mka: Derive MACsec cipher suite and MKA algorithm table index

Instead of using a specifically set index value from table definition,
use the actual real index of the table entry. This removes need for
maintaining these index values separately. Furthermore, the
mka_alg_tbl[] index was already off-by-one (but not used anywhere).

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 22df6f7ac5914823db4ebaedaf41aad4e27a41d2..7d6d07c0b24d13d860193ee4d046ee9713ded7b3 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -46,7 +46,6 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
                .name = CS_NAME_GCM_AES_128,
                .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
                .sak_len = DEFAULT_SA_KEY_LEN,
-               .index = 0,
        },
        /* GCM-AES-256 */
        {
@@ -54,7 +53,6 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
                .name = CS_NAME_GCM_AES_256,
                .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
                .sak_len = 32,
-               .index = 1 /* index */
        },
 };
 #define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
@@ -71,8 +69,6 @@ static struct mka_alg mka_alg_tbl[] = {
                .kek_trfm = ieee802_1x_kek_aes_cmac,
                .ick_trfm = ieee802_1x_ick_aes_cmac,
                .icv_hash = ieee802_1x_icv_aes_cmac,
-
-               .index = 1,
        },
 };
 #define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
@@ -370,7 +366,7 @@ ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
  */
 static struct macsec_ciphersuite *
 ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
-                               const u8 *cs_id)
+                               const u8 *cs_id, unsigned int *idx)
 {
        unsigned int i;
        u64 cs;
@@ -380,8 +376,10 @@ ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
        cs = be_to_host64(_cs);
 
        for (i = 0; i < CS_TABLE_SIZE; i++) {
-               if (cipher_suite_tbl[i].id == cs)
+               if (cipher_suite_tbl[i].id == cs) {
+                       *idx = i;
                        return &cipher_suite_tbl[i];
+               }
        }
 
        return NULL;
@@ -1673,7 +1671,10 @@ ieee802_1x_mka_decode_dist_sak_body(
                kay->macsec_csindex = DEFAULT_CS_INDEX;
                cs = &cipher_suite_tbl[kay->macsec_csindex];
        } else {
-               cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
+               unsigned int idx;
+
+               cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak,
+                                                    &idx);
                if (!cs) {
                        wpa_printf(MSG_ERROR,
                                   "KaY: I can't support the Cipher Suite advised by key server");
@@ -1681,7 +1682,7 @@ ieee802_1x_mka_decode_dist_sak_body(
                }
                sak_len = cs->sak_len;
                wrap_sak = body->sak + CS_ID_LEN;
-               kay->macsec_csindex = cs->index;
+               kay->macsec_csindex = idx;
        }
 
        unwrap_sak = os_zalloc(sak_len);

diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
index 06eaacfa60d6324730ffe991430fb41a107f57da..85aa4de1957a02b5c3db281b8fde5e9d36a7bc22 100644 (file)
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -60,8 +60,6 @@ struct macsec_ciphersuite {
        char name[32];
        enum macsec_cap capable;
        int sak_len; /* unit: byte */
-
-       u32 index;
 };
 
 struct mka_alg {
@@ -80,8 +78,6 @@ struct mka_alg {
                        u8 *ick, size_t ick_bytes);
        int (*icv_hash)(const u8 *ick, size_t ick_bytes,
                        const u8 *msg, size_t msg_len, u8 *icv);
-
-       int index; /* index for configuring */
 };
 
 #define DEFAULT_MKA_ALG_INDEX 0