xref: /openbmc/openbmc-test-automation/ipmi/test_ipmi_cipher.robot (revision 42c84ea5d0dd320e1a1d57bcba34fcb788c7788c)
1*** Settings ***
2Documentation    Module to test IPMI chipher functionality.
3Resource         ../lib/ipmi_client.robot
4Resource         ../lib/openbmc_ffdc.robot
5Resource         ../lib/bmc_network_utils.robot
6Library          ../lib/ipmi_utils.py
7Library          ../lib/var_funcs.py
8Variables        ../data/ipmi_raw_cmd_table.py
9Library          String
10
11
12Suite Setup      IPMI Cipher Suite Setup
13Test Setup       Printn
14Test Teardown    FFDC On Test Case Fail
15
16
17*** Variables  ***
18${cipher_suite}      standard
19&{payload_type}      ipmi=0  sol=1
20@{list_index_value}  0x80  0x00
21
22
23*** Test Cases ***
24
25Verify Supported Ciphers
26    [Documentation]  Execute all supported ciphers and verify.
27    [Tags]  Verify_Supported_Ciphers
28    FOR  ${cipher}  IN  @{valid_ciphers}
29      Run External IPMI Standard Command  power status  C=${cipher}
30    END
31
32
33Verify Unsupported Ciphers
34    [Documentation]  Execute all unsupported ciphers and verify error.
35    [Tags]  Verify_Unsupported_Ciphers
36    FOR  ${cipher}  IN  @{unsupported_ciphers}
37      Run Keyword And Expect Error  *invalid * algorithm*
38      ...  Run External IPMI Standard Command  power status  C=${cipher}
39    END
40
41
42Verify Supported Ciphers Via Lan Print
43    [Documentation]  Verify supported ciphers via IPMI lan print command.
44    [Tags]  Verify_Supported_Ciphers_Via_Lan_Print
45
46    ${lan_print}=  Get Lan Print Dict
47    # Example 'RMCP+ Cipher Suites' entry: 3,17
48    ${ciphers}=  Split String  ${lan_print['RMCP+ Cipher Suites']}  ,
49    Rprint Vars  ciphers
50    Valid List  ciphers  valid_values=${valid_ciphers}
51
52
53Verify Supported Cipher Via Getciphers
54    [Documentation]  Verify supported cihpers via IPMI getciphers command.
55    [Tags]  Verify_Supported_Cipher_Via_Getciphers
56
57    # Example output from 'Channel Getciphers IPMI':
58    # ipmi_channel_ciphers:
59    #   [0]:
60    #     [id]:                                         3
61    #     [iana]:                                       N/A
62    #     [auth_alg]:                                   hmac_sha1
63    #     [integrity_alg]:                              hmac_sha1_96
64    #     [confidentiality_alg]:                        aes_cbc_128
65    #   [1]:
66    #     [id]:                                         17
67    #     [iana]:                                       N/A
68    #     [auth_alg]:                                   hmac_sha256
69    #     [integrity_alg]:                              sha256_128
70    #     [confidentiality_alg]:                        aes_cbc_128
71
72    ${ipmi_channel_ciphers}=  Channel Getciphers IPMI
73    # Example cipher entry: 3 17
74    Rprint Vars  ipmi_channel_ciphers
75    ${ipmi_channel_cipher_ids}=  Nested Get  id  ${ipmi_channel_ciphers}
76    Rpvars  ipmi_channel_cipher_ids
77    Valid List  ipmi_channel_cipher_ids  valid_values=${valid_ciphers}
78
79
80Verify Cipher Suite And Supported Algorithms Via IPMI Raw Command
81    [Documentation]  Verify cipher ID and Supported Algorithms for all Available Channels.
82    [Tags]  Verify_Cipher_Suite_And_Supported_Algorithms_Via_IPMI_Raw_Command
83    [Template]  Verify Cipher ID and Supported Algorithm For Channel
84
85    FOR  ${channel}  IN  @{active_channel_list}
86        FOR  ${name}  ${type}  IN  &{payload_type}
87            FOR  ${index_value}  IN  @{list_index_value}
88                # Input Channel   Payload type    Index value 0x80 or 0x00
89                ${channel}        ${type}         ${index_value}
90            END
91        END
92    END
93
94
95Verify Get Cipher Suite Command For Invalid Channels
96    [Documentation]  Verify Get Cipher Suite Command For all Invalid Channels.
97    [Tags]  Verify_Get_Cipher_Suite_Command_For_Invalid_Channels
98    [Template]  Verify Cipher Suite For Invalid Channel
99
100    FOR  ${channel}  IN  @{inactive_channel_list}
101        # Input Channel
102        ${channel}
103    END
104
105
106Verify Get Cipher Suite Raw Command With Invalid Data Length
107    [Documentation]  Verify Get Cipher Suite Raw Command With One Extra and Less Byte.
