Macsecmodule Module

class mtf.libs.mtf_pybinder.MACsecModule.CipherSuite

__init__(*args, **kwargs)

Overloaded function.

__init__(self: mtf.libs.mtf_pybinder.MACsecModule.CipherSuite) -> None
__init__(self: mtf.libs.mtf_pybinder.MACsecModule.CipherSuite, arg0: int, arg1: Annotated[list[int], FixedSize(8)]) -> None

__new__(**kwargs)

property capability

property identifier

class mtf.libs.mtf_pybinder.MACsecModule.Key

__init__(self: mtf.libs.mtf_pybinder.MACsecModule.Key) → None

__new__(**kwargs)

property acceptable_packet_number

property an

property cipher_suite

property created

property length

property number

property rx

property sak

property server_identifier

property tx

mtf.libs.mtf_pybinder.MACsecModule.add_supported_ciphersuite(cipher: CipherSuite) → bool: Add a cipher suite to the supported ones

Args: cipher Cipher suite to add as supported

mtf.libs.mtf_pybinder.MACsecModule.aes_wrap_from_key(key: mtf::security::MkaKey) → str: Generate the AES wrap from passed key

Args: key Key to generate the AES wrap

mtf.libs.mtf_pybinder.MACsecModule.allow_default_cipher(allow_default: bool) → None: Enables or disables the use of the default cipher suite (AES-128)

Args: allow_default Allow/disable use of the default cipher

mtf.libs.mtf_pybinder.MACsecModule.allow_macsec_communication(allow_macsec: bool) → None: Enables or disables macsec communication

Args: allow_macsec Enable/disable macsec communication

mtf.libs.mtf_pybinder.MACsecModule.auto_update_lowest_acceptable_pn(auto_update: bool) → None: Enables/disables the automatic update of the lowest acceptable number value

Args: auto_update Enable/disable the auto lowest acceptable pn value update

mtf.libs.mtf_pybinder.MACsecModule.deinit() → bool: Deinit macsec module daemon

mtf.libs.mtf_pybinder.MACsecModule.force_rekey(repeat_sak: bool = False, new_an: int = 42) → None: Forces the daemon to do a rekey

Args: repeat_sak (Optional) Force the daemon to reuse the same SAK (sends DSAK again). By default is false. new_an (Optional) An to use for the new generated key (between 0 and 3, both included). By default it will cycle the AN values as per the standard (The default 42 signifies this).

mtf.libs.mtf_pybinder.MACsecModule.generate_key(key: str) → mtf::security::MkaKey: Generates new SAK key using cipher

Args: cipher Cipher to use in key generation

mtf.libs.mtf_pybinder.MACsecModule.get_actor_member_identifier() → str: Gets the actor member identifier

mtf.libs.mtf_pybinder.MACsecModule.get_destination_mac() → str: Returns the destination mac address. Format example: ‘DE:AD:BE:EF:00:01’

mtf.libs.mtf_pybinder.MACsecModule.get_key_server_priority() → int: Gets the key server priority

mtf.libs.mtf_pybinder.MACsecModule.get_latest_sak_key() → mtf::security::MkaKey: Get latest key SAK

mtf.libs.mtf_pybinder.MACsecModule.get_macsec_acceptable_pn() → int: Gets the macsec interface acceptable packet number value

mtf.libs.mtf_pybinder.MACsecModule.get_macsec_capability() → int: Gets the daemon macsec capability

mtf.libs.mtf_pybinder.MACsecModule.get_macsec_if_name() → str: Gets the configured macsec interface name

mtf.libs.mtf_pybinder.MACsecModule.get_old_sak_key() → mtf::security::MkaKey: Get old key SAK

mtf.libs.mtf_pybinder.MACsecModule.get_source_mac() → str: Returns the source mac address. Format example: ‘DE:AD:BE:EF:00:01’

mtf.libs.mtf_pybinder.MACsecModule.has_live_macsec_interface() → bool: Checks if the daemon has a configured live interface

mtf.libs.mtf_pybinder.MACsecModule.ignore_foreign_live_peers(ignore_peers: bool) → None: Sets the daemon to ignore live peers in their peer’s live peer lists

Args: ignore_peers Ignore foreign live peers

mtf.libs.mtf_pybinder.MACsecModule.ignore_macsec_interfaces_issues(ignore_issues: bool) → None: Ignore macsec interface configuration issues

Args: ignore_issues Ignore/treat macsec if. configuration issues

mtf.libs.mtf_pybinder.MACsecModule.init(interface_name: str, channel_name: str) → bool: Init macsec module daemon

Args: interface_name Name of the network interface (Optional / Mandatory on first call) channel_name Name of the configuration channel (Optional / Mandatory on first call)

mtf.libs.mtf_pybinder.MACsecModule.is_initialized() → bool: Returns the initialized status of the daemon

mtf.libs.mtf_pybinder.MACsecModule.is_started() → bool: Returns the started status of the daemon

mtf.libs.mtf_pybinder.MACsecModule.negotiate_confidentiality_offset(negotiate_offset: bool) → None: Allows or forbids confidentiality offset negotiation

Args: negotiate_offset Allow/forbid conf. offset negotiation

mtf.libs.mtf_pybinder.MACsecModule.negotiate_macsec_capability(negotiate_capability: bool) → None: Allows or forbids macsec capability negotiation

Args: negotiate_capability Allow/forbid capability negotiation

mtf.libs.mtf_pybinder.MACsecModule.remove_all_supported_ciphersuites() → None: Removes all supported ciphersuites

mtf.libs.mtf_pybinder.MACsecModule.send_message(packet: mtf::security::Packet, manual_icv: bool = False) → bool: Send a Packet through the daemon interface.

