mka: Extend CAK/CKN-from-EAP-MSK API to pass in MSK length
This can be used to allow 256-bit key hierarchy to be derived from EAP-based authentication. For now, the MSK length is hardcoded to 128 bits, so the previous behavior is maintained. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
871439b5d5
commit
7251f0badc
5 changed files with 26 additions and 27 deletions
|
@ -66,8 +66,8 @@ static struct mka_alg mka_alg_tbl[] = {
|
||||||
|
|
||||||
.icv_len = DEFAULT_ICV_LEN,
|
.icv_len = DEFAULT_ICV_LEN,
|
||||||
|
|
||||||
.cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
|
.cak_trfm = ieee802_1x_cak_aes_cmac,
|
||||||
.ckn_trfm = ieee802_1x_ckn_128bits_aes_cmac,
|
.ckn_trfm = ieee802_1x_ckn_aes_cmac,
|
||||||
.kek_trfm = ieee802_1x_kek_aes_cmac,
|
.kek_trfm = ieee802_1x_kek_aes_cmac,
|
||||||
.ick_trfm = ieee802_1x_ick_aes_cmac,
|
.ick_trfm = ieee802_1x_ick_aes_cmac,
|
||||||
.icv_hash = ieee802_1x_icv_aes_cmac,
|
.icv_hash = ieee802_1x_icv_aes_cmac,
|
||||||
|
|
|
@ -68,9 +68,10 @@ struct mka_alg {
|
||||||
u8 parameter[4];
|
u8 parameter[4];
|
||||||
size_t icv_len;
|
size_t icv_len;
|
||||||
|
|
||||||
int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);
|
int (*cak_trfm)(const u8 *msk, size_t msk_bytes, const u8 *mac1,
|
||||||
int (*ckn_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2,
|
const u8 *mac2, u8 *cak, size_t cak_bytes);
|
||||||
const u8 *sid, size_t sid_len, u8 *ckn);
|
int (*ckn_trfm)(const u8 *msk, size_t msk_bytes, const u8 *mac1,
|
||||||
|
const u8 *mac2, const u8 *sid, size_t sid_len, u8 *ckn);
|
||||||
int (*kek_trfm)(const u8 *cak, size_t cak_bytes,
|
int (*kek_trfm)(const u8 *cak, size_t cak_bytes,
|
||||||
const u8 *ckn, size_t ckn_len,
|
const u8 *ckn, size_t ckn_len,
|
||||||
u8 *kek, size_t kek_bytes);
|
u8 *kek, size_t kek_bytes);
|
||||||
|
|
|
@ -82,33 +82,32 @@ static int aes_kdf(const u8 *kdk, size_t kdk_bits,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/********** AES-CMAC-128 **********/
|
|
||||||
/**
|
/**
|
||||||
* ieee802_1x_cak_128bits_aes_cmac
|
* ieee802_1x_cak_aes_cmac
|
||||||
*
|
*
|
||||||
* IEEE Std 802.1X-2010, 6.2.2
|
* IEEE Std 802.1X-2010, 6.2.2
|
||||||
* CAK = KDF(Key, Label, mac1 | mac2, CAKlength)
|
* CAK = KDF(Key, Label, mac1 | mac2, CAKlength)
|
||||||
*/
|
*/
|
||||||
int ieee802_1x_cak_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
|
int ieee802_1x_cak_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
|
||||||
const u8 *mac2, u8 *cak)
|
const u8 *mac2, u8 *cak, size_t cak_bytes)
|
||||||
{
|
{
|
||||||
u8 context[2 * ETH_ALEN];
|
u8 context[2 * ETH_ALEN];
|
||||||
|
|
||||||
joint_two_mac(mac1, mac2, context);
|
joint_two_mac(mac1, mac2, context);
|
||||||
return aes_kdf(msk, 128, "IEEE8021 EAP CAK",
|
return aes_kdf(msk, 8 * msk_bytes, "IEEE8021 EAP CAK",
|
||||||
context, sizeof(context) * 8, 128, cak);
|
context, sizeof(context) * 8, 8 * cak_bytes, cak);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ieee802_1x_ckn_128bits_aes_cmac
|
* ieee802_1x_ckn_aes_cmac
|
||||||
*
|
*
|
||||||
* IEEE Std 802.1X-2010, 6.2.2
|
* IEEE Std 802.1X-2010, 6.2.2
|
||||||
* CKN = KDF(Key, Label, ID | mac1 | mac2, CKNlength)
|
* CKN = KDF(Key, Label, ID | mac1 | mac2, CKNlength)
|
||||||
*/
|
*/
|
||||||
