path: root/wpa_supplicant/wpas_kay.c
diff options
authormichael-dev <michael-dev@fami-braun.de>2017-08-15 15:21:03 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-25 15:29:15 (GMT)
commitb678ed1efc50e8da4638d962f8eac13312a4048f (patch)
tree6d42b9aecaaf300b77c331a6c6bc9135c8d293bb /wpa_supplicant/wpas_kay.c
parent61127f162a3fdbe3b284d4c32a8352493e43036b (diff)
macsec: Make pre-shared CKN variable length
IEEE Std 802.1X-2010, 9.3.1 defines following restrictions for CKN: "MKA places no restriction on the format of the CKN, save that it comprise an integral number of octets, between 1 and 32 (inclusive), and that all potential members of the CA use the same CKN. No further constraints are placed on the CKNs used with PSKs, ..." Hence do not require a 32 octet long CKN but instead allow a shorter CKN to be configured. This fixes interoperability with some Aruba switches, that do not accept a 32 octet long CKN (only support shorter ones). Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Diffstat (limited to 'wpa_supplicant/wpas_kay.c')
1 files changed, 1 insertions, 1 deletions
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
index d3d06b8..c662bbb 100644
--- a/wpa_supplicant/wpas_kay.c
+++ b/wpa_supplicant/wpas_kay.c
@@ -414,7 +414,7 @@ void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
cak->len = MACSEC_CAK_LEN;
os_memcpy(cak->key, ssid->mka_cak, cak->len);
- ckn->len = MACSEC_CKN_LEN;
+ ckn->len = ssid->mka_ckn_len;
os_memcpy(ckn->name, ssid->mka_ckn, ckn->len);
res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);