aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-12-26 10:39:21 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-26 14:44:58 (GMT)
commit7c3d1cc040d60cab56fb7558b359454ab6cb8744 (patch)
tree42fb9762e3e856ee0724d3c74b3bbe8494039364 /src
parent175ebc1f7a2736db5f9652697de8f032fad8077d (diff)
downloadhostap-7c3d1cc040d60cab56fb7558b359454ab6cb8744.zip
hostap-7c3d1cc040d60cab56fb7558b359454ab6cb8744.tar.gz
hostap-7c3d1cc040d60cab56fb7558b359454ab6cb8744.tar.bz2
mka: Support 256-bit ICK derivation
Support derivation of a 256-bit ICK and use of a 256-bit CAK in ICK derivation. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/pae/ieee802_1x_kay.c6
-rw-r--r--src/pae/ieee802_1x_kay_i.h4
-rw-r--r--src/pae/ieee802_1x_key.c11
-rw-r--r--src/pae/ieee802_1x_key.h4
4 files changed, 15 insertions, 10 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 259c8cc..7f38e0d 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -73,7 +73,7 @@ static struct mka_alg mka_alg_tbl[] = {
.cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
.ckn_trfm = ieee802_1x_ckn_128bits_aes_cmac,
.kek_trfm = ieee802_1x_kek_aes_cmac,
- .ick_trfm = ieee802_1x_ick_128bits_aes_cmac,
+ .ick_trfm = ieee802_1x_ick_aes_cmac,
.icv_hash = ieee802_1x_icv_128bits_aes_cmac,
.index = 1,
@@ -3546,9 +3546,11 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
/* to derive ICK from CAK and CKN */
participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
+ participant->cak.len,
participant->ckn.name,
participant->ckn.len,
- participant->ick.key)) {
+ participant->ick.key,
+ participant->ick.len)) {
wpa_printf(MSG_ERROR, "KaY: Derived ICK failed");
goto fail;
}
diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
index 024ffac..b4eb9d2 100644
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -77,7 +77,9 @@ struct mka_alg {
int (*kek_trfm)(const u8 *cak, size_t cak_bytes,
const u8 *ckn, size_t ckn_len,
u8 *kek, size_t kek_bytes);
- int (*ick_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *ick);
+ int (*ick_trfm)(const u8 *cak, size_t cak_bytes,
+ const u8 *ckn, size_t ckn_len,
+ u8 *ick, size_t ick_bytes);
int (*icv_hash)(const u8 *ick, const u8 *msg, size_t msg_len, u8 *icv);
int index; /* index for configuring */
diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c
index d43cb91..fe27e2c 100644
--- a/src/pae/ieee802_1x_key.c
+++ b/src/pae/ieee802_1x_key.c
@@ -151,13 +151,13 @@ int ieee802_1x_kek_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
/**
- * ieee802_1x_ick_128bits_aes_cmac
+ * ieee802_1x_ick_aes_cmac
*
* IEEE Std 802.1X-2010, 9.3.3
* ICK = KDF(Key, Label, Keyid, ICKLength)
*/
-int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
- size_t ckn_bytes, u8 *ick)
+int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
+ size_t ckn_bytes, u8 *ick, size_t ick_bytes)
{
u8 context[16];
@@ -165,8 +165,9 @@ int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
os_memset(context, 0, sizeof(context));
os_memcpy(context, ckn, (ckn_bytes < 16) ? ckn_bytes : 16);
- return aes_kdf(cak, 128, "IEEE8021 ICK", context, sizeof(context) * 8,
- 128, ick);
+ return aes_kdf(cak, 8 *cak_bytes, "IEEE8021 ICK",
+ context, sizeof(context) * 8,
+ 8 * ick_bytes, ick);
}
diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h
index e77a816..70f912c 100644
--- a/src/pae/ieee802_1x_key.h
+++ b/src/pae/ieee802_1x_key.h
@@ -16,8 +16,8 @@ int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
size_t sid_bytes, u8 *ckn);
int ieee802_1x_kek_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
size_t ckn_bytes, u8 *kek, size_t kek_bytes);
-int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
- size_t ckn_bytes, u8 *ick);
+int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
+ size_t ckn_bytes, u8 *ick, size_t ick_bytes);
int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
size_t msg_bytes, u8 *icv);
int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx,