ipsec: add support for RFC-4543 ENCR_NULL_AUTH_AES_GMAC

[vpp.git] / test / template_ipsec.py

diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index ba1c246..defd6f2 100644 (file)
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -122,7 +122,7 @@ class IPsecIPv6Params:
 
 
 def mk_scapy_crypt_key(p):
-    if p.crypt_algo in ("AES-GCM", "AES-CTR"):
+    if p.crypt_algo in ("AES-GCM", "AES-CTR", "AES-NULL-GMAC"):
         return p.crypt_key + struct.pack("!I", p.salt)
     else:
         return p.crypt_key
@@ -342,7 +342,7 @@ class IpsecTra4(object):
         return count
 
     def get_hash_failed_counts(self, p):
-        if ESP == self.encryption_type and p.crypt_algo == "AES-GCM":
+        if ESP == self.encryption_type and p.crypt_algo in ("AES-GCM", "AES-NULL-GMAC"):
             hash_failed_node_name = (
                 "/err/%s/decryption_failed" % self.tra4_decrypt_node_name[p.async_mode]
             )
@@ -638,7 +638,7 @@ class IpsecTra4(object):
             undersize_node_name = "/err/%s/runt" % self.tra4_decrypt_node_name[0]
             undersize_count = self.statistics.get_err_counter(undersize_node_name)
             # For AES-GCM an error in the hash is reported as a decryption failure
-            if p.crypt_algo == "AES-GCM":
+            if p.crypt_algo in ("AES-GCM", "AES-NULL-GMAC"):
                 hash_err = "decryption_failed"
         # In async mode, we don't report errors in the hash.
         if p.async_mode: