From 7a29984888f80e6c92d88fc4a4096e560ab6fd75 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 26 Dec 2018 16:28:27 +0200 Subject: [PATCH] mka: Allow CAK length 32 (256-bit) to be initialized The CAK length is not hardcoded in the algorithm agility parameter, so remove that from the table. Instead, allow both 16 (128-bit) and 32 (256-bit) CAK to be used so that the following key derivations use appropriate key lengths based on the configured/derived CAK. Signed-off-by: Jouni Malinen --- src/pae/ieee802_1x_kay.c | 6 +++--- src/pae/ieee802_1x_kay_i.h | 1 - 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index a0209f15a..3127bf63c 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -64,7 +64,6 @@ static struct mka_alg mka_alg_tbl[] = { { .parameter = MKA_ALGO_AGILITY_2009, - .cak_len = DEFAULT_ICV_LEN, .icv_len = DEFAULT_ICV_LEN, .cak_trfm = ieee802_1x_cak_128bits_aes_cmac, @@ -3437,8 +3436,9 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, return NULL; } - if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) { - wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema"); + if (cak->len != 16 && cak->len != 32) { + wpa_printf(MSG_ERROR, "KaY: Unexpected CAK length %u", + (unsigned int) cak->len); return NULL; } if (ckn->len > MAX_CKN_LEN) { diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h index 6650a1a6c..9799f6251 100644 --- a/src/pae/ieee802_1x_kay_i.h +++ b/src/pae/ieee802_1x_kay_i.h @@ -66,7 +66,6 @@ struct macsec_ciphersuite { struct mka_alg { u8 parameter[4]; - size_t cak_len; size_t icv_len; int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);