1*** Settings ***
2Documentation    Module to test IPMI chipher functionality.
3Resource         ../lib/ipmi_client.robot
4Resource         ../lib/openbmc_ffdc.robot
5Resource         ../lib/bmc_network_utils.robot
6Library          ../lib/ipmi_utils.py
7Library          ../lib/var_funcs.py
8Variables        ../data/ipmi_raw_cmd_table.py
9Library          String
10
11
12Suite Setup      IPMI Cipher Suite Setup
13Test Setup       Printn
14Test Teardown    FFDC On Test Case Fail
15
16Force Tags       IPMI_Cipher
17
18*** Variables  ***
19${cipher_suite}      standard
20&{payload_type}      ipmi=0  sol=1
21@{list_index_value}  0x80  0x00
22
23
24*** Test Cases ***
25
26Verify Supported Ciphers
27    [Documentation]  Execute all supported ciphers and verify.
28    [Tags]  Verify_Supported_Ciphers
29    FOR  ${cipher}  IN  @{valid_ciphers}
30      Run External IPMI Standard Command  power status  C=${cipher}
31    END
32
33
34Verify Unsupported Ciphers
35    [Documentation]  Execute all unsupported ciphers and verify error.
36    [Tags]  Verify_Unsupported_Ciphers
37    FOR  ${cipher}  IN  @{unsupported_ciphers}
38      Run Keyword And Expect Error  *invalid * algorithm*
39      ...  Run External IPMI Standard Command  power status  C=${cipher}
40    END
41
42
43Verify Supported Ciphers Via Lan Print
44    [Documentation]  Verify supported ciphers via IPMI lan print command.
45    [Tags]  Verify_Supported_Ciphers_Via_Lan_Print
46
47    ${lan_print}=  Get Lan Print Dict
48    # Example 'RMCP+ Cipher Suites' entry: 3,17
49    ${ciphers}=  Split String  ${lan_print['RMCP+ Cipher Suites']}  ,
50    Rprint Vars  ciphers
51    Valid List  ciphers  valid_values=${valid_ciphers}
52
53
54Verify Supported Cipher Via Getciphers
55    [Documentation]  Verify supported cihpers via IPMI getciphers command.
56    [Tags]  Verify_Supported_Cipher_Via_Getciphers
57
58    # Example output from 'Channel Getciphers IPMI':
59    # ipmi_channel_ciphers:
60    #   [0]:
61    #     [id]:                                         3
62    #     [iana]:                                       N/A
63    #     [auth_alg]:                                   hmac_sha1
64    #     [integrity_alg]:                              hmac_sha1_96
65    #     [confidentiality_alg]:                        aes_cbc_128
66    #   [1]:
67    #     [id]:                                         17
68    #     [iana]:                                       N/A
69    #     [auth_alg]:                                   hmac_sha256
70    #     [integrity_alg]:                              sha256_128
71    #     [confidentiality_alg]:                        aes_cbc_128
72
73    ${ipmi_channel_ciphers}=  Channel Getciphers IPMI
74    # Example cipher entry: 3 17
75    Rprint Vars  ipmi_channel_ciphers
76    ${ipmi_channel_cipher_ids}=  Nested Get  id  ${ipmi_channel_ciphers}
77    Rpvars  ipmi_channel_cipher_ids
78    Valid List  ipmi_channel_cipher_ids  valid_values=${valid_ciphers}
79
80
81Verify Cipher Suite And Supported Algorithms Via IPMI Raw Command
82    [Documentation]  Verify cipher ID and Supported Algorithms for all Available Channels.
83    [Tags]  Verify_Cipher_Suite_And_Supported_Algorithms_Via_IPMI_Raw_Command
84    [Template]  Verify Cipher ID and Supported Algorithm For Channel
85
86    FOR  ${channel}  IN  @{active_channel_list}
87        FOR  ${name}  ${type}  IN  &{payload_type}
88            FOR  ${index_value}  IN  @{list_index_value}
89                # Input Channel   Payload type    Index value 0x80 or 0x00
90                ${channel}        ${type}         ${index_value}
91            END
92        END
93    END
94
95
96Verify Get Cipher Suite Command For Invalid Channels
97    [Documentation]  Verify Get Cipher Suite Command For all Invalid Channels.
98    [Tags]  Verify_Get_Cipher_Suite_Command_For_Invalid_Channels
99    [Template]  Verify Cipher Suite For Invalid Channel
100
101    FOR  ${channel}  IN  @{inactive_channel_list}
102        # Input Channel
103        ${channel}
104    END
105
106
107Verify Get Cipher Suite Raw Command With Invalid Data Length
108    [Documentation]  Verify Get Cipher Suite Raw Command With One Extra and Less Byte.
109    [Tags]  Verify_Get_Cipher_Suite_Raw_Command_With_Invalid_Data_Length
110    [Template]  Verify Cipher Suite Command for Invalid Request Data
111
112    # Byte
113    less
114    extra
115
116
117*** Keywords ***
118
119IPMI Cipher Suite Setup
120    [Documentation]  Get active and inactive/invalid channels from channel_config.json file
121    ...              in list type and set it as suite variable.
