Update macsec CAK keys in profile for tests to change to type7 encoded format (#16388)

* Change the CAK key length check in config plugin, macsec test profile changes

* Fix the format in add_profile api

The changes needed in various macsec unit tests and config plugin when we move to accept the type 7 encoded key format for macsec. This goes along with PR : sonic-net/sonic-swss#2892 raised earlier.
This commit is contained in:
judyjoseph 2023-09-06 21:11:02 -07:00 committed by GitHub
parent 065c35cc34
commit 7d2e3cb011
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 29 additions and 33 deletions

View File

@ -2,7 +2,7 @@
"MACSEC_PROFILE|macsec_profile": { "MACSEC_PROFILE|macsec_profile": {
"cipher_suite": "GCM-AES-XPN-256", "cipher_suite": "GCM-AES-XPN-256",
"policy": "security", "policy": "security",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF", "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
"primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435", "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
"priority": "0", "priority": "0",
"rekey_period": "900", "rekey_period": "900",

View File

@ -8,7 +8,7 @@ import macsec
profile_name = "test" profile_name = "test"
primary_cak = "01234567890123456789012345678912" primary_cak = "2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541"
primary_ckn = "01234567890123456789012345678912" primary_ckn = "01234567890123456789012345678912"
@ -48,7 +48,7 @@ class TestConfigMACsec(object):
profile_name = "test" profile_name = "test"
profile_map = { profile_map = {
"primary_cak": "0123456789012345678901234567891201234567890123456789012345678912", "primary_cak": "3946080a0407070303530256560a04504650530352565e731f1a5c4f524f4b5a5e547b79777c6663754b5e465253050d0d0503565a48470b0b030604020c520a54",
"primary_ckn": "01234567890123456789012345678912", "primary_ckn": "01234567890123456789012345678912",
"priority": 64, "priority": 64,
"cipher_suite": "GCM-AES-XPN-256", "cipher_suite": "GCM-AES-XPN-256",
@ -109,7 +109,7 @@ class TestConfigMACsec(object):
runner = CliRunner() runner = CliRunner()
result = runner.invoke(macsec.macsec, ["profile", "add", "test", result = runner.invoke(macsec.macsec, ["profile", "add", "test",
"--primary_cak=01234567890123456789012345678912","--primary_ckn=01234567890123456789012345678912"], "--primary_cak=2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541","--primary_ckn=01234567890123456789012345678912"],
obj=cfgdb) obj=cfgdb)
assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info) assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
result = runner.invoke(macsec.macsec, ["port", "add", "Ethernet0", "test"], obj=cfgdb) result = runner.invoke(macsec.macsec, ["port", "add", "Ethernet0", "test"], obj=cfgdb)
@ -141,8 +141,8 @@ class TestConfigMACsec(object):
result = runner.invoke(macsec.macsec, ["profile", "del", "test"], obj=cfgdb) result = runner.invoke(macsec.macsec, ["profile", "del", "test"], obj=cfgdb)
assert result.exit_code != 0 assert result.exit_code != 0
result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=01234567890123456789012345678912","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb) result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info) assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
# Repeat add profile # Repeat add profile
result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=01234567890123456789012345678912","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb) result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
assert result.exit_code != 0 assert result.exit_code != 0

View File

@ -137,11 +137,11 @@ def add_profile(profile, priority, cipher_suite, primary_cak, primary_ckn, polic
profile_table["cipher_suite"] = cipher_suite profile_table["cipher_suite"] = cipher_suite
if "128" in cipher_suite: if "128" in cipher_suite:
if len(primary_cak) != 32: if len(primary_cak) != 66:
ctx.fail("Expect the length of CAK is 32, but got {}".format(len(primary_cak))) ctx.fail("Expect the length of CAK is 66, but got {}".format(len(primary_cak)))
elif "256" in cipher_suite: elif "256" in cipher_suite:
if len(primary_cak) != 64: if len(primary_cak) != 130:
ctx.fail("Expect the length of CAK is 64, but got {}".format(len(primary_cak))) ctx.fail("Expect the length of CAK is 130, but got {}".format(len(primary_cak)))
if not is_hexstring(primary_cak): if not is_hexstring(primary_cak):
ctx.fail("Expect the primary_cak is valid hex string") ctx.fail("Expect the primary_cak is valid hex string")
if not is_hexstring(primary_ckn): if not is_hexstring(primary_ckn):

