mka: Support for 256-bit SAK generation

There is already partial support of GCM-AES-256. It is possible to
enable this mode by setting 'kay->macsec_csindex = 1;' in
ieee802_1x_kay_init() function, but the generated key contained only 128
bits of data while other 128 bits are in 0.

Enables KaY to generate full 256-bit SAK from the same 128-bit CAK. Note
that this does not support 256-bit CAK or AES-CMAC-256 -based KDF.

Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 0e7f0f31ac6ec94d698c6d6a3b7067056b0086fc..92f2bd329cc7ce06bedece73119be3d4fb6a9cfb 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -2073,12 +2073,13 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
        ctx_offset += sizeof(participant->mi);
        os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
 
-       if (key_len == 16) {
-               ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
-                                               context, ctx_len, key);
-       } else if (key_len == 32) {
-               ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
-                                               context, ctx_len, key);
+       if (key_len == 16 || key_len == 32) {
+               if (ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
+                                                   context, ctx_len,
+                                                   key, key_len)) {
+                       wpa_printf(MSG_ERROR, "KaY: Failed to generate SAK");
+                       goto fail;
+               }
        } else {
                wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
                goto fail;

diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c
index 9a8d923d14f18f8ecac904decac68d56c0905ed7..4049fd3a4f26eed63bc01bafcadadd8e48118d05 100644 (file)
--- a/src/pae/ieee802_1x_key.c
+++ b/src/pae/ieee802_1x_key.c
@@ -183,7 +183,8 @@ int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
  * SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength)
  */
 int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
-                                   size_t ctx_bytes, u8 *sak)
+                                   size_t ctx_bytes, u8 *sak, size_t sak_bytes)
 {
-       return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, 128, sak);
+       return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8,
+                          sak_bytes * 8, sak);
 }

diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h
index ea318ea4dde3f1ed6b3e845fa04b8ee0e6fac080..20730d5a4a65ac5d205fac2f047b9b63dd1d9f9d 100644 (file)
--- a/src/pae/ieee802_1x_key.h
+++ b/src/pae/ieee802_1x_key.h
@@ -21,6 +21,7 @@ int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
 int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
                                    size_t msg_bytes, u8 *icv);
 int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
-                                   size_t ctx_bytes, u8 *sak);
+                                   size_t ctx_bytes, u8 *sak,
+                                   size_t sak_bytes);
 
 #endif /* IEEE802_1X_KEY_H */