aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-12-26 10:20:57 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-26 14:42:26 (GMT)
commit9b4a26669486d3a0d28f96062d6718f8fe2a2b38 (patch)
tree8610c756f42fc369f70bcda2eda63c38d24982cc /src
parent9dd701c12e3a1084d2480aefe748ae095adc026e (diff)
downloadhostap-9b4a26669486d3a0d28f96062d6718f8fe2a2b38.zip
hostap-9b4a26669486d3a0d28f96062d6718f8fe2a2b38.tar.gz
hostap-9b4a26669486d3a0d28f96062d6718f8fe2a2b38.tar.bz2
mka: Support 256-bit CAK in SAK derivation
Pass the configured CAK length to SAK derivation instead of using hardcoded 128-bit length. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/pae/ieee802_1x_kay.c7
-rw-r--r--src/pae/ieee802_1x_key.c8
-rw-r--r--src/pae/ieee802_1x_key.h5
3 files changed, 10 insertions, 10 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 3b4c79b..74b2c84 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -2082,9 +2082,10 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
if (key_len == 16 || key_len == 32) {
- if (ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
- context, ctx_len,
- key, key_len)) {
+ if (ieee802_1x_sak_aes_cmac(participant->cak.key,
+ participant->cak.len,
+ context, ctx_len,
+ key, key_len)) {
wpa_printf(MSG_ERROR, "KaY: Failed to generate SAK");
goto fail;
}
diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c
index e5c76df..2d6d033 100644
--- a/src/pae/ieee802_1x_key.c
+++ b/src/pae/ieee802_1x_key.c
@@ -187,14 +187,14 @@ int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
/**
- * ieee802_1x_sak_128bits_aes_cmac
+ * ieee802_1x_sak_aes_cmac
*
* IEEE Std 802.1X-2010, 9.8.1
* SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength)
*/
-int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
- size_t ctx_bytes, u8 *sak, size_t sak_bytes)
+int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx,
+ size_t ctx_bytes, u8 *sak, size_t sak_bytes)
{
- return aes_kdf(cak, 128, "IEEE8021 SAK", ctx, ctx_bytes * 8,
+ return aes_kdf(cak, cak_bytes * 8, "IEEE8021 SAK", ctx, ctx_bytes * 8,
sak_bytes * 8, sak);
}
diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h
index 20730d5..1e464c4 100644
--- a/src/pae/ieee802_1x_key.h
+++ b/src/pae/ieee802_1x_key.h
@@ -20,8 +20,7 @@ int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
size_t ckn_bytes, u8 *ick);
int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
size_t msg_bytes, u8 *icv);
-int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
- size_t ctx_bytes, u8 *sak,
- size_t sak_bytes);
+int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx,
+ size_t ctx_bytes, u8 *sak, size_t sak_bytes);
#endif /* IEEE802_1X_KEY_H */