mka: Derive MACsec cipher suite and MKA algorithm table index
Instead of using a specifically set index value from table definition, use the actual real index of the table entry. This removes need for maintaining these index values separately. Furthermore, the mka_alg_tbl[] index was already off-by-one (but not used anywhere). Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
594b7fbdde
commit
4d91d4a7cc
2 changed files with 9 additions and 12 deletions
|
@ -46,7 +46,6 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
|
|||
.name = CS_NAME_GCM_AES_128,
|
||||
.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
|
||||
.sak_len = DEFAULT_SA_KEY_LEN,
|
||||
.index = 0,
|
||||
},
|
||||
/* GCM-AES-256 */
|
||||
{
|
||||
|
@ -54,7 +53,6 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
|
|||
.name = CS_NAME_GCM_AES_256,
|
||||
.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
|
||||
.sak_len = 32,
|
||||
.index = 1 /* index */
|
||||
},
|
||||
};
|
||||
#define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
|
||||
|
@ -71,8 +69,6 @@ static struct mka_alg mka_alg_tbl[] = {
|
|||
.kek_trfm = ieee802_1x_kek_aes_cmac,
|
||||
.ick_trfm = ieee802_1x_ick_aes_cmac,
|
||||
.icv_hash = ieee802_1x_icv_aes_cmac,
|
||||
|
||||
.index = 1,
|
||||
},
|
||||
};
|
||||
#define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
|
||||
|
@ -370,7 +366,7 @@ ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
|
|||
*/
|
||||
static struct macsec_ciphersuite *
|
||||
ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
|
||||
const u8 *cs_id)
|
||||
const u8 *cs_id, unsigned int *idx)
|
||||
{
|
||||
unsigned int i;
|
||||
u64 cs;
|
||||
|
@ -380,9 +376,11 @@ ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
|
|||
cs = be_to_host64(_cs);
|
||||
|
||||
for (i = 0; i < CS_TABLE_SIZE; i++) {
|
||||
if (cipher_suite_tbl[i].id == cs)
|
||||
if (cipher_suite_tbl[i].id == cs) {
|
||||
*idx = i;
|
||||
return &cipher_suite_tbl[i];
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
@ -1673,7 +1671,10 @@ ieee802_1x_mka_decode_dist_sak_body(
|
|||
kay->macsec_csindex = DEFAULT_CS_INDEX;
|
||||
cs = &cipher_suite_tbl[kay->macsec_csindex];
|
||||
} else {
|
||||
cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
|
||||
unsigned int idx;
|
||||
|
||||
cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak,
|
||||
&idx);
|
||||
if (!cs) {
|
||||
wpa_printf(MSG_ERROR,
|
||||
"KaY: I can't support the Cipher Suite advised by key server");
|
||||
|
@ -1681,7 +1682,7 @@ ieee802_1x_mka_decode_dist_sak_body(
|
|||
}
|
||||
sak_len = cs->sak_len;
|
||||
wrap_sak = body->sak + CS_ID_LEN;
|
||||
kay->macsec_csindex = cs->index;
|
||||
kay->macsec_csindex = idx;
|
||||
}
|
||||
|
||||
unwrap_sak = os_zalloc(sak_len);
|
||||
|
|
|
@ -60,8 +60,6 @@ struct macsec_ciphersuite {
|
|||
char name[32];
|
||||
enum macsec_cap capable;
|
||||
int sak_len; /* unit: byte */
|
||||
|
||||
u32 index;
|
||||
};
|
||||
|
||||
struct mka_alg {
|
||||
|
@ -80,8 +78,6 @@ struct mka_alg {
|
|||
u8 *ick, size_t ick_bytes);
|
||||
int (*icv_hash)(const u8 *ick, size_t ick_bytes,
|
||||
const u8 *msg, size_t msg_len, u8 *icv);
|
||||
|
||||
int index; /* index for configuring */
|
||||
};
|
||||
|
||||
#define DEFAULT_MKA_ALG_INDEX 0
|
||||
|
|
Loading…
Reference in a new issue