View File

@ -2,18 +2,18 @@
"MACSEC_PROFILE":{ "MACSEC_PROFILE":{
"macsec-profile": { "macsec-profile": {
"cipher_suite": "GCM-AES-XPN-256", "cipher_suite": "GCM-AES-XPN-256",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF", "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
"primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435", "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000", "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111", "fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111",
"priority": "0", "priority": "0",
"rekey_period": "60" "rekey_period": "60"
}, },
"macsec-profile2": { "macsec-profile2": {
"cipher_suite": "GCM-AES-XPN-256", "cipher_suite": "GCM-AES-XPN-256",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF", "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
"primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435", "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000", "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111", "fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111",
"priority": "0", "priority": "0",
"rekey_period": "60" "rekey_period": "60"

View File

@ -2322,9 +2322,9 @@
"test": { "test": {
"priority": "64", "priority": "64",
"cipher_suite": "GCM-AES-128", "cipher_suite": "GCM-AES-128",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF", "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70", "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"fallback_cak": "00000000000000000000000000000000", "fallback_cak": "000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "11111111111111111111111111111111", "fallback_ckn": "11111111111111111111111111111111",
"policy": "security", "policy": "security",
"enable_replay_protect": "true", "enable_replay_protect": "true",

View File

@ -7,9 +7,9 @@
"name": "test32", "name": "test32",
"priority": 64, "priority": 64,
"cipher_suite": "GCM-AES-128", "cipher_suite": "GCM-AES-128",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF", "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70", "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"fallback_cak": "00000000000000000000000000000000", "fallback_cak": "000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "11111111111111111111111111111111", "fallback_ckn": "11111111111111111111111111111111",
"policy": "security", "policy": "security",
"enable_replay_protect": "true", "enable_replay_protect": "true",
@ -21,9 +21,9 @@
"name": "test64", "name": "test64",
"priority": 64, "priority": 64,
"cipher_suite": "GCM-AES-XPN-256", "cipher_suite": "GCM-AES-XPN-256",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF", "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
"primary_ckn": "6162636465666768696A6B6C6D6E6F706162636465666768696A6B6C6D6E6F70", "primary_ckn": "6162636465666768696A6B6C6D6E6F706162636465666768696A6B6C6D6E6F70",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000", "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111", "fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111",
"policy": "security", "policy": "security",
"enable_replay_protect": "true", "enable_replay_protect": "true",
@ -61,7 +61,7 @@
{ {
"name": "test", "name": "test",
"cipher_suite": "gcm-aes-128", "cipher_suite": "gcm-aes-128",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF", "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70" "primary_ckn": "6162636465666768696A6B6C6D6E6F70"
} }
] ]
@ -74,9 +74,9 @@
"MACSEC_PROFILE_LIST": [ "MACSEC_PROFILE_LIST": [
{ {
"name": "test", "name": "test",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF", "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70", "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"fallback_cak": "0123456789ABCDEF0123456789ABCDEF", "fallback_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"fallback_ckn": "6162636465666768696A6B6C6D6E6F70" "fallback_ckn": "6162636465666768696A6B6C6D6E6F70"
} }
] ]
@ -89,7 +89,7 @@
"MACSEC_PROFILE_LIST": [ "MACSEC_PROFILE_LIST": [
{ {
"name": "test", "name": "test",
"primary_cak": "0123456789ABCDEF0123456789ABCDEFA", "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d7",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70A" "primary_ckn": "6162636465666768696A6B6C6D6E6F70A"
} }
] ]
@ -115,9 +115,9 @@
"MACSEC_PROFILE_LIST": [ "MACSEC_PROFILE_LIST": [
{ {
"name": "test", "name": "test",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF", "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70", "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000", "fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111" "fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111"
} }
] ]
@ -130,7 +130,7 @@
"MACSEC_PROFILE_LIST": [ "MACSEC_PROFILE_LIST": [
{ {
"name": "test", "name": "test",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF", "primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70", "primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"replay_window": 64 "replay_window": 64
} }

View File

@ -46,7 +46,7 @@ module sonic-macsec {
leaf primary_cak { leaf primary_cak {
type string { type string {
pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}"; pattern "[0-9a-fA-F]{66}|[0-9a-fA-F]{130}";
} }
mandatory true; mandatory true;
} }
@ -60,7 +60,7 @@ module sonic-macsec {
leaf fallback_cak { leaf fallback_cak {
type string { type string {
pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}"; pattern "[0-9a-fA-F]{66}|[0-9a-fA-F]{130}";
} }
} }
@ -70,10 +70,6 @@ module sonic-macsec {
} }
} }
must "string-length(primary_cak) = string-length(primary_ckn)";
must "string-length(fallback_cak) = string-length(fallback_ckn)";
must "string-length(fallback_cak) = string-length(primary_cak)"; must "string-length(fallback_cak) = string-length(primary_cak)";
must "primary_ckn != fallback_ckn"; must "primary_ckn != fallback_ckn";