Update macsec CAK keys in profile for tests to change to type7 encoded format (#16388)

* Change the CAK key length check in config plugin, macsec test profile changes * Fix the format in add_profile api The changes needed in various macsec unit tests and config plugin when we move to accept the type 7 encoded key format for macsec. This goes along with PR : sonic-net/sonic-swss#2892 raised earlier.
2023-09-06 21:11:02 -07:00 · 2023-09-06 21:11:02 -07:00 · 7d2e3cb011
commit 7d2e3cb011
parent 065c35cc34
7 changed files with 29 additions and 33 deletions
--- a/dockers/docker-macsec/cli-plugin-tests/config_db.json
+++ b/dockers/docker-macsec/cli-plugin-tests/config_db.json
@ -2,7 +2,7 @@
    "MACSEC_PROFILE|macsec_profile": {
            "cipher_suite": "GCM-AES-XPN-256",
            "policy": "security",
-            "primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
+            "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
            "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
            "priority": "0",
            "rekey_period": "900",
--- a/dockers/docker-macsec/cli-plugin-tests/test_config_macsec.py
+++ b/dockers/docker-macsec/cli-plugin-tests/test_config_macsec.py
@ -8,7 +8,7 @@ import macsec


 profile_name = "test"
-primary_cak = "01234567890123456789012345678912"
+primary_cak = "2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541"
 primary_ckn = "01234567890123456789012345678912"


@ -48,7 +48,7 @@ class TestConfigMACsec(object):

        profile_name = "test"
        profile_map = {
-            "primary_cak": "0123456789012345678901234567891201234567890123456789012345678912",
+            "primary_cak": "3946080a0407070303530256560a04504650530352565e731f1a5c4f524f4b5a5e547b79777c6663754b5e465253050d0d0503565a48470b0b030604020c520a54",
            "primary_ckn": "01234567890123456789012345678912",
            "priority": 64,
            "cipher_suite": "GCM-AES-XPN-256",
@ -109,7 +109,7 @@ class TestConfigMACsec(object):
        runner = CliRunner()

        result = runner.invoke(macsec.macsec, ["profile", "add", "test",
-                "--primary_cak=01234567890123456789012345678912","--primary_ckn=01234567890123456789012345678912"],
+                "--primary_cak=2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541","--primary_ckn=01234567890123456789012345678912"],
                obj=cfgdb)
        assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
        result = runner.invoke(macsec.macsec, ["port", "add", "Ethernet0", "test"], obj=cfgdb)
@ -141,8 +141,8 @@ class TestConfigMACsec(object):
        result = runner.invoke(macsec.macsec, ["profile", "del", "test"], obj=cfgdb)
        assert result.exit_code != 0

-        result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=01234567890123456789012345678912","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
+        result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
        assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
        # Repeat add profile
-        result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=01234567890123456789012345678912","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
+        result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
        assert result.exit_code != 0
--- a/dockers/docker-macsec/cli/config/plugins/macsec.py
+++ b/dockers/docker-macsec/cli/config/plugins/macsec.py
@ -137,11 +137,11 @@ def add_profile(profile, priority, cipher_suite, primary_cak, primary_ckn, polic
    profile_table["cipher_suite"] = cipher_suite

