mka: Support GCM-AES-256

GCM-AES-256 cipher suite is defined in IEEE Std 802.1AEbn-2011.

If authenticator configured as GCM-AES-256, the distributed SAK will be
256 bits indicated by the GCM-AES-256 ID in the MKA packet.

This patch will make AES Key Unwrap to 32 bytes of SAK when identify the
ID.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
This commit is contained in:
xiaofeis 2018-08-01 01:27:22 -07:00 committed by Jouni Malinen
parent 1d9babdaa0
commit 1ff8605775
3 changed files with 54 additions and 8 deletions

View file

@ -12,6 +12,8 @@
#define CS_ID_LEN 8
#define CS_ID_GCM_AES_128 0x0080020001000001ULL
#define CS_NAME_GCM_AES_128 "GCM-AES-128"
#define CS_ID_GCM_AES_256 0x0080c20001000002ULL
#define CS_NAME_GCM_AES_256 "GCM-AES-256"
enum macsec_policy {
/**

View file

@ -39,6 +39,9 @@
#define MAXSC 16
#define SAK_128_LEN 16
#define SAK_256_LEN 32
/* TCI field definition */
#define TCI_ES 0x40
#define TCI_SC 0x20
@ -226,19 +229,32 @@ static int macsec_qca_set_replay_protect(void *priv, Boolean enabled,
}
static fal_cipher_suite_e macsec_qca_cs_type_get(u64 cs)
{
if (cs == CS_ID_GCM_AES_128)
return FAL_CIPHER_SUITE_AES_GCM_128;
if (cs == CS_ID_GCM_AES_256)
return FAL_CIPHER_SUITE_AES_GCM_256;
return FAL_CIPHER_SUITE_MAX;
}
static int macsec_qca_set_current_cipher_suite(void *priv, u64 cs)
{
if (cs != CS_ID_GCM_AES_128) {
struct macsec_qca_data *drv = priv;
fal_cipher_suite_e cs_type;
if (cs != CS_ID_GCM_AES_128 && cs != CS_ID_GCM_AES_256) {
wpa_printf(MSG_ERROR,
"%s: NOT supported CipherSuite: %016" PRIx64,
__func__, cs);
return -1;
}
/* Support default Cipher Suite 0080020001000001 (GCM-AES-128) */
wpa_printf(MSG_DEBUG, "%s: default support aes-gcm-128", __func__);
wpa_printf(MSG_DEBUG, "%s: CipherSuite: %016" PRIx64, __func__, cs);
return 0;
cs_type = macsec_qca_cs_type_get(cs);
return nss_macsec_secy_cipher_suite_set(drv->secy_id, cs_type);
}
@ -508,8 +524,18 @@ static int macsec_qca_create_receive_sa(void *priv, struct receive_sa *sa)
__func__, channel, sa->an, sa->lowest_pn);
os_memset(&rx_sak, 0, sizeof(rx_sak));
for (i = 0; i < 16; i++)
rx_sak.sak[i] = sa->pkey->key[15 - i];
rx_sak.sak_len = sa->pkey->key_len;
if (sa->pkey->key_len == SAK_128_LEN) {
for (i = 0; i < 16; i++)
rx_sak.sak[i] = sa->pkey->key[15 - i];
} else if (sa->pkey->key_len == SAK_256_LEN) {
for (i = 0; i < 16; i++) {
rx_sak.sak1[i] = sa->pkey->key[15 - i];
rx_sak.sak[i] = sa->pkey->key[31 - i];
}
} else {
return -1;
}
ret += nss_macsec_secy_rx_sa_create(drv->secy_id, channel, sa->an);
ret += nss_macsec_secy_rx_sak_set(drv->secy_id, channel, sa->an,
@ -676,8 +702,18 @@ static int macsec_qca_create_transmit_sa(void *priv, struct transmit_sa *sa)
tci |= TCI_E | TCI_C;
os_memset(&tx_sak, 0, sizeof(tx_sak));
for (i = 0; i < 16; i++)
tx_sak.sak[i] = sa->pkey->key[15 - i];
tx_sak.sak_len = sa->pkey->key_len;
if (sa->pkey->key_len == SAK_128_LEN) {
for (i = 0; i < 16; i++)
tx_sak.sak[i] = sa->pkey->key[15 - i];
} else if (sa->pkey->key_len == SAK_256_LEN) {
for (i = 0; i < 16; i++) {
tx_sak.sak1[i] = sa->pkey->key[15 - i];
tx_sak.sak[i] = sa->pkey->key[31 - i];
}
} else {
return -1;
}
ret += nss_macsec_secy_tx_sa_next_pn_set(drv->secy_id, channel, sa->an,
sa->next_pn);

View file

@ -45,6 +45,14 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
.sak_len = DEFAULT_SA_KEY_LEN,
.index = 0,
},
/* GCM-AES-256 */
{
.id = CS_ID_GCM_AES_256,
.name = CS_NAME_GCM_AES_256,
.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
.sak_len = 32,
.index = 1 /* index */
},
};
#define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
#define DEFAULT_CS_INDEX 0