Home | History | Annotate | Download | only in contrib 
      1 # MACsec unit tests
      2 # run with:
      3 #   test/run_tests  -P "load_contrib('macsec')" -t scapy/contrib/macsec.uts -F
      4 
      5 + MACsec
      6 ~ crypto not_pypy
      7 # Note: these tests are disabled with pypy, as the cryptography module does
      8 #       not currently work with the pypy version used by Travis CI.
      9 
     10 = MACsec - basic encap - encrypted
     11 sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
     12 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"
     13 m = sa.encap(p)
     14 assert(m.type == ETH_P_MACSEC)
     15 assert(m[MACsec].type == ETH_P_IP)
     16 assert(len(m) == len(p) + 16)
     17 assert(m[MACsec].an == 0)
     18 assert(m[MACsec].pn == 100)
     19 assert(m[MACsec].shortlen == 0)
     20 assert(m[MACsec].SC)
     21 assert(m[MACsec].E)
     22 assert(m[MACsec].C)
     23 assert(m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01')
     24 
     25 = MACsec - basic encryption - encrypted
     26 sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
     27 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"
     28 m = sa.encap(p)
     29 e = sa.encrypt(m)
     30 assert(e.type == ETH_P_MACSEC)
     31 assert(e[MACsec].type == None)
     32 assert(len(e) == len(p) + 16 + 16)
     33 assert(e[MACsec].an == 0)
     34 assert(e[MACsec].pn == 100)
     35 assert(e[MACsec].shortlen == 0)
     36 assert(e[MACsec].SC)
     37 assert(e[MACsec].E)
     38 assert(e[MACsec].C)
     39 assert(e[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01')
     40 
     41 = MACsec - basic decryption - encrypted
     42 sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
     43 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"
     44 m = sa.encap(p)
     45 e = sa.encrypt(m)
     46 d = sa.decrypt(e)
     47 assert(d.type == ETH_P_MACSEC)
     48 assert(d[MACsec].type == ETH_P_IP)
     49 assert(len(d) == len(m))
     50 assert(d[MACsec].an == 0)
     51 assert(d[MACsec].pn == 100)
     52 assert(d[MACsec].shortlen == 0)
     53 assert(d[MACsec].SC)
     54 assert(d[MACsec].E)
     55 assert(d[MACsec].C)
     56 assert(d[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01')
     57 assert(raw(d) == raw(m))
     58 
     59 = MACsec - basic decap - decrypted
     60 sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
     61 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"
     62 m = sa.encap(p)
     63 e = sa.encrypt(m)
     64 d = sa.decrypt(e)
     65 r = sa.decap(d)
     66 assert(raw(r) == raw(p))
     67 
     68 
     69 
     70 = MACsec - basic encap - integrity only
     71 sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
     72 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"
     73 m = sa.encap(p)
     74 assert(m.type == ETH_P_MACSEC)
     75 assert(m[MACsec].type == ETH_P_IP)
     76 assert(len(m) == len(p) + 16)
     77 assert(m[MACsec].an == 0)
     78 assert(m[MACsec].pn == 200)
     79 assert(m[MACsec].shortlen == 0)
     80 assert(m[MACsec].SC)
     81 assert(not m[MACsec].E)
     82 assert(not m[MACsec].C)
     83 assert(m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01')
     84 
     85 = MACsec - basic encryption - integrity only
     86 sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
     87 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"
     88 m = sa.encap(p)
     89 e = sa.encrypt(m)
     90 assert(m.type == ETH_P_MACSEC)
     91 assert(e[MACsec].type == None)
     92 assert(len(e) == len(p) + 16 + 16)
     93 assert(e[MACsec].an == 0)
     94 assert(e[MACsec].pn == 200)
     95 assert(e[MACsec].shortlen == 0)
     96 assert(e[MACsec].SC)
     97 assert(not e[MACsec].E)
     98 assert(not e[MACsec].C)
     99 assert(e[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01')
