aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-12-26 14:28:27 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-26 14:44:58 (GMT)
commit7a29984888f80e6c92d88fc4a4096e560ab6fd75 (patch)
tree63987d81b9c3cdfc1d2d7e3cf757d03359cb3f79 /src
parent73111a63ccb8a6da4b9fe1a24df191ac9dba2ba0 (diff)
downloadhostap-7a29984888f80e6c92d88fc4a4096e560ab6fd75.zip
hostap-7a29984888f80e6c92d88fc4a4096e560ab6fd75.tar.gz
hostap-7a29984888f80e6c92d88fc4a4096e560ab6fd75.tar.bz2
mka: Allow CAK length 32 (256-bit) to be initialized
The CAK length is not hardcoded in the algorithm agility parameter, so remove that from the table. Instead, allow both 16 (128-bit) and 32 (256-bit) CAK to be used so that the following key derivations use appropriate key lengths based on the configured/derived CAK. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/pae/ieee802_1x_kay.c6
-rw-r--r--src/pae/ieee802_1x_kay_i.h1
2 files changed, 3 insertions, 4 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index a0209f1..3127bf6 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -64,7 +64,6 @@ static struct mka_alg mka_alg_tbl[] = {
{
.parameter = MKA_ALGO_AGILITY_2009,
- .cak_len = DEFAULT_ICV_LEN,
.icv_len = DEFAULT_ICV_LEN,
.cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
@@ -3437,8 +3436,9 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
return NULL;
}
- if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
- wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
+ if (cak->len != 16 && cak->len != 32) {
+ wpa_printf(MSG_ERROR, "KaY: Unexpected CAK length %u",
+ (unsigned int) cak->len);
return NULL;
}
if (ckn->len > MAX_CKN_LEN) {
diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
index 6650a1a..9799f62 100644
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -66,7 +66,6 @@ struct macsec_ciphersuite {
struct mka_alg {
u8 parameter[4];
- size_t cak_len;
size_t icv_len;
int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);