aboutsummaryrefslogtreecommitdiffstats
path: root/src/pae/ieee802_1x_key.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-12-26 14:37:49 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-26 14:44:58 (GMT)
commit7251f0badc7028448d935d3247ff53fdb5c57b54 (patch)
tree5a6412eaa901ab7d966def6402c4c4d961f223aa /src/pae/ieee802_1x_key.c
parent871439b5d5079ec88d60cc23c30d44138271bec0 (diff)
downloadhostap-7251f0badc7028448d935d3247ff53fdb5c57b54.zip
hostap-7251f0badc7028448d935d3247ff53fdb5c57b54.tar.gz
hostap-7251f0badc7028448d935d3247ff53fdb5c57b54.tar.bz2
mka: Extend CAK/CKN-from-EAP-MSK API to pass in MSK length
This can be used to allow 256-bit key hierarchy to be derived from EAP-based authentication. For now, the MSK length is hardcoded to 128 bits, so the previous behavior is maintained. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/pae/ieee802_1x_key.c')
-rw-r--r--src/pae/ieee802_1x_key.c23
1 files changed, 11 insertions, 12 deletions
diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c
index 4fafba8..d63ca7f 100644
--- a/src/pae/ieee802_1x_key.c
+++ b/src/pae/ieee802_1x_key.c
@@ -82,33 +82,32 @@ static int aes_kdf(const u8 *kdk, size_t kdk_bits,
}
-/********** AES-CMAC-128 **********/
/**
- * ieee802_1x_cak_128bits_aes_cmac
+ * ieee802_1x_cak_aes_cmac
*
* IEEE Std 802.1X-2010, 6.2.2
* CAK = KDF(Key, Label, mac1 | mac2, CAKlength)
*/
-int ieee802_1x_cak_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
- const u8 *mac2, u8 *cak)
+int ieee802_1x_cak_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
+ const u8 *mac2, u8 *cak, size_t cak_bytes)
{
u8 context[2 * ETH_ALEN];
joint_two_mac(mac1, mac2, context);
- return aes_kdf(msk, 128, "IEEE8021 EAP CAK",
- context, sizeof(context) * 8, 128, cak);
+ return aes_kdf(msk, 8 * msk_bytes, "IEEE8021 EAP CAK",
+ context, sizeof(context) * 8, 8 * cak_bytes, cak);
}
/**
- * ieee802_1x_ckn_128bits_aes_cmac
+ * ieee802_1x_ckn_aes_cmac
*
* IEEE Std 802.1X-2010, 6.2.2
* CKN = KDF(Key, Label, ID | mac1 | mac2, CKNlength)
*/
-int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
- const u8 *mac2, const u8 *sid,
- size_t sid_bytes, u8 *ckn)
+int ieee802_1x_ckn_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
+ const u8 *mac2, const u8 *sid,
+ size_t sid_bytes, u8 *ckn)
{
int res;
u8 *context;
@@ -122,8 +121,8 @@ int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
os_memcpy(context, sid, sid_bytes);
joint_two_mac(mac1, mac2, context + sid_bytes);
- res = aes_kdf(msk, 128, "IEEE8021 EAP CKN", context, ctx_len * 8,
- 128, ckn);
+ res = aes_kdf(msk, 8 * msk_bytes, "IEEE8021 EAP CKN",
+ context, ctx_len * 8, 128, ckn);
os_free(context);
return res;
}