mka: Support GCM-AES-256

GCM-AES-256 cipher suite is defined in IEEE Std 802.1AEbn-2011.

If authenticator configured as GCM-AES-256, the distributed SAK will be
256 bits indicated by the GCM-AES-256 ID in the MKA packet.

This patch will make AES Key Unwrap to 32 bytes of SAK when identify the
ID.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>

src/common/ieee802_1x_defs.h

@@ -12,6 +12,8 @@
 #define CS_ID_LEN		8
 #define CS_ID_GCM_AES_128	0x0080020001000001ULL
 #define CS_NAME_GCM_AES_128	"GCM-AES-128"
+#define CS_ID_GCM_AES_256	0x0080c20001000002ULL
+#define CS_NAME_GCM_AES_256	"GCM-AES-256"
 
 enum macsec_policy {
 	/**

src/drivers/driver_macsec_qca.c

@@ -39,6 +39,9 @@
 
 #define MAXSC 16
 
+#define SAK_128_LEN	16
+#define SAK_256_LEN	32
+
 /* TCI field definition */
 #define TCI_ES                0x40
 #define TCI_SC                0x20
@@ -226,19 +229,32 @@ static int macsec_qca_set_replay_protect(void *priv, Boolean enabled,
 }
 
 
+static fal_cipher_suite_e macsec_qca_cs_type_get(u64 cs)
+{
+	if (cs == CS_ID_GCM_AES_128)
+		return FAL_CIPHER_SUITE_AES_GCM_128;
+	if (cs == CS_ID_GCM_AES_256)
+		return FAL_CIPHER_SUITE_AES_GCM_256;
+	return FAL_CIPHER_SUITE_MAX;
+}
+
+
 static int macsec_qca_set_current_cipher_suite(void *priv, u64 cs)
 {
-	if (cs != CS_ID_GCM_AES_128) {
+	struct macsec_qca_data *drv = priv;
+	fal_cipher_suite_e cs_type;
+
+	if (cs != CS_ID_GCM_AES_128 && cs != CS_ID_GCM_AES_256) {
 		wpa_printf(MSG_ERROR,
 			   "%s: NOT supported CipherSuite: %016" PRIx64,
 			   __func__, cs);
 		return -1;
 	}
 
-	/* Support default Cipher Suite 0080020001000001 (GCM-AES-128) */
+	wpa_printf(MSG_DEBUG, "%s: CipherSuite: %016" PRIx64, __func__, cs);
-	wpa_printf(MSG_DEBUG, "%s: default support aes-gcm-128", __func__);
 
-	return 0;
+	cs_type = macsec_qca_cs_type_get(cs);
+	return nss_macsec_secy_cipher_suite_set(drv->secy_id, cs_type);
 }
 
 
@@ -508,8 +524,18 @@ static int macsec_qca_create_receive_sa(void *priv, struct receive_sa *sa)
 		   __func__, channel, sa->an, sa->lowest_pn);
 
 	os_memset(&rx_sak, 0, sizeof(rx_sak));
-	for (i = 0; i < 16; i++)
+	rx_sak.sak_len = sa->pkey->key_len;
-		rx_sak.sak[i] = sa->pkey->key[15 - i];
+	if (sa->pkey->key_len == SAK_128_LEN) {
+		for (i = 0; i < 16; i++)
+			rx_sak.sak[i] = sa->pkey->key[15 - i];
+	} else if (sa->pkey->key_len == SAK_256_LEN) {
+		for (i = 0; i < 16; i++) {
+			rx_sak.sak1[i] = sa->pkey->key[15 - i];
+			rx_sak.sak[i] = sa->pkey->key[31 - i];
+		}
+	} else {
+		return -1;
+	}
 
 	ret += nss_macsec_secy_rx_sa_create(drv->secy_id, channel, sa->an);
 	ret += nss_macsec_secy_rx_sak_set(drv->secy_id, channel, sa->an,
@@ -676,8 +702,18 @@ static int macsec_qca_create_transmit_sa(void *priv, struct transmit_sa *sa)
 		tci |= TCI_E | TCI_C;
 
 	os_memset(&tx_sak, 0, sizeof(tx_sak));
-	for (i = 0; i < 16; i++)
+	tx_sak.sak_len = sa->pkey->key_len;
-		tx_sak.sak[i] = sa->pkey->key[15 - i];
+	if (sa->pkey->key_len == SAK_128_LEN) {
+		for (i = 0; i < 16; i++)
+			tx_sak.sak[i] = sa->pkey->key[15 - i];
+	} else if (sa->pkey->key_len == SAK_256_LEN) {
+		for (i = 0; i < 16; i++) {
+			tx_sak.sak1[i] = sa->pkey->key[15 - i];
+			tx_sak.sak[i] = sa->pkey->key[31 - i];
+		}
+	} else {
+		return -1;
+	}
 
 	ret += nss_macsec_secy_tx_sa_next_pn_set(drv->secy_id, channel, sa->an,
 						 sa->next_pn);

src/pae/ieee802_1x_kay.c

@@ -45,6 +45,14 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
 		.sak_len = DEFAULT_SA_KEY_LEN,
 		.index = 0,
 	},
+	/* GCM-AES-256 */
+	{
+		.id = CS_ID_GCM_AES_256,
+		.name = CS_NAME_GCM_AES_256,
+		.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
+		.sak_len = 32,
+		.index = 1 /* index */
+	},
 };
 #define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
 #define DEFAULT_CS_INDEX  0