122
123    # Get active channel list and set as a suite variable.
124    @{active_channel_list}=  Get Active Ethernet Channel List  current_channel=1
125    Set Suite Variable  @{active_channel_list}
126
127    # Get Inactive/Invalid channel list and set as a suite variable.
128    @{inactive_channel_list}=  Get Invalid Channel Number List
129    Set Suite Variable  @{inactive_channel_list}
130
131Verify Standard Cipher Suite For Channel
132    [Documentation]  Get the supported algorithms from data/ipmi_raw_cmd_table.py and
133    ...              split into list and compare it with the given data list.
134    [Arguments]  ${data_list}  ${channel_number}
135
136    # Description of argument(s):
137    # data_list   cipher suite records in list
138    #  e.g  [01, c0, 11, 03, 44, 81]
139
140    ${supported_algorithms}=  Split String  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}
141    ${cipher_suite_id}=  Convert To Integer  ${data_list}[2]  base=16
142
143    Should Be Equal  ${data_list}[0]  ${channel_number}
144    Should Be Equal  ${data_list}[1]  c0
145    Should Be Equal As Integers  ${cipher_suite_id}  ${valid_ciphers}[0]
146    List Should Contain Value  ${supported_algorithms}  ${data_list}[3]
147    List Should Contain Value  ${supported_algorithms}  ${data_list}[4]
148    List Should Contain Value  ${supported_algorithms}  ${data_list}[5]
149
150Verify Algorithm by Cipher Suite For Channel
151    [Documentation]  Spilt the given response data, store it in a list.
152    [Arguments]  ${response_data}  ${channel_number}
153
154    # Description of argument(s):
155    # response_data   response data of get channel cipher suite ipmi raw command
156    #   e.g  01 c0 11 03 44 81   ---> list of algorithms by cipher suite (0x80 in request data 3rd byte)
157    # ${channel_number}  Interface channel number
158
159    @{expected_data_list}=  Split String  ${response_data}
160
161    Run Keyword If  '${cipher_suite}' == 'standard'
162    ...  Verify Standard Cipher Suite For Channel  ${expected_data_list}  ${channel_number}
163
164Verify Supported Algorithm For Channel
165    [Documentation]  Compare the supported algorithms got from ipmi_raw_cmd_table with
166    ...              given response.
167    [Arguments]  ${response_data}  ${channel_number}
168
169    # Description of argument(s):
170    # response_data    response data of get channel cipher suite ipmi raw command.
171    # channel_number   Interface Channel Number.
172
173    # expected data will be like " 01 03 44 81 ".
174    ${expected_data}=  Catenate  ${channel_number}  ${IPMI_RAW_CMD['Cipher Suite']['get'][1]}
175
176    Should Be Equal  ${expected_data}  ${response_data}
177
178Verify Cipher ID and Supported Algorithm For Channel
179    [Documentation]  Verify Cipher ID and Supported Algorithm on given channel.
180    [Arguments]  ${channel_num}  ${payload_type}  ${index_value}
181
182    # Description of argument(s):
183    # channel_num   Interface channel number.
184    # payload_type   IPMI(0x00) or Sol(0x01).
185    # index_value    0x80 for list algorithm by cipher suite.
186    #                0x00 for supported algorithms.
187
188    ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]}
189    ...  ${channel_num} ${payload_type} ${index_value}
190
191    ${resp}=  Run External IPMI Raw Command  ${cmd}
192    ${resp}=  Strip String  ${resp}
193
194    # channel 14 represents current channel in which we send request.
195    ${channel_num}=  Run Keyword If  '${channel_num}' == '14'
196    ...  Convert To Hex  ${CHANNEL_NUMBER}  length=2
197    ...  ELSE
198    ...  Convert To Hex  ${channel_num}  length=2
199
200    Run Keyword If  '${index_value}' == '0x80'
201    ...  Verify Algorithm by Cipher Suite For Channel  ${resp}  ${channel_num}
202    ...  ELSE
203    ...  Verify Supported Algorithm For Channel  ${resp}  ${channel_num}
204
205Verify Cipher Suite For Invalid Channel
206   [Documentation]  Execute cipher suite ipmi cmd for invalid channel and verify Error code.
207   [Arguments]  ${channel_number}
208
209   # Description of argument(s):
210   # channel_number   Interface channel number.
211
212   ${cmd}=  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${channel_number} 00 00
213
214   Verify Invalid IPMI Command  ${cmd}  0xcc
215
216Verify Cipher Suite Command for Invalid Request Data
217   [Documentation]  Verify Cipher Suite Command with Invalid data Length.
218   [Arguments]  ${byte_length}
219
220   # Description of argument(s):
221   # byte_length   extra or less.
222
223   ${req_cmd}=  Run Keyword If  '${byte_length}' == 'less'
224   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00
225   ...  ELSE
226   ...  Catenate  ${IPMI_RAW_CMD['Cipher Suite']['get'][0]} ${CHANNEL_NUMBER} 00 00 01
227
228   Verify Invalid IPMI Command  ${req_cmd}  0xc7
229