diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-08-04 08:57:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-04 08:57:07 +0200 |
| commit | 241fad230beed8889719e08f0fdb9f08d1404e0f (patch) | |
| tree | b6da869fe4e3800c9745b6bcdb26cfec481af21c /src/conf_mode/interfaces-macsec.py | |
| parent | 394ebb01d21713f4154e72cee4aaea674da19359 (diff) | |
| parent | f6dddb5466c95e998582f7ec774b2626b9a9067c (diff) | |
| download | vyos-1x-241fad230beed8889719e08f0fdb9f08d1404e0f.tar.gz vyos-1x-241fad230beed8889719e08f0fdb9f08d1404e0f.zip | |
Merge pull request #1450 from c-po/bridge-fixes-equuleus
bridge: bugfixes for equuleus
Diffstat (limited to 'src/conf_mode/interfaces-macsec.py')
| -rwxr-xr-x | src/conf_mode/interfaces-macsec.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index 6ec34a961..5ae07dae0 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -84,6 +84,16 @@ def verify(macsec): raise ConfigError('Missing mandatory MACsec security ' 'keys as encryption is enabled!') + cak_len = len(dict_search('security.mka.cak', macsec)) + + if dict_search('security.cipher', macsec) == 'gcm-aes-128' and cak_len != 32: + # gcm-aes-128 requires a 128bit long key - 32 characters (string) = 16byte = 128bit + raise ConfigError('gcm-aes-128 requires a 128bit long key!') + + elif dict_search('security.cipher', macsec) == 'gcm-aes-256' and cak_len != 64: + # gcm-aes-128 requires a 128bit long key - 64 characters (string) = 32byte = 256bit + raise ConfigError('gcm-aes-128 requires a 256bit long key!') + if 'source_interface' in macsec: # MACsec adds a 40 byte overhead (32 byte MACsec + 8 bytes VLAN 802.1ad # and 802.1q) - we need to check the underlaying MTU if our configured |