1 files changed, 11 insertions, 1 deletions

diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index 03a010086..65b0612ea 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -56,7 +56,7 @@ def get_config(config=None):
 
     # Check if interface has been removed
     if 'deleted' in macsec:
-        source_interface = conf.return_effective_value(['source-interface'])
+        source_interface = conf.return_effective_value(base + [ifname, 'source-interface'])
         macsec.update({'source_interface': source_interface})
 
     if is_node_changed(conf, base + [ifname, 'security']):
@@ -87,6 +87,16 @@ def verify(macsec):
         if dict_search('security.mka.cak', macsec) == None or dict_search('security.mka.ckn', macsec) == None:
             raise ConfigError('Missing mandatory MACsec security keys as encryption is enabled!')
 
+        cak_len = len(dict_search('security.mka.cak', macsec))
+
+        if dict_search('security.cipher', macsec) == 'gcm-aes-128' and cak_len != 32:
+            # gcm-aes-128 requires a 128bit long key - 32 characters (string) = 16byte = 128bit
+            raise ConfigError('gcm-aes-128 requires a 128bit long key!')
+
+        elif dict_search('security.cipher', macsec) == 'gcm-aes-256' and cak_len != 64:
+            # gcm-aes-128 requires a 128bit long key - 64 characters (string) = 32byte = 256bit
+            raise ConfigError('gcm-aes-128 requires a 256bit long key!')
+
     if 'source_interface' in macsec:
         # MACsec adds a 40 byte overhead (32 byte MACsec + 8 bytes VLAN 802.1ad
         # and 802.1q) - we need to check the underlaying MTU if our configured