path: root/src/pae/ieee802_1x_key.c
diff options
authorAndrey Kartashev <andrey.kartashev@afconsult.com>2018-11-02 18:02:18 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-26 14:42:25 (GMT)
commitc1576d44a839b4e75c8797b1b44b9463d2dfa189 (patch)
tree97f1f5b7206c26b8658168eb79026bd615c7a65c /src/pae/ieee802_1x_key.c
parentc9c93e7a2414c78a0db4008e3c80c2173eb84942 (diff)
mka: Support for 256-bit SAK generation
There is already partial support of GCM-AES-256. It is possible to enable this mode by setting 'kay->macsec_csindex = 1;' in ieee802_1x_kay_init() function, but the generated key contained only 128 bits of data while other 128 bits are in 0. Enables KaY to generate full 256-bit SAK from the same 128-bit CAK. Note that this does not support 256-bit CAK or AES-CMAC-256 -based KDF. Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
Diffstat (limited to 'src/pae/ieee802_1x_key.c')
1 files changed, 3 insertions, 2 deletions
diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c
index 9a8d923..4049fd3 100644
--- a/src/pae/ieee802_1x_key.c
+++ b/src/pae/ieee802_1x_key.c
@@ -183,7 +183,8 @@ int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
* SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength)
int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
- size_t ctx_bytes, u8 *sak)
+ size_t ctx_bytes, u8 *sak, size_t sak_bytes)
- return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, 128, sak);
+ return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8,
+ sak_bytes * 8, sak);