Args: packet Packet to be sent manual_icv False (by default) to calculate ICV automatically, true to use manual icv.

mtf.libs.mtf_pybinder.MACsecModule.set_actor_member_identifier(identifier: str) → None: Sets the actor member identifier

Args: identifier New actor member identifier

mtf.libs.mtf_pybinder.MACsecModule.set_actor_message_number(actor_message_number: int) → None: Sets the actor message number

Args: actor_message_number New actor message number

mtf.libs.mtf_pybinder.MACsecModule.set_allow_wrong_icv(is_allowed: bool) → None: Allows packets with wrong icv

Args: is_allowed Allow wrong icv

mtf.libs.mtf_pybinder.MACsecModule.set_allow_wrong_icv_when_sending(is_allowed: bool) → None: Allows wrong icvs when sending packets

Args: is_allowed Allow wrong icv when sending

mtf.libs.mtf_pybinder.MACsecModule.set_allow_wrong_parameter_set_order(is_allowed: bool) → None: Allows packets with wrong parameter set order

Args: is_allowed Allow wrong parameter set order

mtf.libs.mtf_pybinder.MACsecModule.set_cak(cak: str, ckn: str) → None: Sets the daemon cak (and ckn)

Args: cak New cak value cak_name New ckn value

mtf.libs.mtf_pybinder.MACsecModule.set_destination_mac(mac: str) → None: Sets the destination mac address

Args: mac New destination mac address. Format example: ‘DE:AD:BE:EF:00:01’

mtf.libs.mtf_pybinder.MACsecModule.set_key_server(is_keyserver: bool) → None: Sets the daemon key server flag

Args: is_keyserver Key server flag value

mtf.libs.mtf_pybinder.MACsecModule.set_key_server_priority(priority: int) → None: Sets the key server priority

Args: priority New key server priority

mtf.libs.mtf_pybinder.MACsecModule.set_latest_sak_key(key: mtf::security::MkaKey) → None: Set latest key SAK

Args: key New SAK for latest key

mtf.libs.mtf_pybinder.MACsecModule.set_macsec_capability(capability: int) → None: Sets the daemon macsec capability

Args: capability New macsec capability

mtf.libs.mtf_pybinder.MACsecModule.set_macsec_desired(is_allowed: bool) → None: Sets the macsec desired value of the daemon

Args: macsec Macsec desired value

mtf.libs.mtf_pybinder.MACsecModule.set_macsec_if_name(if_name: str) → None: Sets the macsec interface name (call before starting daemon)

Args: if_name New macsec interface name

mtf.libs.mtf_pybinder.MACsecModule.set_macsec_interface_pn(packet_number: int) → None: Sets the macsec interface packet number

Args: packet_number New packet number for the interface

mtf.libs.mtf_pybinder.MACsecModule.set_macsec_send_sci(send_sci: bool) → None: Forces macsec packets to always send sci in header

Args: send_sci Value to always send sci or only when necessary

mtf.libs.mtf_pybinder.MACsecModule.set_macsec_validate(validate: int) → None: Enable or disable incoming macsec packets validation

Args: validate Enable/disable macsec packets validation

mtf.libs.mtf_pybinder.MACsecModule.set_mka_hello_time(ms: int) → None: Sets a new mka hello time value

Args: ms New mka hello time (milliseconds)

mtf.libs.mtf_pybinder.MACsecModule.set_mka_timeout(ms: int) → None: Sets a new mka timeout value

Args: ms New mka timeout (milliseconds)

mtf.libs.mtf_pybinder.MACsecModule.set_old_sak_key(key: mtf::security::MkaKey) → None: Set old key SAK

Args: key New SAK for old key

mtf.libs.mtf_pybinder.MACsecModule.set_preferred_confidentiality_offset(new_confidentiality_offset: int) → None: Sets the preferred confidentiality offset for the daemon

Args: new_confidentiality_offset New preferred confidentiality offset value

mtf.libs.mtf_pybinder.MACsecModule.set_retire_delay(retireDelay: int) → None: Set retire cp state delay

Args: retireDelay New retire state delay time

mtf.libs.mtf_pybinder.MACsecModule.set_source_mac(mac: str) → None: Sets the source mac address

Args: mac New source mac address. Format example: ‘DE:AD:BE:EF:00:01’

mtf.libs.mtf_pybinder.MACsecModule.set_transmit_delay(transmitDelay: int) → None: Set transmit cp state delay

Args: key transmitDelay New transmit state delay time

mtf.libs.mtf_pybinder.MACsecModule.set_vlan_ids(mka_vlan_id: int, macsec_vlan_ids: list[int]) → None: Set the vlans network ids.

Args: mka_vlan_id Id of the mka vlan macsec_vlan_ids List of macsec vlan ids

mtf.libs.mtf_pybinder.MACsecModule.start() → bool: Start macsec module daemon

mtf.libs.mtf_pybinder.MACsecModule.stop() → bool: Stop macsec module daemon

mtf.libs.mtf_pybinder.MACsecModule.transfer_ip_to_macsec_interface() → None: Transfers the configured ip address to the created macsec interface