mka: ICV calculation using 256-bit ICK

author Jouni Malinen <j@w1.fi>

Wed, 26 Dec 2018 14:18:00 +0000 (16:18 +0200)

committer Jouni Malinen <j@w1.fi>

Wed, 26 Dec 2018 14:44:58 +0000 (16:44 +0200)
author Jouni Malinen <j@w1.fi>
Wed, 26 Dec 2018 14:18:00 +0000 (16:18 +0200)
committer Jouni Malinen <j@w1.fi>
Wed, 26 Dec 2018 14:44:58 +0000 (16:44 +0200)
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c

index 7f38e0d6b64c8de48f2c75c7e10397f3f9f8c7ac..8176c9db24a49f208ed7b4f95e9854e65357ca43 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -74,7 +74,7 @@ static struct mka_alg mka_alg_tbl[] = {
                 .ckn_trfm = ieee802_1x_ckn_128bits_aes_cmac,
                 .kek_trfm = ieee802_1x_kek_aes_cmac,
                 .ick_trfm = ieee802_1x_ick_aes_cmac,
-               .icv_hash = ieee802_1x_icv_128bits_aes_cmac,
+               .icv_hash = ieee802_1x_icv_aes_cmac,
  
                 .index = 1,
         },
@@ -1782,8 +1782,9 @@ ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
         }
  
         if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
-                   participant->ick.key, wpabuf_head(buf), buf->used, cmac)) {
-               wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
+                   participant->ick.key, participant->ick.len,
+                   wpabuf_head(buf), wpabuf_len(buf), cmac)) {
+               wpa_printf(MSG_ERROR, "KaY: failed to calculate ICV");
                 return -1;
         }
  
@@ -3029,9 +3030,9 @@ static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
          * packet body length.
          */
         if (mka_alg_tbl[kay->mka_algindex].icv_hash(
-                   participant->ick.key,
+                   participant->ick.key, participant->ick.len,
                     buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
-               wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
+               wpa_printf(MSG_ERROR, "KaY: failed to calculate ICV");
                 return -1;
         }
  
diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h

index b4eb9d26f646690d100ac40b41a572cc22164c04..7ae435583e4fae37f42866fa1a55322704231123 100644 (file)
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -80,7 +80,8 @@ struct mka_alg {
         int (*ick_trfm)(const u8 *cak, size_t cak_bytes,
                         const u8 *ckn, size_t ckn_len,
                         u8 *ick, size_t ick_bytes);
-       int (*icv_hash)(const u8 *ick, const u8 *msg, size_t msg_len, u8 *icv);
+       int (*icv_hash)(const u8 *ick, size_t ick_bytes,
+                       const u8 *msg, size_t msg_len, u8 *icv);
  
         int index; /* index for configuring */
  };
diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c

index fe27e2c0ad059c33293580356f2e898acc6b4f60..4fafba83a23a4a649196fb50d00f46e89236861d 100644 (file)
--- a/src/pae/ieee802_1x_key.c
+++ b/src/pae/ieee802_1x_key.c
@@ -172,16 +172,25 @@ int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
  
  
  /**
- * ieee802_1x_icv_128bits_aes_cmac
+ * ieee802_1x_icv_aes_cmac
   *
   * IEEE Std 802.1X-2010, 9.4.1
   * ICV = AES-CMAC(ICK, M, 128)
   */
-int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
-                                   size_t msg_bytes, u8 *icv)
+int ieee802_1x_icv_aes_cmac(const u8 *ick, size_t ick_bytes, const u8 *msg,
+                           size_t msg_bytes, u8 *icv)
  {
-       if (omac1_aes_128(ick, msg, msg_bytes, icv)) {
-               wpa_printf(MSG_ERROR, "MKA: omac1_aes_128 failed");
+       int res;
+
+       if (ick_bytes == 16)
+               res = omac1_aes_128(ick, msg, msg_bytes, icv);
+       else if (ick_bytes == 32)
+               res = omac1_aes_256(ick, msg, msg_bytes, icv);
+       else
+               return -1;
+       if (res) {
+               wpa_printf(MSG_ERROR,
+                          "MKA: AES-CMAC failed for ICV calculation");
                 return -1;
         }
         return 0;
diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h

index 70f912c077efd9f536c66567e1126f2ca29a6033..dc6603a17e30afbb6955ace3ea5a8f242b7f39e7 100644 (file)
--- a/src/pae/ieee802_1x_key.h
+++ b/src/pae/ieee802_1x_key.h
@@ -18,8 +18,8 @@ int ieee802_1x_kek_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
                             size_t ckn_bytes, u8 *kek, size_t kek_bytes);
  int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
                             size_t ckn_bytes, u8 *ick, size_t ick_bytes);
-int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
-                                   size_t msg_bytes, u8 *icv);
+int ieee802_1x_icv_aes_cmac(const u8 *ick, size_t ick_bytes, const u8 *msg,
+                           size_t msg_bytes, u8 *icv);
  int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx,
                             size_t ctx_bytes, u8 *sak, size_t sak_bytes);
author	Jouni Malinen <j@w1.fi>
	Wed, 26 Dec 2018 14:18:00 +0000 (16:18 +0200)
committer	Jouni Malinen <j@w1.fi>
	Wed, 26 Dec 2018 14:44:58 +0000 (16:44 +0200)
src/pae/ieee802_1x_kay.c		patch \| blob \| blame \| history
src/pae/ieee802_1x_kay_i.h		patch \| blob \| blame \| history
src/pae/ieee802_1x_key.c		patch \| blob \| blame \| history
src/pae/ieee802_1x_key.h		patch \| blob \| blame \| history