diff options
| author | Jouni Malinen <j@w1.fi> | 2018-12-26 10:20:57 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2018-12-26 14:42:26 (GMT) |
| commit | 9b4a26669486d3a0d28f96062d6718f8fe2a2b38 (patch) | |
| tree | 8610c756f42fc369f70bcda2eda63c38d24982cc /src | |
| parent | 9dd701c12e3a1084d2480aefe748ae095adc026e (diff) | |
| download | hostap-9b4a26669486d3a0d28f96062d6718f8fe2a2b38.zip hostap-9b4a26669486d3a0d28f96062d6718f8fe2a2b38.tar.gz hostap-9b4a26669486d3a0d28f96062d6718f8fe2a2b38.tar.bz2 | |
mka: Support 256-bit CAK in SAK derivation
Pass the configured CAK length to SAK derivation instead of using
hardcoded 128-bit length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
| -rw-r--r-- | src/pae/ieee802_1x_kay.c | 7 | ||||
| -rw-r--r-- | src/pae/ieee802_1x_key.c | 8 | ||||
| -rw-r--r-- | src/pae/ieee802_1x_key.h | 5 |
3 files changed, 10 insertions, 10 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 3b4c79b..74b2c84 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -2082,9 +2082,10 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant) os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn)); if (key_len == 16 || key_len == 32) { - if (ieee802_1x_sak_128bits_aes_cmac(participant->cak.key, - context, ctx_len, - key, key_len)) { + if (ieee802_1x_sak_aes_cmac(participant->cak.key, + participant->cak.len, + context, ctx_len, + key, key_len)) { wpa_printf(MSG_ERROR, "KaY: Failed to generate SAK"); goto fail; } diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c index e5c76df..2d6d033 100644 --- a/src/pae/ieee802_1x_key.c +++ b/src/pae/ieee802_1x_key.c @@ -187,14 +187,14 @@ int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg, /** - * ieee802_1x_sak_128bits_aes_cmac + * ieee802_1x_sak_aes_cmac * * IEEE Std 802.1X-2010, 9.8.1 * SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength) */ -int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx, - size_t ctx_bytes, u8 *sak, size_t sak_bytes) +int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx, + size_t ctx_bytes, u8 *sak, size_t sak_bytes) { - return aes_kdf(cak, 128, "IEEE8021 SAK", ctx, ctx_bytes * 8, + return aes_kdf(cak, cak_bytes * 8, "IEEE8021 SAK", ctx, ctx_bytes * 8, sak_bytes * 8, sak); } diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h index 20730d5..1e464c4 100644 --- a/src/pae/ieee802_1x_key.h +++ b/src/pae/ieee802_1x_key.h @@ -20,8 +20,7 @@ int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn, size_t ckn_bytes, u8 *ick); int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg, size_t msg_bytes, u8 *icv); -int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx, - size_t ctx_bytes, u8 *sak, - size_t sak_bytes); +int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx, + size_t ctx_bytes, u8 *sak, size_t sak_bytes); #endif /* IEEE802_1X_KEY_H */ |