int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
|
int ieee802_1x_ckn_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
|
||||||
const u8 *mac2, const u8 *sid,
|
const u8 *mac2, const u8 *sid,
|
||||||
size_t sid_bytes, u8 *ckn)
|
size_t sid_bytes, u8 *ckn)
|
||||||
{
|
{
|
||||||
int res;
|
int res;
|
||||||
u8 *context;
|
u8 *context;
|
||||||
|
@ -122,8 +121,8 @@ int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
|
||||||
os_memcpy(context, sid, sid_bytes);
|
os_memcpy(context, sid, sid_bytes);
|
||||||
joint_two_mac(mac1, mac2, context + sid_bytes);
|
joint_two_mac(mac1, mac2, context + sid_bytes);
|
||||||
|
|
||||||
res = aes_kdf(msk, 128, "IEEE8021 EAP CKN", context, ctx_len * 8,
|
res = aes_kdf(msk, 8 * msk_bytes, "IEEE8021 EAP CKN",
|
||||||
128, ckn);
|
context, ctx_len * 8, 128, ckn);
|
||||||
os_free(context);
|
os_free(context);
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,11 +9,11 @@
|
||||||
#ifndef IEEE802_1X_KEY_H
|
#ifndef IEEE802_1X_KEY_H
|
||||||
#define IEEE802_1X_KEY_H
|
#define IEEE802_1X_KEY_H
|
||||||
|
|
||||||
int ieee802_1x_cak_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
|
int ieee802_1x_cak_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
|
||||||
const u8 *mac2, u8 *cak);
|
const u8 *mac2, u8 *cak, size_t cak_bytes);
|
||||||
int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
|
int ieee802_1x_ckn_aes_cmac(const u8 *msk, size_t msk_bytes, const u8 *mac1,
|
||||||
const u8 *mac2, const u8 *sid,
|
const u8 *mac2, const u8 *sid,
|
||||||
size_t sid_bytes, u8 *ckn);
|
size_t sid_bytes, u8 *ckn);
|
||||||
int ieee802_1x_kek_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
|
int ieee802_1x_kek_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
|
||||||
size_t ckn_bytes, u8 *kek, size_t kek_bytes);
|
size_t ckn_bytes, u8 *kek, size_t kek_bytes);
|
||||||
int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
|
int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
|
||||||
|
|
|
@ -357,8 +357,8 @@ void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
|
||||||
|
|
||||||
/* Derive CAK from MSK */
|
/* Derive CAK from MSK */
|
||||||
cak->len = DEFAULT_KEY_LEN;
|
cak->len = DEFAULT_KEY_LEN;
|
||||||
if (ieee802_1x_cak_128bits_aes_cmac(msk->key, wpa_s->own_addr,
|
if (ieee802_1x_cak_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
|
||||||
peer_addr, cak->key)) {
|
peer_addr, cak->key, cak->len)) {
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
"IEEE 802.1X: Deriving CAK failed");
|
"IEEE 802.1X: Deriving CAK failed");
|
||||||
goto fail;
|
goto fail;
|
||||||
|
@ -367,9 +367,8 @@ void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
|
||||||
|
|
||||||
/* Derive CKN from MSK */
|
/* Derive CKN from MSK */
|
||||||
ckn->len = DEFAULT_CKN_LEN;
|
ckn->len = DEFAULT_CKN_LEN;
|
||||||
if (ieee802_1x_ckn_128bits_aes_cmac(msk->key, wpa_s->own_addr,
|
if (ieee802_1x_ckn_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
|
||||||
peer_addr, sid, sid_len,
|
peer_addr, sid, sid_len, ckn->name)) {
|
||||||
ckn->name)) {
|
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
"IEEE 802.1X: Deriving CKN failed");
|
"IEEE 802.1X: Deriving CKN failed");
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
Loading…
Reference in a new issue