Skip to content

[action] [PR:16388] Update macsec CAK keys in profile for tests to change to type7 encoded format #16500

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 8, 2023
Merged

[action] [PR:16388] Update macsec CAK keys in profile for tests to change to type7 encoded format #16500

merged 1 commit into from
Sep 8, 2023

Conversation

mssonicbld
Copy link
Collaborator

Why I did it

The changes needed in various macsec unit tests and config plugin when we move to accept the type 7 encoded key format for macsec. This goes along with PR : sonic-net/sonic-swss#2892 raised earlier.

Work item tracking
  • Microsoft ADO (number only): 25046448

How I did it

Updated the macsec profiles used in unit test with the type7 encoded CAK keys.

Updated the length check in macsec config plugin to accept not strings of length 66 and 130 bytes depending on whether it is 128 byte cipher suite or 256 byte cipher suite

Additional changes needed to the yang model file.

  1. Increase the CAK key length from 32 bytes and 64 bytes with plain text format --> 66 bytes and 130 bytes with type 7 encoded keys for 128 byte and 256 byte cipher suites.
  2. Removing the check to validate the length of CAK and CKN, the key and name need not be same length

How to verify it

Validated with CLI commands to make sure macsec profiles are created correctly.
More tests added in PRs : sonic-net/sonic-swss#2892, sonic-net/sonic-mgmt#9812

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211
  • 202305

Tested branch (Please provide the tested image version)

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@judyjoseph @mssonicbld
Update macsec CAK keys in profile for tests to change to type7 encode…
527a412 
…d format (sonic-net#16388)

* Change the CAK key length check in config plugin, macsec test profile changes

* Fix the format in add_profile api

The changes needed in various macsec unit tests and config plugin when we move to accept the type 7 encoded key format for macsec. This goes along with PR : sonic-net/sonic-swss#2892 raised earlier.
@mssonicbld mssonicbld mentioned this pull request Sep 8, 2023
Merged
11 tasks
@mssonicbld
Copy link
Collaborator Author

Original PR: #16388

@mssonicbld mssonicbld merged commit 4390159 into sonic-net:202211 Sep 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qiluo-msft qiluo-msft Awaiting requested review from qiluo-msft qiluo-msft is a code owner

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees
No one assigned
Labels
automerge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mssonicbld @judyjoseph