aboutsummaryrefslogtreecommitdiffstats
path: root/src/pae/ieee802_1x_key.c
Commit message (Collapse)AuthorAgeFilesLines
* mka: Extend CAK/CKN-from-EAP-MSK API to pass in MSK lengthJouni Malinen2018-12-261-12/+11
| | | | | | | | This can be used to allow 256-bit key hierarchy to be derived from EAP-based authentication. For now, the MSK length is hardcoded to 128 bits, so the previous behavior is maintained. Signed-off-by: Jouni Malinen <j@w1.fi>
* mka: ICV calculation using 256-bit ICKJouni Malinen2018-12-261-5/+14
| | | | | | Add support for using AES-CMAC with 256-bit key (ICK) to calculate ICV. Signed-off-by: Jouni Malinen <j@w1.fi>
* mka: Support 256-bit ICK derivationJouni Malinen2018-12-261-5/+6
| | | | | | | Support derivation of a 256-bit ICK and use of a 256-bit CAK in ICK derivation. Signed-off-by: Jouni Malinen <j@w1.fi>
* mka: Support 256-bit KEK derivationJouni Malinen2018-12-261-5/+6
| | | | | | | Support derivation of a 256-bit KEK and use of a 256-bit CAK in KEK derivation. Signed-off-by: Jouni Malinen <j@w1.fi>
* mka: Support 256-bit CAK in SAK derivationJouni Malinen2018-12-261-4/+4
| | | | | | | Pass the configured CAK length to SAK derivation instead of using hardcoded 128-bit length. Signed-off-by: Jouni Malinen <j@w1.fi>
* mka: AES-CMAC-256 -based KDFJouni Malinen2018-12-261-13/+23
| | | | | | | | | Extend the previously implemented KDF (IEEE Std 802.1X-2010, 6.2.1) to support 256-bit input key and AES-CMAC-256. This does not change any actual key derivation functionality yet, but is needed as a step towards supporting 256-bit CAK. Signed-off-by: Jouni Malinen <j@w1.fi>
* mka: Support for 256-bit SAK generationAndrey Kartashev2018-12-261-2/+3
| | | | | | | | | | | | There is already partial support of GCM-AES-256. It is possible to enable this mode by setting 'kay->macsec_csindex = 1;' in ieee802_1x_kay_init() function, but the generated key contained only 128 bits of data while other 128 bits are in 0. Enables KaY to generate full 256-bit SAK from the same 128-bit CAK. Note that this does not support 256-bit CAK or AES-CMAC-256 -based KDF. Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
* MACsec: Add PAE implementationHu Wang2014-05-091-0/+189
This adds initial implementation of IEEE Std 802.1X-2010 PAE for MACsec. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>