struct wpa_ssid *ssid, int line,
const char *value)
{
- if (hexstr2bin(value, ssid->mka_cak, MACSEC_CAK_LEN) ||
- value[MACSEC_CAK_LEN * 2] != '\0') {
+ size_t len;
+
+ len = os_strlen(value);
+ if (len > 2 * MACSEC_CAK_MAX_LEN ||
+ (len != 2 * 16 && len != 2 * 32) ||
+ hexstr2bin(value, ssid->mka_cak, len / 2)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CAK '%s'.",
line, value);
return -1;
}
-
+ ssid->mka_cak_len = len / 2;
ssid->mka_psk_set |= MKA_PSK_SET_CAK;
- wpa_hexdump_key(MSG_MSGDUMP, "MKA-CAK", ssid->mka_cak, MACSEC_CAK_LEN);
+ wpa_hexdump_key(MSG_MSGDUMP, "MKA-CAK", ssid->mka_cak,
+ ssid->mka_cak_len);
return 0;
}
if (!(ssid->mka_psk_set & MKA_PSK_SET_CAK))
return NULL;
- return wpa_config_write_string_hex(ssid->mka_cak, MACSEC_CAK_LEN);
+ return wpa_config_write_string_hex(ssid->mka_cak, ssid->mka_cak_len);
}
/**
* mka_cak - MKA pre-shared CAK
*/
-#define MACSEC_CAK_LEN 16
- u8 mka_cak[MACSEC_CAK_LEN];
+#define MACSEC_CAK_MAX_LEN 32
+ size_t mka_cak_len;
+ u8 mka_cak[MACSEC_CAK_MAX_LEN];
#define MKA_PSK_SET_CKN BIT(0)
#define MKA_PSK_SET_CAK BIT(1)
# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
# In this mode, instances of wpa_supplicant can act as MACsec peers. The peer
# with lower priority will become the key server and start distributing SAKs.
-# mka_cak (CAK = Secure Connectivity Association Key) takes a 16-bytes (128 bit)
-# hex-string (32 hex-digits)
-# mka_ckn (CKN = CAK Name) takes a 32-bytes (256 bit) hex-string (64 hex-digits)
+# mka_cak (CAK = Secure Connectivity Association Key) takes a 16-byte (128-bit)
+# hex-string (32 hex-digits) or a 32-byte (256-bit) hex-string (64 hex-digits)
+# mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string
+# (2..64 hex-digits)
# mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
# default priority
#
if (wpa_s->kay->policy == DO_NOT_SECURE)
goto dealloc;
- cak->len = MACSEC_CAK_LEN;
+ cak->len = ssid->mka_cak_len;
os_memcpy(cak->key, ssid->mka_cak, cak->len);
ckn->len = ssid->mka_ckn_len;