From 0bf98f8d75304b9554efd68e11ede9f72bed71d0 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 30 Jul 2022 19:52:03 +0200
Subject: bridge: T4579: cleanup interface dict (remove empty keys)

(cherry picked from commit 54227591a0eb3c7aa8c896c6ec8b1826ce070ddf)
---
 src/conf_mode/interfaces-bridge.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index 9ad39e080..f548a0e75 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -60,7 +60,7 @@ def get_config(config=None):
         else:
             bridge.update({'member': {'interface_remove': tmp }})
 
-    if dict_search('member.interface', bridge):
+    if dict_search('member.interface', bridge) != None:
         # XXX: T2665: we need a copy of the dict keys for iteration, else we will get:
         # RuntimeError: dictionary changed size during iteration
         for interface in list(bridge['member']['interface']):
@@ -102,6 +102,14 @@ def get_config(config=None):
             if 'enable_vlan' in bridge and tmp:
                 bridge['member']['interface'][interface].update({'has_vlan' : ''})
 
+    # delete empty dictionary keys - no need to run code paths if nothing is there to do
+    if 'member' in bridge:
+        if 'interface' in bridge['member'] and len(bridge['member']['interface']) == 0:
+            del bridge['member']['interface']
+
+        if len(bridge['member']) == 0:
+            del bridge['member']
+
     return bridge
 
 def verify(bridge):
-- 
cgit v1.2.3


From f6dddb5466c95e998582f7ec774b2626b9a9067c Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 1 Aug 2022 18:06:16 +0200
Subject: macsec: T3368: check key length for gcm-aes-128/gcm-aes-256

(cherry picked from commit a09359828e38c5b51a4579af16b5ea263a98233f)
---
 src/conf_mode/interfaces-macsec.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src')

diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index 6ec34a961..5ae07dae0 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -84,6 +84,16 @@ def verify(macsec):
             raise ConfigError('Missing mandatory MACsec security '
                               'keys as encryption is enabled!')
 
+        cak_len = len(dict_search('security.mka.cak', macsec))
+
+        if dict_search('security.cipher', macsec) == 'gcm-aes-128' and cak_len != 32:
+            # gcm-aes-128 requires a 128bit long key - 32 characters (string) = 16byte = 128bit
+            raise ConfigError('gcm-aes-128 requires a 128bit long key!')
+
+        elif dict_search('security.cipher', macsec) == 'gcm-aes-256' and cak_len != 64:
+            # gcm-aes-128 requires a 128bit long key - 64 characters (string) = 32byte = 256bit
+            raise ConfigError('gcm-aes-128 requires a 256bit long key!')
+
     if 'source_interface' in macsec:
         # MACsec adds a 40 byte overhead (32 byte MACsec + 8 bytes VLAN 802.1ad
         # and 802.1q) - we need to check the underlaying MTU if our configured
-- 
cgit v1.2.3