7 Commits

Author	SHA1	Message	Date
Jouni Malinen	7251f0badc	mka: Extend CAK/CKN-from-EAP-MSK API to pass in MSK length ... This can be used to allow 256-bit key hierarchy to be derived from EAP-based authentication. For now, the MSK length is hardcoded to 128 bits, so the previous behavior is maintained. Signed-off-by: Jouni Malinen <j@w1.fi>	2018-12-26 16:44:58 +02:00
Jouni Malinen	b452a76e54	mka: ICV calculation using 256-bit ICK ... Add support for using AES-CMAC with 256-bit key (ICK) to calculate ICV. Signed-off-by: Jouni Malinen <j@w1.fi>	2018-12-26 16:44:58 +02:00
Jouni Malinen	7c3d1cc040	mka: Support 256-bit ICK derivation ... Support derivation of a 256-bit ICK and use of a 256-bit CAK in ICK derivation. Signed-off-by: Jouni Malinen <j@w1.fi>	2018-12-26 16:44:58 +02:00
Jouni Malinen	175ebc1f7a	mka: Support 256-bit KEK derivation ... Support derivation of a 256-bit KEK and use of a 256-bit CAK in KEK derivation. Signed-off-by: Jouni Malinen <j@w1.fi>	2018-12-26 16:44:58 +02:00
Jouni Malinen	9b4a266694	mka: Support 256-bit CAK in SAK derivation ... Pass the configured CAK length to SAK derivation instead of using hardcoded 128-bit length. Signed-off-by: Jouni Malinen <j@w1.fi>	2018-12-26 16:42:26 +02:00
Andrey Kartashev	c1576d44a8	mka: Support for 256-bit SAK generation ... There is already partial support of GCM-AES-256. It is possible to enable this mode by setting 'kay->macsec_csindex = 1;' in ieee802_1x_kay_init() function, but the generated key contained only 128 bits of data while other 128 bits are in 0. Enables KaY to generate full 256-bit SAK from the same 128-bit CAK. Note that this does not support 256-bit CAK or AES-CMAC-256 -based KDF. Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>	2018-12-26 16:42:25 +02:00
Hu Wang	887d9d01ab	MACsec: Add PAE implementation ... This adds initial implementation of IEEE Std 802.1X-2010 PAE for MACsec. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>	2014-05-09 20:42:44 +03:00