mka: Allow CAK length 32 (256-bit) to be initialized
The CAK length is not hardcoded in the algorithm agility parameter, so remove that from the table. Instead, allow both 16 (128-bit) and 32 (256-bit) CAK to be used so that the following key derivations use appropriate key lengths based on the configured/derived CAK. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
73111a63cc
commit
7a29984888
2 changed files with 3 additions and 4 deletions
|
@ -64,7 +64,6 @@ static struct mka_alg mka_alg_tbl[] = {
|
||||||
{
|
{
|
||||||
.parameter = MKA_ALGO_AGILITY_2009,
|
.parameter = MKA_ALGO_AGILITY_2009,
|
||||||
|
|
||||||
.cak_len = DEFAULT_ICV_LEN,
|
|
||||||
.icv_len = DEFAULT_ICV_LEN,
|
.icv_len = DEFAULT_ICV_LEN,
|
||||||
|
|
||||||
.cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
|
.cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
|
||||||
|
@ -3437,8 +3436,9 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
|
if (cak->len != 16 && cak->len != 32) {
|
||||||
wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
|
wpa_printf(MSG_ERROR, "KaY: Unexpected CAK length %u",
|
||||||
|
(unsigned int) cak->len);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (ckn->len > MAX_CKN_LEN) {
|
if (ckn->len > MAX_CKN_LEN) {
|
||||||
|
|
|
@ -66,7 +66,6 @@ struct macsec_ciphersuite {
|
||||||
|
|
||||||
struct mka_alg {
|
struct mka_alg {
|
||||||
u8 parameter[4];
|
u8 parameter[4];
|
||||||
size_t cak_len;
|
|
||||||
size_t icv_len;
|
size_t icv_len;
|
||||||
|
|
||||||
int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);
|
int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);
|
||||||
|
|
Loading…
Reference in a new issue