Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

macsec: T5447: fix error message syntax - there is no tx and rx key, only key (backport #3685) #3687

Merged
merged 1 commit into from
Jun 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion python/vyos/ifconfig/macsec.py
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ def _create(self):
cmd = 'ip macsec add {ifname} rx port 1 address'.format(**self.config)
cmd += f' {peer_config["mac"]}'
self._cmd(cmd)
# Add the rx-key to the address
# Add the encryption key to the address
cmd += f' sa 0 pn 1 on key 01 {peer_config["key"]}'
self._cmd(cmd)

Expand Down
8 changes: 4 additions & 4 deletions smoketest/scripts/cli/test_interfaces_macsec.py
Original file line number Diff line number Diff line change
Expand Up @@ -225,11 +225,11 @@ def test_macsec_static_keys(self):
self.cli_commit()
self.cli_delete(self._base_path + [interface, 'security', 'mka'])

# check validate() - tx-key required
# check validate() - key required
with self.assertRaises(ConfigSessionError):
self.cli_commit()

# check validate() - tx-key length must match cipher
# check validate() - key length must match cipher
self.cli_set(self._base_path + [interface, 'security', 'static', 'key', tx_key_2])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
Expand All @@ -239,7 +239,7 @@ def test_macsec_static_keys(self):
with self.assertRaises(ConfigSessionError):
self.cli_commit()

# check validate() - enabled peer must have both rx-key and MAC defined
# check validate() - enabled peer must have both key and MAC defined
self.cli_set(self._base_path + [interface, 'security', 'static', 'peer', 'TESTPEER'])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
Expand All @@ -252,7 +252,7 @@ def test_macsec_static_keys(self):
self.cli_commit()
self.cli_set(self._base_path + [interface, 'security', 'static', 'peer', 'TESTPEER', 'mac', peer_mac])

# check validate() - peer rx-key length must match cipher
# check validate() - peer key length must match cipher
self.cli_set(self._base_path + [interface, 'security', 'cipher', cipher2])
self.cli_set(self._base_path + [interface, 'security', 'static', 'key', tx_key_2])
with self.assertRaises(ConfigSessionError):
Expand Down
10 changes: 5 additions & 5 deletions src/conf_mode/interfaces_macsec.py
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,9 @@ def verify(macsec):

# Logic to check static configuration
if dict_search('security.static', macsec) != None:
# tx-key must be defined
# key must be defined
if dict_search('security.static.key', macsec) == None:
raise ConfigError('Static MACsec tx-key must be defined.')
raise ConfigError('Static MACsec key must be defined.')

tx_len = len(dict_search('security.static.key', macsec))

Expand All @@ -119,12 +119,12 @@ def verify(macsec):
if 'peer' not in macsec['security']['static']:
raise ConfigError('Must have at least one peer defined for static MACsec')

# For every enabled peer, make sure a MAC and rx-key is defined
# For every enabled peer, make sure a MAC and key is defined
for peer, peer_config in macsec['security']['static']['peer'].items():
if 'disable' not in peer_config and ('mac' not in peer_config or 'key' not in peer_config):
raise ConfigError('Every enabled MACsec static peer must have a MAC address and rx-key defined.')
raise ConfigError('Every enabled MACsec static peer must have a MAC address and key defined!')

# check rx-key length against cipher suite
# check key length against cipher suite
rx_len = len(peer_config['key'])

if dict_search('security.cipher', macsec) == 'gcm-aes-128' and rx_len != GCM_AES_128_LEN:
Expand Down
Loading