    100 assert(raw(e)[:-16] == raw(m))
    101 
    102 = MACsec - basic decryption - integrity only
    103 sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    104 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"
    105 m = sa.encap(p)
    106 e = sa.encrypt(m)
    107 d = sa.decrypt(e)
    108 assert(d.type == ETH_P_MACSEC)
    109 assert(d[MACsec].type == ETH_P_IP)
    110 assert(len(d) == len(m))
    111 assert(d[MACsec].an == 0)
    112 assert(d[MACsec].pn == 200)
    113 assert(d[MACsec].shortlen == 0)
    114 assert(d[MACsec].SC)
    115 assert(not d[MACsec].E)
    116 assert(not d[MACsec].C)
    117 assert(d[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01')
    118 assert(raw(d) == raw(m))
    119 
    120 = MACsec - basic decap - integrity only
    121 sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    122 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"
    123 m = sa.encap(p)
    124 e = sa.encrypt(m)
    125 d = sa.decrypt(e)
    126 r = sa.decap(d)
    127 assert(raw(r) == raw(p))
    128 
    129 = MACsec - encap - shortlen 2
    130 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    131 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')
    132 m = sa.encap(p)
    133 assert(m[MACsec].shortlen == 2)
    134 assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0))
    135 
    136 = MACsec - encap - shortlen 10
    137 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    138 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 8)
    139 m = sa.encap(p)
    140 assert(m[MACsec].shortlen == 10)
    141 assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0))
    142 
    143 = MACsec - encap - shortlen 18
    144 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    145 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 16)
    146 m = sa.encap(p)
    147 assert(m[MACsec].shortlen == 18)
    148 assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0))
    149 
    150 = MACsec - encap - shortlen 32
    151 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    152 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 30)
    153 m = sa.encap(p)
    154 assert(m[MACsec].shortlen == 32)
    155 assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0))
    156 
    157 = MACsec - encap - shortlen 40
    158 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    159 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 38)
    160 m = sa.encap(p)
    161 assert(m[MACsec].shortlen == 40)
    162 assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0))
    163 
    164 = MACsec - encap - shortlen 47
    165 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    166 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 45)
    167 m = sa.encap(p)
    168 assert(m[MACsec].shortlen == 47)
    169 assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0))
    170 
    171 = MACsec - encap - shortlen 0 (48)
    172 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    173 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 45 + "y")
    174 m = sa.encap(p)
    175 assert(m[MACsec].shortlen == 0)
    176 
    177 
    178 = MACsec - encap - shortlen 2/nosci
    179 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=0)
    180 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')
    181 m = sa.encap(p)
    182 assert(m[MACsec].shortlen == 2)
    183 assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0))
    184 
    185 = MACsec - encap - shortlen 32/nosci
    186 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=0)
    187 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 30)
    188 m = sa.encap(p)
    189 assert(m[MACsec].shortlen == 32)
    190 assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0))
    191 
    192 = MACsec - encap - shortlen 47/nosci
