aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorAndrey Kartashev <andrey.kartashev@afconsult.com>2018-11-02 18:02:18 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-26 14:42:25 (GMT)
commitc1576d44a839b4e75c8797b1b44b9463d2dfa189 (patch)
tree97f1f5b7206c26b8658168eb79026bd615c7a65c /src
parentc9c93e7a2414c78a0db4008e3c80c2173eb84942 (diff)
downloadhostap-c1576d44a839b4e75c8797b1b44b9463d2dfa189.zip
hostap-c1576d44a839b4e75c8797b1b44b9463d2dfa189.tar.gz
hostap-c1576d44a839b4e75c8797b1b44b9463d2dfa189.tar.bz2
mka: Support for 256-bit SAK generation
There is already partial support of GCM-AES-256. It is possible to enable this mode by setting 'kay->macsec_csindex = 1;' in ieee802_1x_kay_init() function, but the generated key contained only 128 bits of data while other 128 bits are in 0. Enables KaY to generate full 256-bit SAK from the same 128-bit CAK. Note that this does not support 256-bit CAK or AES-CMAC-256 -based KDF. Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
Diffstat (limited to 'src')
-rw-r--r--src/pae/ieee802_1x_kay.c13
-rw-r--r--src/pae/ieee802_1x_key.c5
-rw-r--r--src/pae/ieee802_1x_key.h3
3 files changed, 12 insertions, 9 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 0e7f0f3..92f2bd3 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -2073,12 +2073,13 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
ctx_offset += sizeof(participant->mi);
os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
- if (key_len == 16) {
- ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
- context, ctx_len, key);
- } else if (key_len == 32) {
- ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
- context, ctx_len, key);
+ if (key_len == 16 || key_len == 32) {
+ if (ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
+ context, ctx_len,
+ key, key_len)) {
+ wpa_printf(MSG_ERROR, "KaY: Failed to generate SAK");
+ goto fail;
+ }
} else {
wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
goto fail;
diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c
index 9a8d923..4049fd3 100644
--- a/src/pae/ieee802_1x_key.c
+++ b/src/pae/ieee802_1x_key.c
@@ -183,7 +183,8 @@ int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
* SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength)
*/
int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
- size_t ctx_bytes, u8 *sak)
+ size_t ctx_bytes, u8 *sak, size_t sak_bytes)
{
- return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, 128, sak);
+ return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8,
+ sak_bytes * 8, sak);
}
diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h
index ea318ea..20730d5 100644
--- a/src/pae/ieee802_1x_key.h
+++ b/src/pae/ieee802_1x_key.h
@@ -21,6 +21,7 @@ int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
size_t msg_bytes, u8 *icv);
int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
- size_t ctx_bytes, u8 *sak);
+ size_t ctx_bytes, u8 *sak,
+ size_t sak_bytes);
#endif /* IEEE802_1X_KEY_H */