}
106    END
107
108
109Verify Get Cipher Suite Raw Command With Invalid Data Length
110    [Documentation]  Verify Get Cipher Suite Raw Command With One Extra and Less Byte.
111    [Tags]  Verify_Get_Cipher_Suite_Raw_Command_With_Invalid_Data_Length
112    [Template]  Verify Cipher Suite Command for Invalid Request Data
113
114    # Byte
115    less
116    extra
117
118
119*** Keywords ***
120
121IPMI Cipher Suite Setup
122    [Documentation]  Get active and inactive/invalid channels from channel_config.json file
123    ...              in list type and set it as suite variable.
124
125    # Get active channel list and set as a suite variable.
126    @{active_channel_list}=  Get Active Ethernet Channel List  current_channel=1
127    Set Suite Variable  @{active_channel_list}
128
129    # Get Inactive/Invalid channel list and set as a suite variable.
130    @{inactive_channel_list}=  Get Invalid Channel Number List
131    Set Suite Variable  @{inactive_channel_list}
132
133Verify Standard Cipher Suite For Channel
134    [Documentation]  Get the supported algorithms from data/ipmi_raw_cmd_table.py and
135    ...              split into list and compare it with the given data list.
136    [Arguments]  ${data_list}  ${channel_number}
137
138    # Description of argument(s):
139    # data_list       cipher suite records in list
140    #                 e.g  [01, c0, 11, 03, 44, 81]
141    # channel_number  Interface channel number
142
143    ${supported_algorithms}=  Split String  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}
144    ${cipher_suite_id}=  Convert To Integer  ${data_list}[2]  base=16
145
146    Should Be Equal  ${data_list}[0]  ${channel_number}
147    Should Be Equal  ${data_list}[1]  c0
148    Should Be Equal As Integers  ${cipher_suite_id}  ${valid_ciphers}[0]
149    List Should Contain Value  ${supported_algorithms}  ${data_list}[3]
150    List Should Contain Value  ${supported_algorithms}  ${data_list}[4]
151    List Should Contain Value  ${supported_algorithms}  ${data_list}[5]
152
153Verify Algorithm by Cipher Suite For Channel
154    [Documentation]  Spilt the given response data, store it in a list.
155    [Arguments]  ${response_data}  ${channel_number}
156
157    # Description of argument(s):
158    # response_data   Response data of get channel cipher suite IPMI raw command
159    #   e.g  01 c0 11 03 44 81   ---> list of algorithms by cipher suite (0x80 in request data 3rd byte)
160    # channel_number  Interface channel number
161
162    @{expected_data_list}=  Split String  ${response_data}
163
164    IF  '${cipher_suite}' == 'standard'
165        Verify Standard Cipher Suite For Channel  ${expected_data_list}  ${channel_number}
166    END
167
168Verify Supported Algorithm For Channel
169    [Documentation]  Compare the supported algorithms got from ipmi_raw_cmd_table with
170    ...              given response.
171    [Arguments]  ${response_data}  ${channel_number}
172
173    # Description of argument(s):
174    # response_data    response data of get channel cipher suite IPMI raw command.
175    # channel_number   Interface Channel Number.
176
177    # expected data will be like " 01 03 44 81 ".
178    ${expected_data}=  Catenate  ${channel_number}  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}
179
180    Should Be Equal  ${expected_data}  ${response_data}
181
182Verify Cipher ID and Supported Algorithm For Channel
183    [Documentation]  Verify Cipher ID and Supported Algorithm on given channel.
184    [Arguments]  ${channel_num}  ${payload_type}  ${index_value}
185
186    # Description of argument(s):
187    # channel_num    Interface channel number.
188    # payload_type   IPMI(0x00) or SOL(0x01).
189    # index_value    0x80 for list algorithm by cipher suite.
190    #                0x00 for supported algorithms.
191
192    ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]}
193    ...  ${channel_num} ${payload_type} ${index_value}
194
195    ${resp}=  Run IPMI Command  ${cmd}
196    ${resp}=  Strip String  ${resp}
197
198    # channel 14 represents current channel in which we send request.
199    ${channel_num}=  Run Keyword If  '${channel_num}' == '14'
200    ...  Convert To Hex  ${CHANNEL_NUMBER}  length=2
201    ...  ELSE
202    ...  Convert To Hex  ${channel_num}  length=2
203
204    IF  '${index_value}' == '0x80'
205        Verify Algorithm by Cipher Suite For Channel  ${resp}  ${channel_num}
206    ELSE
207        Verify Supported Algorithm For Channel  ${resp}  ${channel_num}
208    END
209
210Verify Cipher Suite For Invalid Channel
211   [Documentation]  Execute cipher suite ipmi cmd for invalid channel and verify Error code.
212   [Arguments]  ${channel_number}
213
214   # Description of argument(s):
215   # channel_number   Interface channel number.
216
217   ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${channel_number} 00 00
218
219   Verify Invalid IPMI Command  ${cmd}  0xcc
220
221Verify Cipher Suite Command for Invalid Request Data
222   [Documentation]  Verify Cipher Suite Command with Invalid data Length.
223   [Arguments]  ${byte_length}
224
225   # Description of argument(s):
226   # byte_length   extra or less.
227
228   ${req_cmd}=  Run Keyword If  '${byte_length}' == 'less'
229   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00
230   ...  ELSE
231   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00 00 01
232
233   Verify Invalid IPMI Command  ${req_cmd}  0xc7
234