_(BD_ALREADY_HAS_BVI, -152, "Bridge domain already has a BVI interface") \
_(INVALID_PROTOCOL, -153, "Invalid Protocol") \
_(INVALID_ALGORITHM, -154, "Invalid Algorithm") \
-_(RSRC_IN_USE, -155, "Resource In Use")
+_(RSRC_IN_USE, -155, "Resource In Use") \
+_(KEY_LENGTH, -156, "invalid Key Length")
typedef enum
{
#define _(n, s, l) \
case VNET_CRYPTO_ALG_##n: \
if ((l) == length) \
- return 1;
+ return 1; \
+ break;
foreach_crypto_cipher_alg foreach_crypto_aead_alg
#undef _
/* HMAC allows any key length */
vnet_crypto_engine_t *engine;
vnet_crypto_key_t *key;
- ASSERT (vnet_crypto_key_len_check (alg, length));
if (!vnet_crypto_key_len_check (alg, length))
return ~0;
/* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES */
#define foreach_crypto_cipher_alg \
_(DES_CBC, "des-cbc", 7) \
- _(3DES_CBC, "3des-cbc", 14) \
+ _(3DES_CBC, "3des-cbc", 24) \
_(AES_128_CBC, "aes-128-cbc", 16) \
_(AES_192_CBC, "aes-192-cbc", 24) \
_(AES_256_CBC, "aes-256-cbc", 32) \
is_add = 0;
flags = IPSEC_SA_FLAG_NONE;
proto = IPSEC_PROTOCOL_ESP;
+ integ_alg = IPSEC_INTEG_ALG_NONE;
+ crypto_alg = IPSEC_CRYPTO_ALG_NONE;
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
rv = ipsec_sa_del (id);
if (rv)
- clib_error_return (0, "failed");
+ error = clib_error_return (0, "failed");
done:
unformat_free (line_input);
clib_memset (&p, 0, sizeof (p));
p.lport.stop = p.rport.stop = ~0;
- p.laddr.stop.ip4.as_u32 = p.raddr.stop.ip4.as_u32 = (u32) ~ 0;
- p.laddr.stop.ip6.as_u64[0] = p.laddr.stop.ip6.as_u64[1] = (u64) ~ 0;
- p.raddr.stop.ip6.as_u64[0] = p.raddr.stop.ip6.as_u64[1] = (u64) ~ 0;
is_outbound = 0;
if (!unformat_user (input, unformat_line_input, line_input))
im->crypto_algs[crypto_alg].alg,
(u8 *) ck->data, ck->len);
if (~0 == sa->crypto_key_index)
- return VNET_API_ERROR_INVALID_VALUE;
+ {
+ pool_put (im->sad, sa);
+ return VNET_API_ERROR_KEY_LENGTH;
+ }
sa->integ_key_index = vnet_crypto_key_add (vm,
im->integ_algs[integ_alg].alg,
(u8 *) ik->data, ik->len);
if (~0 == sa->integ_key_index)
- return VNET_API_ERROR_INVALID_VALUE;
+ {
+ pool_put (im->sad, sa);
+ return VNET_API_ERROR_KEY_LENGTH;
+ }
err = ipsec_check_support_cb (im, sa);
if (err)
--- /dev/null
+#!/usr/bin/env python
+
+import unittest
+
+from framework import VppTestCase, VppTestRunner
+
+
+class TestCrypto(VppTestCase):
+ """ Crypto Test Case """
+
+ @classmethod
+ def setUpClass(cls):
+ super(TestCrypto, cls).setUpClass()
+
+ @classmethod
+ def tearDownClass(cls):
+ super(TestCrypto, cls).tearDownClass()
+
+ def test_crypto(self):
+ """ Crypto Unit Tests """
+ error = self.vapi.cli("test crypto")
+
+ if error:
+ self.logger.critical(error)
+ self.assertNotIn("FAIL", error)
+
+if __name__ == '__main__':
+ unittest.main(testRunner=VppTestRunner)