[PATCH] mka: Update GCM-AES-128 cipher suite identifier

Jouni Malinen j at w1.fi
Mon Nov 28 01:36:50 PST 2022

On Mon, Jun 27, 2022 at 03:26:03PM -0700, Mahesh Patil wrote:
> Update Macsec GCM-AES-128 cipher suite identifier as per
> IEEE Std 802.1AE-2018 specification

> diff --git a/src/common/ieee802_1x_defs.h b/src/common/ieee802_1x_defs.h
> @@ -10,7 +10,7 @@
>  #define CS_ID_LEN		8
> -#define CS_ID_GCM_AES_128	0x0080020001000001ULL
> +#define CS_ID_GCM_AES_128	0x0080c20001000001ULL
>  #define CS_NAME_GCM_AES_128	"GCM-AES-128"
>  #define CS_ID_GCM_AES_256	0x0080c20001000002ULL
>  #define CS_NAME_GCM_AES_256	"GCM-AES-256"

What does this change in practice? In particular, is there any risk of
breaking interoperability with some existing deployments? It looks like
this value is used mostly for implementation internal purposes, but it
would feel a bit strange if there is a magic value defined in the
standard if that is the only purpose..

At minimum, the commit message would need to justify why this can be
changed without causing problems to working with other implementations,
including older versions of hostapd/wpa_supplicant.

IEEE Std 802.1AE-2018 seemed to try to explain some of this in the NOTE
that pointed out the incorrect value in IEEE Std 802.1AE-2006 (which is
the version that was used at the time this value was defined in the
implementation), but it is not exactly clear what the impact might be
from changing the identifier value.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list