mka: Determine KCK/ICK length from CAK length

The ICK and KEK are derived from a CAK and the length of the CAK
determines the length of the KCK/ICK. Remove the separate ICK/KEK length
parameters from the algorithm agility table.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 8176c9db24a49f208ed7b4f95e9854e65357ca43..a0209f15afd86b8a2782c114b6dfc657e9465395 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -64,10 +64,7 @@ static struct mka_alg mka_alg_tbl[] = {
        {
                .parameter = MKA_ALGO_AGILITY_2009,
 
-               /* 128-bit CAK, KEK, ICK, ICV */
                .cak_len = DEFAULT_ICV_LEN,
-               .kek_len = DEFAULT_ICV_LEN,
-               .ick_len = DEFAULT_ICV_LEN,
                .icv_len = DEFAULT_ICV_LEN,
 
                .cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
@@ -3531,7 +3528,7 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
                goto fail;
 
        /* to derive KEK from CAK and CKN */
-       participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
+       participant->kek.len = participant->cak.len;
        if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
                                                    participant->cak.len,
                                                    participant->ckn.name,
@@ -3545,7 +3542,7 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
                        participant->kek.key, participant->kek.len);
 
        /* to derive ICK from CAK and CKN */
-       participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
+       participant->ick.len = participant->cak.len;
        if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
                                                    participant->cak.len,
                                                    participant->ckn.name,

diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
index 7ae435583e4fae37f42866fa1a55322704231123..6650a1a6ca2b128061d941cb2ae084bec754cbf2 100644 (file)
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -67,8 +67,6 @@ struct macsec_ciphersuite {
 struct mka_alg {
        u8 parameter[4];
        size_t cak_len;
-       size_t kek_len;
-       size_t ick_len;
        size_t icv_len;
 
        int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);