    if "128" in cipher_suite:
-        if len(primary_cak) != 32:
-            ctx.fail("Expect the length of CAK is 32, but got {}".format(len(primary_cak)))
+        if len(primary_cak) != 66:
+            ctx.fail("Expect the length of CAK is 66, but got {}".format(len(primary_cak)))
    elif "256" in cipher_suite:
-        if len(primary_cak) != 64:
-            ctx.fail("Expect the length of CAK is 64, but got {}".format(len(primary_cak)))
+        if len(primary_cak) != 130:
+            ctx.fail("Expect the length of CAK is 130, but got {}".format(len(primary_cak)))
    if not is_hexstring(primary_cak):
        ctx.fail("Expect the primary_cak is valid hex string")
    if not is_hexstring(primary_ckn):
--- a/src/sonic-config-engine/tests/macsec_profile.json
+++ b/src/sonic-config-engine/tests/macsec_profile.json
@ -2,18 +2,18 @@
    "MACSEC_PROFILE":{
        "macsec-profile": {
            "cipher_suite": "GCM-AES-XPN-256",
-            "primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
+            "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
            "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
-            "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000",
+            "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
            "fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111",
            "priority": "0",
            "rekey_period": "60"
        },
        "macsec-profile2": {
            "cipher_suite": "GCM-AES-XPN-256",
-            "primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
+            "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
            "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
-            "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000",
+            "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
            "fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111",
            "priority": "0",
            "rekey_period": "60"
--- a/src/sonic-yang-models/tests/files/sample_config_db.json
+++ b/src/sonic-yang-models/tests/files/sample_config_db.json
@ -2322,9 +2322,9 @@
            "test": {
                "priority": "64",
                "cipher_suite": "GCM-AES-128",
-                "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
+                "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
                "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
-                "fallback_cak": "00000000000000000000000000000000",
+                "fallback_cak": "000000000000000000000000000000000000000000000000000000000000000000",
                "fallback_ckn": "11111111111111111111111111111111",
                "policy": "security",
                "enable_replay_protect": "true",
--- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json
+++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json
@ -7,9 +7,9 @@
                        "name": "test32",
                        "priority": 64,
                        "cipher_suite": "GCM-AES-128",
-                        "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
+                        "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
                        "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
-                        "fallback_cak": "00000000000000000000000000000000",
+                        "fallback_cak": "000000000000000000000000000000000000000000000000000000000000000000",
                        "fallback_ckn": "11111111111111111111111111111111",
                        "policy": "security",
                        "enable_replay_protect": "true",
@ -21,9 +21,9 @@
                        "name": "test64",
                        "priority": 64,
                        "cipher_suite": "GCM-AES-XPN-256",
-                        "primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
+                        "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
                        "primary_ckn": "6162636465666768696A6B6C6D6E6F706162636465666768696A6B6C6D6E6F70",
-                        "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000",
+                        "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
                        "fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111",
                        "policy": "security",
                        "enable_replay_protect": "true",
@ -61,7 +61,7 @@
                    {
                        "name": "test",
                        "cipher_suite": "gcm-aes-128",
-                        "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
+                        "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
                        "primary_ckn": "6162636465666768696A6B6C6D6E6F70"
                    }
                ]
@ -74,9 +74,9 @@
                "MACSEC_PROFILE_LIST": [
                    {
                        "name": "test",
-                        "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
+                        "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
                        "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
-                        "fallback_cak": "0123456789ABCDEF0123456789ABCDEF",
+                        "fallback_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
                        "fallback_ckn": "6162636465666768696A6B6C6D6E6F70"
                    }
                ]
@ -89,7 +89,7 @@
                "MACSEC_PROFILE_LIST": [
                    {
                        "name": "test",
-                        "primary_cak": "0123456789ABCDEF0123456789ABCDEFA",
+                        "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d7",
                        "primary_ckn": "6162636465666768696A6B6C6D6E6F70A"
                    }
                ]
@ -115,9 +115,9 @@
                "MACSEC_PROFILE_LIST": [
                    {
                        "name": "test",
-                        "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
+                        "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
                        "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
-                        "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000",
+                        "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
                        "fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111"
                    }
                ]
@ -130,7 +130,7 @@
                "MACSEC_PROFILE_LIST": [
                    {
                        "name": "test",
-                        "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
+                        "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
                        "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
                        "replay_window": 64
                    }
--- a/src/sonic-yang-models/yang-models/sonic-macsec.yang
+++ b/src/sonic-yang-models/yang-models/sonic-macsec.yang
@ -46,7 +46,7 @@ module sonic-macsec {

                leaf primary_cak {
                    type string {
-                        pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
+                        pattern "[0-9a-fA-F]{66}|[0-9a-fA-F]{130}";
                    }
                    mandatory true;
                }
@ -60,7 +60,7 @@ module sonic-macsec {

                leaf fallback_cak {
                    type string {
-                        pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
+                        pattern "[0-9a-fA-F]{66}|[0-9a-fA-F]{130}";
                    }
                }

@ -70,10 +70,6 @@ module sonic-macsec {
                    }
                }

-                must "string-length(primary_cak) = string-length(primary_ckn)";
-
-                must "string-length(fallback_cak) = string-length(fallback_ckn)";
-
                must "string-length(fallback_cak) = string-length(primary_cak)";

                must "primary_ckn != fallback_ckn";