diff options
| author | Andrey Kartashev <andrey.kartashev@afconsult.com> | 2018-11-02 18:02:18 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2018-12-26 14:42:25 (GMT) |
| commit | c1576d44a839b4e75c8797b1b44b9463d2dfa189 (patch) | |
| tree | 97f1f5b7206c26b8658168eb79026bd615c7a65c /src/pae/ieee802_1x_key.c | |
| parent | c9c93e7a2414c78a0db4008e3c80c2173eb84942 (diff) | |
| download | hostap-c1576d44a839b4e75c8797b1b44b9463d2dfa189.zip hostap-c1576d44a839b4e75c8797b1b44b9463d2dfa189.tar.gz hostap-c1576d44a839b4e75c8797b1b44b9463d2dfa189.tar.bz2 | |
mka: Support for 256-bit SAK generation
There is already partial support of GCM-AES-256. It is possible to
enable this mode by setting 'kay->macsec_csindex = 1;' in
ieee802_1x_kay_init() function, but the generated key contained only 128
bits of data while other 128 bits are in 0.
Enables KaY to generate full 256-bit SAK from the same 128-bit CAK. Note
that this does not support 256-bit CAK or AES-CMAC-256 -based KDF.
Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
Diffstat (limited to 'src/pae/ieee802_1x_key.c')
| -rw-r--r-- | src/pae/ieee802_1x_key.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c index 9a8d923..4049fd3 100644 --- a/src/pae/ieee802_1x_key.c +++ b/src/pae/ieee802_1x_key.c @@ -183,7 +183,8 @@ int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg, * SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength) */ int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx, - size_t ctx_bytes, u8 *sak) + size_t ctx_bytes, u8 *sak, size_t sak_bytes) { - return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, 128, sak); + return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, + sak_bytes * 8, sak); } |