> This situation does not happen when I use CLI like this I think the difference is that CLI is restricted, it can only accept printable characters on input. Therefore it assumes it gets "hexlified" value, and applies "unhexlify" on its input.
Contrary to that, PAPI (hopefully) can handle arbitrary u8 arrays, so it does not unhexlify. > local_crypto_key = "2b7e151628aed2a6abf7158809cf4f3d", You can try to use the unhexlified (binary) string: local_crypto_key = b"\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d", Vratko. From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Paul Vinciguerra Sent: Sunday, November 24, 2019 4:31 PM To: Terry <zenghao...@163.com> Cc: vpp-dev <vpp-dev@lists.fd.io> Subject: Re: [vpp-dev] vpp19.08 ipsec vpp_papi That output is not random. It is the hex of your string. 2b7e -> 32 62 37 65 On Sun, Nov 24, 2019 at 8:06 AM Terry <zenghao...@163.com<mailto:zenghao...@163.com>> wrote: Dear VPP experts, I'm trying to configure ipsec with python API in vpp19.08. My configurations are as follows: reply = vpp.api.ipsec_tunnel_if_add_del(is_add = 1, local_ip = "192.168.1.1", remote_ip = "192.168.2.2", local_spi = 1031, remote_spi = 1030, crypto_alg = 7, local_crypto_key_len = 16, local_crypto_key = "2b7e151628aed2a6abf7158809cf4f3d", remote_crypto_key_len = 16, remote_crypto_key = "2b7e151628aed2a6abf7158809cf4f3d", integ_alg = 2, local_integ_key_len = 16, local_integ_key = "4339314b55523947594d6d3547666b45", remote_integ_key_len = 16, remote_integ_key = "4339314b55523947594d6d3547666b45", renumber = 1, show_instance = 1) But the output SA information is as follows: vpp# show ipsec sa 0 [0] sa 2147483648 (0x80000000) spi 1030 (0x00000406) protocol:esp flags:[tunnel inbound aead ] locks 1 salt 0x0 seq 0 seq-hi 0 last-seq 0 last-seq-hi 0 window 0000000000000000000000000000000000000000000000000000000000000000 crypto alg aes-gcm-128 key 32623765313531363238616564326136 integrity alg sha1-96 key 34333339333134623535353233393437 packets 0 bytes 0 table-ID 0 tunnel src 192.168.2.2 dst 192.168.1.1 The crypto_key I configured is '2b7e151628aed2a6abf7158809cf4f3d', but the output key is '32623765313531363238616564326136'. The output crypto key looks like a random number. This situation does not happen when I use CLI like this: 'create ipsec tunnel local-ip 192.168.1.1 remote-ip 192.168.2.2 local-spi 1031 remote-spi 1030 local-crypto-key 2b7e151628aed2a6abf7158809cf4f3d remote-crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-gcm-128' Could you please give me some help? Best regards, Arvin -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14676): https://lists.fd.io/g/vpp-dev/message/14676 Mute This Topic: https://lists.fd.io/mt/61874477/1594641 Group Owner: vpp-dev+ow...@lists.fd.io<mailto:vpp-dev%2bow...@lists.fd.io> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [pvi...@vinciconsulting.com<mailto:pvi...@vinciconsulting.com>] -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14689): https://lists.fd.io/g/vpp-dev/message/14689 Mute This Topic: https://lists.fd.io/mt/61874477/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-