108    [Tags]  Verify_Get_Cipher_Suite_Raw_Command_With_Invalid_Data_Length
109    [Template]  Verify Cipher Suite Command for Invalid Request Data
110
111    # Byte
112    less
113    extra
114
115
116*** Keywords ***
117
118IPMI Cipher Suite Setup
119    [Documentation]  Get active and inactive/invalid channels from channel_config.json file
120    ...              in list type and set it as suite variable.
121
122    # Get active channel list and set as a suite variable.
123    @{active_channel_list}=  Get Active Ethernet Channel List  current_channel=1
124    Set Suite Variable  @{active_channel_list}
125
126    # Get Inactive/Invalid channel list and set as a suite variable.
127    @{inactive_channel_list}=  Get Invalid Channel Number List
128    Set Suite Variable  @{inactive_channel_list}
129
130Verify Standard Cipher Suite For Channel
131    [Documentation]  Get the supported algorithms from data/ipmi_raw_cmd_table.py and
132    ...              split into list and compare it with the given data list.
133    [Arguments]  ${data_list}  ${channel_number}
134
135    # Description of argument(s):
136    # data_list   cipher suite records in list
137    #  e.g  [01, c0, 11, 03, 44, 81]
138
139    ${supported_algorithms}=  Split String  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}
140    ${cipher_suite_id}=  Convert To Integer  ${data_list}[2]  base=16
141
142    Should Be Equal  ${data_list}[0]  ${channel_number}
143    Should Be Equal  ${data_list}[1]  c0
144    Should Be Equal As Integers  ${cipher_suite_id}  ${valid_ciphers}[0]
145    List Should Contain Value  ${supported_algorithms}  ${data_list}[3]
146    List Should Contain Value  ${supported_algorithms}  ${data_list}[4]
147    List Should Contain Value  ${supported_algorithms}  ${data_list}[5]
148
149Verify Algorithm by Cipher Suite For Channel
150    [Documentation]  Spilt the given response data, store it in a list.
151    [Arguments]  ${response_data}  ${channel_number}
152
153    # Description of argument(s):
154    # response_data   response data of get channel cipher suite ipmi raw command
155    #   e.g  01 c0 11 03 44 81   ---> list of algorithms by cipher suite (0x80 in request data 3rd byte)
156    # ${channel_number}  Interface channel number
157
158    @{expected_data_list}=  Split String  ${response_data}
159
160    Run Keyword If  '${cipher_suite}' == 'standard'
161    ...  Verify Standard Cipher Suite For Channel  ${expected_data_list}  ${channel_number}
162
163Verify Supported Algorithm For Channel
164    [Documentation]  Compare the supported algorithms got from ipmi_raw_cmd_table with
165    ...              given response.
166    [Arguments]  ${response_data}  ${channel_number}
167
168    # Description of argument(s):
169    # response_data    response data of get channel cipher suite ipmi raw command.
170    # channel_number   Interface Channel Number.
171
172    # expected data will be like " 01 03 44 81 ".
173    ${expected_data}=  Catenate  ${channel_number}  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}
174
175    Should Be Equal  ${expected_data}  ${response_data}
176
177Verify Cipher ID and Supported Algorithm For Channel
178    [Documentation]  Verify Cipher ID and Supported Algorithm on given channel.
179    [Arguments]  ${channel_num}  ${payload_type}  ${index_value}
180
181    # Description of argument(s):
182    # channel_num   Interface channel number.
183    # payload_type   IPMI(0x00) or Sol(0x01).
184    # index_value    0x80 for list algorithm by cipher suite.
185    #                0x00 for supported algorithms.
186
187    ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]}
188    ...  ${channel_num} ${payload_type} ${index_value}
189
190    ${resp}=  Run External IPMI Raw Command  ${cmd}
191    ${resp}=  Strip String  ${resp}
192
193    # channel 14 represents current channel in which we send request.
194    ${channel_num}=  Run Keyword If  '${channel_num}' == '14'
195    ...  Convert To Hex  ${CHANNEL_NUMBER}  length=2
196    ...  ELSE
197    ...  Convert To Hex  ${channel_num}  length=2
198
199    Run Keyword If  '${index_value}' == '0x80'
200    ...  Verify Algorithm by Cipher Suite For Channel  ${resp}  ${channel_num}
201    ...  ELSE
202    ...  Verify Supported Algorithm For Channel  ${resp}  ${channel_num}
203
204Verify Cipher Suite For Invalid Channel
205   [Documentation]  Execute cipher suite ipmi cmd for invalid channel and verify Error code.
206   [Arguments]  ${channel_number}
207
208   # Description of argument(s):
209   # channel_number   Interface channel number.
210
211   ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${channel_number} 00 00
212
213   Verify Invalid IPMI Command  ${cmd}  0xcc
214
215Verify Cipher Suite Command for Invalid Request Data
216   [Documentation]  Verify Cipher Suite Command with Invalid data Length.
217   [Arguments]  ${byte_length}
218
219   # Description of argument(s):
220   # byte_length   extra or less.
221
222   ${req_cmd}=  Run Keyword If  '${byte_length}' == 'less'
223   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00
224   ...  ELSE
225   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00 00 01
226
227   Verify Invalid IPMI Command  ${req_cmd}  0xc7
228