aboutsummaryrefslogtreecommitdiffstats
path: root/src/scripts/vnet
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2019-04-29 16:05:46 +0200
committerDamjan Marion <dmarion@me.com>2019-04-30 15:33:53 +0000
commitbe95444fbb31b875c2ab98cd330fdcb36027ced8 (patch)
treecdd489306a290cff918b954be950eca0fb4b61bd /src/scripts/vnet
parentd577e1f578182d7f663e0f8519dadc81f21cb7a6 (diff)
crypto: enforce per-alg crypto key length
Crypto algorithms have different requirements on key length. As we do not support key stretching (eg. PBKDF2), user must provide the exact key length used by the algorithm. Failing that means low-level crypto functions might read garbage (eg. aes128_key_expand() will read 16-bytes, regardless of the key provided by the user). Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/scripts/vnet')
-rw-r--r--src/scripts/vnet/ipsec4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/scripts/vnet/ipsec b/src/scripts/vnet/ipsec
index 6762a173699..bf3cbbc56e7 100644
--- a/src/scripts/vnet/ipsec
+++ b/src/scripts/vnet/ipsec
@@ -18,12 +18,12 @@ set int state pg0 up
set int state pg1 up
set int state pipe0 up
-create ipsec tunnel local-ip 10.0.0.1 remote-ip 10.0.0.2 local-spi 100 remote-spi 101 local-crypto-key A11E51E5B1E0 remote-crypto-key A11E51E5B1E0 crypto-alg aes-cbc-128
+create ipsec tunnel local-ip 10.0.0.1 remote-ip 10.0.0.2 local-spi 100 remote-spi 101 local-crypto-key 6541686776336961656264656f6f6579 remote-crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
set int state ipsec0 up
set int unnum ipsec0 use pg0
-create ipsec tunnel local-ip 10.0.0.2 remote-ip 10.0.0.1 local-spi 101 remote-spi 100 tx-table 1 local-crypto-key A11E51E5B1E0 remote-crypto-key A11E51E5B1E0 crypto-alg aes-cbc-128
+create ipsec tunnel local-ip 10.0.0.2 remote-ip 10.0.0.1 local-spi 101 remote-spi 100 tx-table 1 local-crypto-key 6541686776336961656264656f6f6579 remote-crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
set int state ipsec1 up
set int ip table ipsec1 1