ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ipsec: add support for RFC-4543 ENCR_NULL_AUTH_AES_GMAC

Browse Source 
Type: improvement

Change-Id: I830f7a2ea3ac0aff5185698b9fa7a278c45116b0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This commit is contained in:
Benoît Ganne
2023-03-10 17:33:03 +01:00
committed by Beno�t Ganne
parent 96600f9077
commit 84e6658486
16 changed files with 3347 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
test/template_ipsec.py
View File

@ -122,7 +122,7 @@ class IPsecIPv6Params:
def mk_scapy_crypt_key(p):
if p.crypt_algo in ("AES-GCM", "AES-CTR"):
if p.crypt_algo in ("AES-GCM", "AES-CTR", "AES-NULL-GMAC"):
return p.crypt_key + struct.pack("!I", p.salt)
else:
return p.crypt_key
@ -342,7 +342,7 @@ class IpsecTra4(object):
return count
def get_hash_failed_counts(self, p):
if ESP == self.encryption_type and p.crypt_algo == "AES-GCM":
if ESP == self.encryption_type and p.crypt_algo in ("AES-GCM", "AES-NULL-GMAC"):
hash_failed_node_name = (
"/err/%s/decryption_failed" % self.tra4_decrypt_node_name[p.async_mode]
)
@ -638,7 +638,7 @@ class IpsecTra4(object):
undersize_node_name = "/err/%s/runt" % self.tra4_decrypt_node_name[0]
undersize_count = self.statistics.get_err_counter(undersize_node_name)
# For AES-GCM an error in the hash is reported as a decryption failure
if p.crypt_algo == "AES-GCM":
if p.crypt_algo in ("AES-GCM", "AES-NULL-GMAC"):
hash_err = "decryption_failed"
# In async mode, we don't report errors in the hash.
if p.async_mode: