Message ID | 20181102180220.20948-6-a.s.kartashev@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/8] wpa_debug: Support hexdump_ascii outputting into syslog | expand |
On Fri, Nov 02, 2018 at 07:02:18PM +0100, Andrey Kartashev wrote: > There is already partial support of GCM-AES-256. It is possible to > enable this mode by setting 'kay->macsec_csindex = 1;' in > ieee802_1x_kay_init() function, but generated key contain only 128 bits > of data while other 128 bits are in 0. > This patch enables KaY to generate full 256bit key from same 128bit CAK. This does not correct to me, i.e., I would expect GCM-AES-256 to use 256-bit keys throughout the key hierarchy. In other words, also CAK would be 256 bits in that case.. Anyway, I did apply this and then added number of other changes to extend the key derivation functions to support both key lengths. The PSK case can now configure a 256-bit CAK. For EAP, an additional configuration parameter might be needed unless the CAK length is indicated somewhere (did not find it yet based on a quick search through the standard).
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index a4771b792..3a31bdf93 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -2039,12 +2039,12 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant) ctx_offset += sizeof(participant->mi); os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn)); - if (key_len == 16) { - ieee802_1x_sak_128bits_aes_cmac(participant->cak.key, - context, ctx_len, key); - } else if (key_len == 32) { - ieee802_1x_sak_128bits_aes_cmac(participant->cak.key, - context, ctx_len, key); + if ((key_len == 16)||(key_len == 32)) { + if (ieee802_1x_sak_128bits_aes_cmac(participant->cak.key, + context, ctx_len, key, key_len)) { + wpa_printf(MSG_ERROR, "KaY: Failed to generate SAK"); + goto fail; + } } else { wpa_printf(MSG_ERROR, "KaY: SAK Length not support"); goto fail; diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c index 9a8d923d1..3ed9d1645 100644 --- a/src/pae/ieee802_1x_key.c +++ b/src/pae/ieee802_1x_key.c @@ -183,7 +183,9 @@ int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg, * SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength) */ int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx, - size_t ctx_bytes, u8 *sak) + size_t ctx_bytes, u8 *sak, size_t sak_bytes) { - return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, 128, sak); + return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, + sak_bytes * 8, sak); } + diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h index ea318ea4d..1be5df07e 100644 --- a/src/pae/ieee802_1x_key.h +++ b/src/pae/ieee802_1x_key.h @@ -21,6 +21,6 @@ int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn, int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg, size_t msg_bytes, u8 *icv); int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx, - size_t ctx_bytes, u8 *sak); + size_t ctx_bytes, u8 *sak, size_t sak_bytes); #endif /* IEEE802_1X_KEY_H */