From 9b4a26669486d3a0d28f96062d6718f8fe2a2b38 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 26 Dec 2018 12:20:57 +0200 Subject: [PATCH] mka: Support 256-bit CAK in SAK derivation Pass the configured CAK length to SAK derivation instead of using hardcoded 128-bit length. Signed-off-by: Jouni Malinen --- src/pae/ieee802_1x_kay.c | 7 ++++--- src/pae/ieee802_1x_key.c | 8 ++++---- src/pae/ieee802_1x_key.h | 5 ++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 3b4c79b0f..74b2c843b 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -2082,9 +2082,10 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant) os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn)); if (key_len == 16 || key_len == 32) { - if (ieee802_1x_sak_128bits_aes_cmac(participant->cak.key, - context, ctx_len, - key, key_len)) { + if (ieee802_1x_sak_aes_cmac(participant->cak.key, + participant->cak.len, + context, ctx_len, + key, key_len)) { wpa_printf(MSG_ERROR, "KaY: Failed to generate SAK"); goto fail; } diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c index e5c76df10..2d6d03339 100644 --- a/src/pae/ieee802_1x_key.c +++ b/src/pae/ieee802_1x_key.c @@ -187,14 +187,14 @@ int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg, /** - * ieee802_1x_sak_128bits_aes_cmac + * ieee802_1x_sak_aes_cmac * * IEEE Std 802.1X-2010, 9.8.1 * SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength) */ -int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx, - size_t ctx_bytes, u8 *sak, size_t sak_bytes) +int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx, + size_t ctx_bytes, u8 *sak, size_t sak_bytes) { - return aes_kdf(cak, 128, "IEEE8021 SAK", ctx, ctx_bytes * 8, + return aes_kdf(cak, cak_bytes * 8, "IEEE8021 SAK", ctx, ctx_bytes * 8, sak_bytes * 8, sak); } diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h index 20730d5a4..1e464c451 100644 --- a/src/pae/ieee802_1x_key.h +++ b/src/pae/ieee802_1x_key.h @@ -20,8 +20,7 @@ int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn, size_t ckn_bytes, u8 *ick); int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg, size_t msg_bytes, u8 *icv); -int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx, - size_t ctx_bytes, u8 *sak, - size_t sak_bytes); +int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx, + size_t ctx_bytes, u8 *sak, size_t sak_bytes); #endif /* IEEE802_1X_KEY_H */