On Mon, Jun 27, 2022 at 03:26:03PM -0700, Mahesh Patil wrote: > Update Macsec GCM-AES-128 cipher suite identifier as per > IEEE Std 802.1AE-2018 specification > diff --git a/src/common/ieee802_1x_defs.h b/src/common/ieee802_1x_defs.h > @@ -10,7 +10,7 @@ > #define CS_ID_LEN 8 > -#define CS_ID_GCM_AES_128 0x0080020001000001ULL > +#define CS_ID_GCM_AES_128 0x0080c20001000001ULL > #define CS_NAME_GCM_AES_128 "GCM-AES-128" > #define CS_ID_GCM_AES_256 0x0080c20001000002ULL > #define CS_NAME_GCM_AES_256 "GCM-AES-256" What does this change in practice? In particular, is there any risk of breaking interoperability with some existing deployments? It looks like this value is used mostly for implementation internal purposes, but it would feel a bit strange if there is a magic value defined in the standard if that is the only purpose.. At minimum, the commit message would need to justify why this can be changed without causing problems to working with other implementations, including older versions of hostapd/wpa_supplicant. IEEE Std 802.1AE-2018 seemed to try to explain some of this in the NOTE that pointed out the incorrect value in IEEE Std 802.1AE-2006 (which is the version that was used at the time this value was defined in the implementation), but it is not exactly clear what the impact might be from changing the identifier value. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
