def test07_delete_CPD_2_BPD_secure_key(self):
# ************************************************************************************************#
# Test #7: Test ability to remove/ddete/ default security key on CPD for BPD
# *************************************************************#
print "Showing default security key for BPD to CPD...\n"
Nm.nm_clear_logs(sendMode, IPV6)
rc = Nm.nm_show_mac_sec_key(sendMode, IPV6, BPD_DUT, 1)
self.assertTrue('Key' in rc,
"Secured Key for BPD should have been loaded...\n")
print "Trying to establish ALS to delete old key"
# Establihsing ALS connection and sendig first command via secured ALS
reqId = Nm.random_with_N_digits(5)
blobFileIn = CERTS_PATH + BLOB_FILE
privkeyFileIn = CERTS_PATH + PRIVKEY_FILE
# IPV6 = CPD_IPV6_AP
timeOut = 30
replyType2 = '03' # HMAC, ShA256 for secured send comands
(seqNum, assocId, ss) = Nm.nm_establish_ALS_connection(sendMode, IPV6, timeOut=60, reqId=12345, \
replyType=5, replyType2='03',
blobFileIn=CERTS_PATH + BLOB_FILE,
privkeyFileIn=CERTS_PATH + PRIVKEY_FILE)
# Making a second secured command request via ALS
cmdString = " mac_secmib delete " + str(BPD_DUT) + " 1"
(seqNum, assocId,
ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum,
assocId, ss, IPV6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
# Bug: FIRMW-19441
rc = Nm.nm_show_mac_sec_key(sendMode, IPV6, BPD_DUT, 1)
self.assertFalse(
'Key' in rc,
"Key should of been deleted as expected, but delete is failing")
print "Sleep for set CPD-2-BPD POLLING INTERVAL SETTING OF: \'%s\' seconds ..." % (
CPD_2_BPD_POLLING_INTERVAL)
time.sleep(CPD_2_BPD_POLLING_INTERVAL)
def test_removing_OP_chained_path_certs(self):
# Establihsing ALS connection and sendig first command via secured ALS
reqId = Nm.random_with_N_digits(5)
blobFileIn = CERTS_PATH + BLOB_FILE
privkeyFileIn = CERTS_PATH + PRIVKEY_FILE
timeOut = 30
replyType = 7 # BC=0x1 + Blob=0x4 for nm.nm_sec_assoc assoc
replyType2 = '03' # HMAC, ShA256 for secured send comands
IPV6 = 'fe80::213:50ff:fe30:5b5e' #'fe80::213:5005:008f:deb2' #'fe80::213:50ff:fe30:5b5e'
print "Trying to establish ALS Connection...\n"
(seqNum, assocId, ss) = Nm.nm_establish_ALS_connection(
sendMode,
IPV6,
timeOut=60,
reqId=12345,
replyType=5,
replyType2='03',
blobFileIn=CERTS_PATH + BLOB_FILE,
privkeyFileIn=CERTS_PATH + PRIVKEY_FILE)
# seqNum = seqNum + 15
# Making a second secured command request via ALS
cmdString = " certs esdump 4 "
print "Trying to send command via secured ALSConnection...\n"
(seqNum, assocId,
ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum,
assocId, ss, IPV6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
# Removing DL cert:#1281, #1282
print "Removing DL cert 1280....\n"
#Nm.nm_remove_cert(sendMode, IPV6, '1280')
seqNum = seqNum + 15
privateID = 1283
cmdString = " certs erase " + str(privateID)
(seqNum, assocId,
ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum,
assocId, ss, IPV6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
print "Removing DL cert 1283....\n"
#Nm.nm_remove_cert(sendMode, IPV6, '1283')
seqNum = seqNum + 15
privateID = 1281
cmdString = " certs erase " + str(privateID)
(seqNum, assocId,
ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum,
assocId, ss, IPV6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
# Removing DLCA cert: #1283
print "Removing DLCA cert....\n"
# Nm.nm_remove_cert(sendMode, IPV6, '1025')
seqNum = seqNum + 15
privateID = 1283
cmdString = " certs erase " + str(privateID)
(seqNum, assocId,
ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum,
assocId, ss, IPV6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
# Removing OP cert: #1027
print "Deleting Op cert and subordinates...\n"
# Nm.nm_certs_delete_op(sendMode, IPV6)
seqNum = seqNum + 15
cmdString = " certs delete_op"
(seqNum, assocId,
ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum,
assocId, ss, IPV6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
"""
seqNum = seqNum + 15
print "Deleting NMENITY Cert...\n"
#Nm.nm_certs_delete_op(sendMode, IPV6)
seqNum = seqNum + 15
privateID = "0x200010"
cmdString = " certs erase " + str(privateID)
(seqNum, assocId, ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum, assocId, ss, IPV6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
seqNum = seqNum + 15
print "Deleting EBOCA CERT...\n"
#Nm.nm_certs_delete_op(sendMode, IPV6)
seqNum = seqNum + 15
privateID = "0x20000f"
cmdString = " certs erase " + str(privateID)
(seqNum, assocId, ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum, assocId, ss, IPV6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
"""
#NOTE: if all failed, try app_sysvar delete:360 (the certs cache)
# Removing APP_SYSVAR 360 cert:
print "Deleting app_sysvar:360...\n"
seqNum = seqNum + 15
cmdString = " app_sysvar delete:360"
(seqNum, assocId,
ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum,
assocId, ss, IPV6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
#print "Deleting out app_sysvar:360 for certs cache...\n"
#ID = 360
#Nm.nm_delete_sysvar(sendMode, IPV6, ID)
Nm.nm_dump_cert_cache(sendMode, IPV6)
seqNum = seqNum + 15
ret = Nm.nm_teardown_ALS_connection(sendMode, seqNum, assocId, ss,
IPV6)
print "Please restart your NIC before checking: certs esdump 4 again!\n"
for e in certs_array:
print e
"""
for bpd in BPD_ARRAY:
# Establihsing ALS connection and sending first command via secured ALS
(seqNum, assocId, ss) = Nm.nm_establish_ALS_connection(sendMode, ipv6, timeOut=60, reqId=12345, \
replyType=5, replyType2='03', blobFileIn=CERTS_PATH + BLOB_FILE, privkeyFileIn=CERTS_PATH + PRIVKEY_FILE)
# Making a second secured command request via ALS
cmdString = " certs esdump 4 "
(seqNum, assocId,
ss) = Nm.nm_als_secured_commands_send(sendMode, cmdString, seqNum,
assocId, ss, ipv6, timeOut,
replyType2)
print "Return for next command request for: seqNum;\'%d\', assocId:\'%s\', and sharedsecret:\'%s\' \n" % (
seqNum, assocId, ss)
# Get a list of Securit Association:
sa_list = Nm.nm_get_secure_association_list(sendMode, IPV6)
print "ALS ccurent Security Asscocation list is: \'%s\'\n" % (sa_list)
# Disable unsecured port for safety net during testing as a way to recover.
# NOTE: if you use net_mgrS for connection, it will enable the unsecured port on Gen5 NIC.
unsecureMode = 0 # DISABLED
seqNum = seqNum + 11 #For some resason, when we start to disable unsecured port, seqNum increased by 11
(seqNum, assocId,
ss) = Nm.nm_conf_disable_unsecure(sendMode, seqNum, assocId, ss,