| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
This can be used to allow 256-bit key hierarchy to be derived from
EAP-based authentication. For now, the MSK length is hardcoded to 128
bits, so the previous behavior is maintained.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
| |
Add support for using AES-CMAC with 256-bit key (ICK) to calculate ICV.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
| |
Support derivation of a 256-bit ICK and use of a 256-bit CAK in ICK
derivation.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
| |
Support derivation of a 256-bit KEK and use of a 256-bit CAK in KEK
derivation.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
| |
Pass the configured CAK length to SAK derivation instead of using
hardcoded 128-bit length.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
| |
Extend the previously implemented KDF (IEEE Std 802.1X-2010, 6.2.1) to
support 256-bit input key and AES-CMAC-256. This does not change any
actual key derivation functionality yet, but is needed as a step towards
supporting 256-bit CAK.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is already partial support of GCM-AES-256. It is possible to
enable this mode by setting 'kay->macsec_csindex = 1;' in
ieee802_1x_kay_init() function, but the generated key contained only 128
bits of data while other 128 bits are in 0.
Enables KaY to generate full 256-bit SAK from the same 128-bit CAK. Note
that this does not support 256-bit CAK or AES-CMAC-256 -based KDF.
Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
|
|
|
This adds initial implementation of IEEE Std 802.1X-2010 PAE for MACsec.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
