From 1eaaba41982861b59f0b70470604f6d111c68fa6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Beno=C3=AEt=20Ganne?= Date: Mon, 14 Dec 2020 19:31:16 +0100 Subject: [PATCH] ikev2: check for valid cipher + integrity MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Type: improvement Change-Id: Ic09b2c777a7c82e8d7074164280f817f9141529b Signed-off-by: Benoît Ganne --- src/plugins/ikev2/ikev2.c | 12 ++++++------ test/test_ikev2.py | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index f4bba156455..41a52b6fcfe 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -4103,15 +4103,15 @@ ikev2_set_profile_ike_transforms (vlib_main_t * vm, u8 * name, u32 crypto_key_size) { ikev2_profile_t *p; - clib_error_t *r; p = ikev2_profile_index_by_name (name); - if (!p) - { - r = clib_error_return (0, "unknown profile %v", name); - return r; - } + return clib_error_return (0, "unknown profile %v", name); + + if ((IKEV2_TRANSFORM_INTEG_TYPE_NONE != integ_alg) + + (IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16 == crypto_alg) != + 1) + return clib_error_return (0, "invalid cipher + integrity algorithm"); p->ike_ts.crypto_alg = crypto_alg; p->ike_ts.integ_alg = integ_alg; diff --git a/test/test_ikev2.py b/test/test_ikev2.py index 558e8a02f87..175fa0ab9be 100644 --- a/test/test_ikev2.py +++ b/test/test_ikev2.py @@ -1546,7 +1546,7 @@ class TestApi(VppTestCase): 'ike_ts': { 'crypto_alg': 20, 'crypto_key_size': 32, - 'integ_alg': 1, + 'integ_alg': 0, 'dh_group': 1}, 'esp_ts': { 'crypto_alg': 13, -- 2.16.6