Type: fix
Ticket: VPP-1756
the block-size was set to 0 resulting in incorrect placement of the ESP
footer.
add tests for NULL encrypt + integ.
Change-Id: I8ab3afda8e68f9ff649540cba3f2cac68f12bbba
Signed-off-by: Neale Ranns <nranns@cisco.com>
vec_validate (im->crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
vec_validate (im->crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
+ a = im->crypto_algs + IPSEC_CRYPTO_ALG_NONE;
+ a->enc_op_id = VNET_CRYPTO_OP_NONE;
+ a->dec_op_id = VNET_CRYPTO_OP_NONE;
+ a->alg = VNET_CRYPTO_ALG_NONE;
+ a->iv_size = 0;
+ a->block_size = 1;
+
a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC;
a->enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC;
a->dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC;
a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC;
a->enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC;
a->dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC;
ipsec_sa_t *sa;
sa = ipsec_sa_get (t->output_sa_index);
ipsec_sa_t *sa;
sa = ipsec_sa_get (t->output_sa_index);
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+ sa->integ_alg == IPSEC_INTEG_ALG_NONE)
{
esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
esp6_feature_index = im->esp6_no_crypto_tun_feature_index;
{
esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
esp6_feature_index = im->esp6_no_crypto_tun_feature_index;
# a malformed 'runt' packet
# created by a mis-constructed SA
# a malformed 'runt' packet
# created by a mis-constructed SA
- if (ESP == self.encryption_type):
+ if (ESP == self.encryption_type and p.crypt_algo != "NULL"):
bogus_sa = SecurityAssociation(self.encryption_type,
p.vpp_tra_spi)
pkt = (Ether(src=self.tra_if.remote_mac,
bogus_sa = SecurityAssociation(self.encryption_type,
p.vpp_tra_spi)
pkt = (Ether(src=self.tra_if.remote_mac,
'scapy-crypto': "3DES",
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
'scapy-crypto': "3DES",
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
+ 'key': "JPjyOWBeVEQiMe7h00112233"},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_NONE),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "NULL",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7h00112233"}]
# with and without ESN
'key': "JPjyOWBeVEQiMe7h00112233"}]
# with and without ESN
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
+ 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_NONE),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "NULL",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': 0,
'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
for engine in engines:
'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
for engine in engines: