ipsec: remove the set_key API

there's no use case to just change the key of an SA. instead the SA
should be renegociated and the new SA applied to the existing SPD entry
or tunnel.

the set_key functions were untested.

Type: refactor
Change-Id: Ib096eebaafb20be7b5501ece5a24aea038373002
Signed-off-by: Neale Ranns <nranns@cisco.com>

1 files changed, 0 insertions, 46 deletions

diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 8e8546985ec..633f640ced2 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -341,52 +341,6 @@ ipsec_is_sa_used (u32 sa_index)
   return 0;
 }
 
-int
-ipsec_set_sa_key (u32 id, const ipsec_key_t * ck, const ipsec_key_t * ik)
-{
-  vlib_main_t *vm = vlib_get_main ();
-  ipsec_main_t *im = &ipsec_main;
-  uword *p;
-  u32 sa_index;
-  ipsec_sa_t *sa = 0;
-  clib_error_t *err;
-
-  p = hash_get (im->sa_index_by_sa_id, id);
-  if (!p)
-    return VNET_API_ERROR_SYSCALL_ERROR_1;	/* no such sa-id */
-
-  sa_index = p[0];
-  sa = pool_elt_at_index (im->sad, sa_index);
-
-  /* new crypto key */
-  if (ck)
-    {
-      clib_memcpy (&sa->crypto_key, ck, sizeof (sa->crypto_key));
-      vnet_crypto_key_modify (vm, sa->crypto_key_index, sa->crypto_calg,
-			      (u8 *) ck->data, ck->len);
-    }
-
-  /* new integ key */
-  if (ik)
-    {
-      clib_memcpy (&sa->integ_key, ik, sizeof (sa->integ_key));
-      vnet_crypto_key_modify (vm, sa->integ_key_index, sa->integ_calg,
-			      (u8 *) ik->data, ik->len);
-    }
-
-  if (ck || ik)
-    {
-      err = ipsec_call_add_del_callbacks (im, sa, sa_index, 0);
-      if (err)
-	{
-	  clib_error_free (err);
-	  return VNET_API_ERROR_SYSCALL_ERROR_1;
-	}
-    }
-
-  return 0;
-}
-
 u32
 ipsec_get_sa_index_by_sa_id (u32 sa_id)
 {