vec_validate (im->crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
+ a = im->crypto_algs + IPSEC_CRYPTO_ALG_NONE;
+ a->enc_op_id = VNET_CRYPTO_OP_NONE;
+ a->dec_op_id = VNET_CRYPTO_OP_NONE;
+ a->alg = VNET_CRYPTO_ALG_NONE;
+ a->iv_size = 0;
+ a->block_size = 1;
+
a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC;
a->enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC;
a->dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC;
ipsec_sa_t *sa;
sa = ipsec_sa_get (t->output_sa_index);
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+ sa->integ_alg == IPSEC_INTEG_ALG_NONE)
{
esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
esp6_feature_index = im->esp6_no_crypto_tun_feature_index;
# a malformed 'runt' packet
# created by a mis-constructed SA
- if (ESP == self.encryption_type):
+ if (ESP == self.encryption_type and p.crypt_algo != "NULL"):
bogus_sa = SecurityAssociation(self.encryption_type,
p.vpp_tra_spi)
pkt = (Ether(src=self.tra_if.remote_mac,
'scapy-crypto': "3DES",
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
+ 'key': "JPjyOWBeVEQiMe7h00112233"},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_NONE),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "NULL",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7h00112233"}]
# with and without ESN
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
+ 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_NONE),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "NULL",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
for engine in engines: