From 73111a63ccb8a6da4b9fe1a24df191ac9dba2ba0 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 26 Dec 2018 16:23:29 +0200 Subject: [PATCH] mka: Determine KCK/ICK length from CAK length The ICK and KEK are derived from a CAK and the length of the CAK determines the length of the KCK/ICK. Remove the separate ICK/KEK length parameters from the algorithm agility table. Signed-off-by: Jouni Malinen --- src/pae/ieee802_1x_kay.c | 7 ++----- src/pae/ieee802_1x_kay_i.h | 2 -- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 8176c9db2..a0209f15a 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -64,10 +64,7 @@ static struct mka_alg mka_alg_tbl[] = { { .parameter = MKA_ALGO_AGILITY_2009, - /* 128-bit CAK, KEK, ICK, ICV */ .cak_len = DEFAULT_ICV_LEN, - .kek_len = DEFAULT_ICV_LEN, - .ick_len = DEFAULT_ICV_LEN, .icv_len = DEFAULT_ICV_LEN, .cak_trfm = ieee802_1x_cak_128bits_aes_cmac, @@ -3531,7 +3528,7 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, goto fail; /* to derive KEK from CAK and CKN */ - participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len; + participant->kek.len = participant->cak.len; if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key, participant->cak.len, participant->ckn.name, @@ -3545,7 +3542,7 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, participant->kek.key, participant->kek.len); /* to derive ICK from CAK and CKN */ - participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len; + participant->ick.len = participant->cak.len; if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key, participant->cak.len, participant->ckn.name, diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h index 7ae435583..6650a1a6c 100644 --- a/src/pae/ieee802_1x_kay_i.h +++ b/src/pae/ieee802_1x_kay_i.h @@ -67,8 +67,6 @@ struct macsec_ciphersuite { struct mka_alg { u8 parameter[4]; size_t cak_len; - size_t kek_len; - size_t ick_len; size_t icv_len; int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak); -- 2.47.2