aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-12-27 14:37:57 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-29 09:05:39 (GMT)
commit4d91d4a7cce24e927fce2e59e51994e0a0ffeff7 (patch)
tree5f638b07157fe0f0375ae031408a583a49c68f95 /src
parent594b7fbddeb67546e5a8997c1675a8d84a792cf9 (diff)
downloadhostap-4d91d4a7cce24e927fce2e59e51994e0a0ffeff7.zip
hostap-4d91d4a7cce24e927fce2e59e51994e0a0ffeff7.tar.gz
hostap-4d91d4a7cce24e927fce2e59e51994e0a0ffeff7.tar.bz2
mka: Derive MACsec cipher suite and MKA algorithm table index
Instead of using a specifically set index value from table definition, use the actual real index of the table entry. This removes need for maintaining these index values separately. Furthermore, the mka_alg_tbl[] index was already off-by-one (but not used anywhere). Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/pae/ieee802_1x_kay.c17
-rw-r--r--src/pae/ieee802_1x_kay_i.h4
2 files changed, 9 insertions, 12 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 22df6f7..7d6d07c 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -46,7 +46,6 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
.name = CS_NAME_GCM_AES_128,
.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
.sak_len = DEFAULT_SA_KEY_LEN,
- .index = 0,
},
/* GCM-AES-256 */
{
@@ -54,7 +53,6 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
.name = CS_NAME_GCM_AES_256,
.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
.sak_len = 32,
- .index = 1 /* index */
},
};
#define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
@@ -71,8 +69,6 @@ static struct mka_alg mka_alg_tbl[] = {
.kek_trfm = ieee802_1x_kek_aes_cmac,
.ick_trfm = ieee802_1x_ick_aes_cmac,
.icv_hash = ieee802_1x_icv_aes_cmac,
-
- .index = 1,
},
};
#define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
@@ -370,7 +366,7 @@ ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
*/
static struct macsec_ciphersuite *
ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
- const u8 *cs_id)
+ const u8 *cs_id, unsigned int *idx)
{
unsigned int i;
u64 cs;
@@ -380,8 +376,10 @@ ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
cs = be_to_host64(_cs);
for (i = 0; i < CS_TABLE_SIZE; i++) {
- if (cipher_suite_tbl[i].id == cs)
+ if (cipher_suite_tbl[i].id == cs) {
+ *idx = i;
return &cipher_suite_tbl[i];
+ }
}
return NULL;
@@ -1673,7 +1671,10 @@ ieee802_1x_mka_decode_dist_sak_body(
kay->macsec_csindex = DEFAULT_CS_INDEX;
cs = &cipher_suite_tbl[kay->macsec_csindex];
} else {
- cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
+ unsigned int idx;
+
+ cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak,
+ &idx);
if (!cs) {
wpa_printf(MSG_ERROR,
"KaY: I can't support the Cipher Suite advised by key server");
@@ -1681,7 +1682,7 @@ ieee802_1x_mka_decode_dist_sak_body(
}
sak_len = cs->sak_len;
wrap_sak = body->sak + CS_ID_LEN;
- kay->macsec_csindex = cs->index;
+ kay->macsec_csindex = idx;
}
unwrap_sak = os_zalloc(sak_len);
diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
index 06eaacf..85aa4de 100644
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -60,8 +60,6 @@ struct macsec_ciphersuite {
char name[32];
enum macsec_cap capable;
int sak_len; /* unit: byte */
-
- u32 index;
};
struct mka_alg {
@@ -80,8 +78,6 @@ struct mka_alg {
u8 *ick, size_t ick_bytes);
int (*icv_hash)(const u8 *ick, size_t ick_bytes,
const u8 *msg, size_t msg_len, u8 *icv);
-
- int index; /* index for configuring */
};
#define DEFAULT_MKA_ALG_INDEX 0