@ -39,6 +39,9 @@
# define MAXSC 16
# define SAK_128_LEN 16
# define SAK_256_LEN 32
/* TCI field definition */
# define TCI_ES 0x40
# define TCI_SC 0x20
@ -226,19 +229,32 @@ static int macsec_qca_set_replay_protect(void *priv, Boolean enabled,
}
static fal_cipher_suite_e macsec_qca_cs_type_get ( u64 cs )
{
if ( cs = = CS_ID_GCM_AES_128 )
return FAL_CIPHER_SUITE_AES_GCM_128 ;
if ( cs = = CS_ID_GCM_AES_256 )
return FAL_CIPHER_SUITE_AES_GCM_256 ;
return FAL_CIPHER_SUITE_MAX ;
}
static int macsec_qca_set_current_cipher_suite ( void * priv , u64 cs )
{
if ( cs ! = CS_ID_GCM_AES_128 ) {
struct macsec_qca_data * drv = priv ;
fal_cipher_suite_e cs_type ;
if ( cs ! = CS_ID_GCM_AES_128 & & cs ! = CS_ID_GCM_AES_256 ) {
wpa_printf ( MSG_ERROR ,
" %s: NOT supported CipherSuite: %016 " PRIx64 ,
__func__ , cs ) ;
return - 1 ;
}
/* Support default Cipher Suite 0080020001000001 (GCM-AES-128) */
wpa_printf ( MSG_DEBUG , " %s: default support aes-gcm-128 " , __func__ ) ;
wpa_printf ( MSG_DEBUG , " %s: CipherSuite: %016 " PRIx64 , __func__ , cs ) ;
return 0 ;
cs_type = macsec_qca_cs_type_get ( cs ) ;
return nss_macsec_secy_cipher_suite_set ( drv - > secy_id , cs_type ) ;
}
@ -508,8 +524,18 @@ static int macsec_qca_create_receive_sa(void *priv, struct receive_sa *sa)
__func__ , channel , sa - > an , sa - > lowest_pn ) ;
os_memset ( & rx_sak , 0 , sizeof ( rx_sak ) ) ;
for ( i = 0 ; i < 16 ; i + + )
rx_sak . sak [ i ] = sa - > pkey - > key [ 15 - i ] ;
rx_sak . sak_len = sa - > pkey - > key_len ;
if ( sa - > pkey - > key_len = = SAK_128_LEN ) {
for ( i = 0 ; i < 16 ; i + + )
rx_sak . sak [ i ] = sa - > pkey - > key [ 15 - i ] ;
} else if ( sa - > pkey - > key_len = = SAK_256_LEN ) {
for ( i = 0 ; i < 16 ; i + + ) {
rx_sak . sak1 [ i ] = sa - > pkey - > key [ 15 - i ] ;
rx_sak . sak [ i ] = sa - > pkey - > key [ 31 - i ] ;
}
} else {
return - 1 ;
}
ret + = nss_macsec_secy_rx_sa_create ( drv - > secy_id , channel , sa - > an ) ;
ret + = nss_macsec_secy_rx_sak_set ( drv - > secy_id , channel , sa - > an ,
@ -676,8 +702,18 @@ static int macsec_qca_create_transmit_sa(void *priv, struct transmit_sa *sa)
tci | = TCI_E | TCI_C ;
os_memset ( & tx_sak , 0 , sizeof ( tx_sak ) ) ;
for ( i = 0 ; i < 16 ; i + + )
tx_sak . sak [ i ] = sa - > pkey - > key [ 15 - i ] ;
tx_sak . sak_len = sa - > pkey - > key_len ;
if ( sa - > pkey - > key_len = = SAK_128_LEN ) {
for ( i = 0 ; i < 16 ; i + + )
tx_sak . sak [ i ] = sa - > pkey - > key [ 15 - i ] ;
} else if ( sa - > pkey - > key_len = = SAK_256_LEN ) {
for ( i = 0 ; i < 16 ; i + + ) {
tx_sak . sak1 [ i ] = sa - > pkey - > key [ 15 - i ] ;
tx_sak . sak [ i ] = sa - > pkey - > key [ 31 - i ] ;
}
} else {
return - 1 ;
}
ret + = nss_macsec_secy_tx_sa_next_pn_set ( drv - > secy_id , channel , sa - > an ,
sa - > next_pn ) ;