    193 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=0)
    194 p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 45)
    195 m = sa.encap(p)
    196 assert(m[MACsec].shortlen == 47)
    197 assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0))
    198 
    199 
    200 = MACsec - authenticate
    201 tx = Ether(b"RT\x00\x12\x01V.\xbc\x84\xd5\xca\x13\x88\xe5 \x00\x00\x00\x00\rRT\x00\x13\x01V\x00\x01\x08\x00E\x00\x00T\x11:@\x00@\x01\xa6\x1b\xc0\xa8\x01\x01\xc0\xa8\x01\x02\x08\x00a\xeaG+\x00\x01\xc0~RY\x00\x00\x00\x00w>\x06\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\xf1\xb8\xe4,b\xb00\x98L\x85m1Q9\t:")
    202 rx = Ether(b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x88\xe5 \x00\x00\x00\x00#RT\x00\x12\x01V\x00\x01\x08\x00E\x00\x00T\xd4\x1a\x00\x00@\x01#;\xc0\xa8\x01\x02\xc0\xa8\x01\x01\x00\x00i\xeaG+\x00\x01\xc0~RY\x00\x00\x00\x00w>\x06\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37z\x11\xf8S\xe5u\x81\xe8\x19\\nxX\x02\x13\x01")
    203 rxsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1)
    204 txsa = MACsecSA(sci=0x5254001301560001, an=0, pn=31, key=b'\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61', icvlen=16, encrypt=0, send_sci=1)
    205 txdec = txsa.decap(txsa.decrypt(tx))
    206 rxdec = rxsa.decap(rxsa.decrypt(rx))
    207 txref = b"RT\x00\x12\x01V.\xbc\x84\xd5\xca\x13\x08\x00E\x00\x00T\x11:@\x00@\x01\xa6\x1b\xc0\xa8\x01\x01\xc0\xa8\x01\x02\x08\x00a\xeaG+\x00\x01\xc0~RY\x00\x00\x00\x00w>\x06\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37"
    208 rxref = b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x08\x00E\x00\x00T\xd4\x1a\x00\x00@\x01#;\xc0\xa8\x01\x02\xc0\xa8\x01\x01\x00\x00i\xeaG+\x00\x01\xc0~RY\x00\x00\x00\x00w>\x06\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37"
    209 assert(raw(txdec) == raw(txref))
    210 assert(raw(rxdec) == raw(rxref))
    211 
    212 
    213 
    214 = MACsec - authenticate - invalid packet
    215 rx = Ether(b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x88\xe5 \x00\x00\x00\x00#RT\x00\x12\x01V\x00\x01\x08\x00E\x00\x00T\xd4\x1a\x00\x00@\x01#;\xc0\xa8\x01\x02\xc0\xa8\x01\x01\x00\x00i\xeaG+\x00\x01\xc0~RY\x00\x00\x00\x00w>\x06\x00\x00\x00\x00\x00\xba\xdb\xba\xdb\xad\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37z\x11\xf8S\xe5u\x81\xe8\x19\\nxX\x02\x13\x01")
    216 txsa = MACsecSA(sci=0x5254001301560001, an=0, pn=31, key=b'\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61', icvlen=16, encrypt=0, send_sci=1)
    217 try:
    218     rxdec = rxsa.decap(rxsa.decrypt(rx))
    219     assert(not "This packet shouldn't have been authenticated as correct")
    220 except InvalidTag:
    221     pass
    222 
    223 
    224 
    225 = MACsec - decrypt
    226 tx = Ether(b"RT\x00\x12\x01V.\xbc\x84\xd5\xca\x13\x88\xe5,\x00\x00\x00\x00\x1fRT\x00\x13\x01V\x00\x01\xf1\xd6\xf7\x03\xf0%\x19\x8e\x88\xb0\xac\xa1\x82\x98\x94]\x85&\xc4U*\x84kX#O\xb6\x8f\xf1\x9d\xc5\xdc\xe0\x80,\x98\x8e_\xd53e\x16b0\xaf\xd9\x9e;A\x8aM\xfe\x16\xf6j\xe6\xea\xb7\x9c\xf3\x9bCc#,\x93\xf7\xc0\xdb\x9a\xd0\x0c\xfd?\xcbd\xe5D\xb7\xc9\xbb\xf5\x93M\xc5\x1d'LR\xed\xf3\xbc\xa0\xdf\x86\xf7\xc2JN\xcd\x19\xc1?\xf7\xd2\xbe\x00\x0f`\xe0\x04\xcfX5\xdc\xe7\xb6\xe6\x82\xc4\xac\xd7\x06\xe31\xbe|\x98l\xc8\xc1#*n+x|\xad\x0b<\xfd\xb8\xceoR\x1e")
    227 rx = Ether(b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x88\xe5,\x00\x00\x00\x005RT\x00\x12\x01V\x00\x01\x04\xbaV\xe6\xcf\xcfbhy\x7f\xce\x12.\x80WI\xe5\xd5\x98)6\xe1vjVO@\x84\xde\x9b\x83\xbaw\xef\x13\xc3\xfd\xad\x81\xd4S?\x01\x01\xab\xa8 PzSq2\x905\xf6\x8cT\xd7\xb0P\xe2\xd04\xc7F\x88\x85\x10\xc3\x99\x80\xe3(\t\x10\x87\xa9{z\x22\xce>;Mr\xbe\xc1\xa0\x07%\x01\x96\xe5\xa3\x18]\xec\xbb\x7f\xde0\xa1\x99\xb2\xad\x93j\x97\xef\xf4\xee\xf0\xe4s\xb7h\x95\xc3\x8b[~hX\xbf|\xee\x99\x97\xe0;Q\x9aa\xb9\x13$\xd6\xe4\xb4\xce\njt\xc0\xa1.")
    228 rxsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
    229 txsa = MACsecSA(sci=0x5254001301560001, an=0, pn=31, key=b'\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61', icvlen=16, encrypt=1, send_sci=1)
    230 txdec = txsa.decap(txsa.decrypt(tx))
    231 rxdec = rxsa.decap(rxsa.decrypt(rx))
    232 txref = b"RT\x00\x12\x01V.\xbc\x84\xd5\xca\x13\x08\x00E\x00\x00\x80#D@\x00@\x01\x93\xe5\xc0\xa8\x01\x01\xc0\xa8\x01\x02\x08\x00E\xd5\x0f\xb3\x00\x01SrSY\x00\x00\x00\x00\x8b\x1d\r\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abc"
    233 rxref = b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x08\x00E\x00\x00\x80\x05\xab\x00\x00@\x01\xf1~\xc0\xa8\x01\x02\xc0\xa8\x01\x01\x00\x00M\xd5\x0f\xb3\x00\x01SrSY\x00\x00\x00\x00\x8b\x1d\r\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abc"
    234 assert(raw(txdec) == raw(txref))
    235 assert(raw(rxdec) == raw(rxref))
    236 
    237 
    238 
    239 = MACsec - decrypt - invalid packet
    240 rx = Ether(b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x88\xe5,\x00\x00\x00\x005RT\x00\x12\x01V\x00\x01\x04\xbaV\xe6\xcf\xcfbhy\x7f\xce\x12.\x80WI\xe5\xd5\x98)6\xe1vjVO@\x84\xde\x9b\x83\xbaw\xef\x13\xc3\xfd\xad\x81\xd4S?\x01\x01\xab\xa8 PzSq2\x905\xf6\x8cT\xd7\xb0P\xe2\xd04\xc7F\x88\x85\x10\xc3\x99\x80\xe3(\t\x10\x87\xa9{z\x22\xce>;Mr\xbe\xc1\xa0\x07%\x01\x96\xe5\xa3\x18]\xec\xbb\x7f\xde0\xa1\x99\xb2\xad\x93j\x97\xba\xdb\xad\xf0\xe4s\xb7h\x95\xc3\x8b[~hX\xbf|\xee\x99\x97\xe0;Q\x9aa\xb9\x13$\xd6\xe4\xb4\xce\njt\xc0\xa1.")
    241 rxsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
    242 try:
    243     rxdec = rxsa.decap(rxsa.decrypt(rx))
    244     assert(not "This packet shouldn't have been decrypted correctly")
    245 except InvalidTag:
    246     pass
    247 
    248 
    249 
    250 = MACsec - decap - non-Ethernet
    251 rxsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
    252 try:
    253     rxsa.decap(IP())
    254 except TypeError as e:
    255     assert(str(e) == "cannot decapsulate MACsec packet, must be Ethernet/MACsec")
    256 
    257 = MACsec - decap - non-MACsec
    258 rxsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
    259 try:
    260     rxsa.decap(Ether()/IP())
    261 except TypeError as e:
    262     assert(str(e) == "cannot decapsulate MACsec packet, must be Ethernet/MACsec")
    263 
    264 = MACsec - encap - non-Ethernet
    265 txsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
    266 try:
    267     txsa.encap(IP())
    268 except TypeError as e:
    269     assert(str(e) == "cannot encapsulate packet in MACsec, must be Ethernet")
    270