mka: ICV calculation using 256-bit ICK

Add support for using AES-CMAC with 256-bit key (ICK) to calculate ICV.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/pae/ieee802_1x_kay.c

@@ -74,7 +74,7 @@ static struct mka_alg mka_alg_tbl[] = {
 		.ckn_trfm = ieee802_1x_ckn_128bits_aes_cmac,
 		.kek_trfm = ieee802_1x_kek_aes_cmac,
 		.ick_trfm = ieee802_1x_ick_aes_cmac,
-		.icv_hash = ieee802_1x_icv_128bits_aes_cmac,
+		.icv_hash = ieee802_1x_icv_aes_cmac,
 
 		.index = 1,
 	},
@@ -1782,8 +1782,9 @@ ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
 	}
 
 	if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
-		    participant->ick.key, wpabuf_head(buf), buf->used, cmac)) {
+		    participant->ick.key, participant->ick.len,
-		wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
+		    wpabuf_head(buf), wpabuf_len(buf), cmac)) {
+		wpa_printf(MSG_ERROR, "KaY: failed to calculate ICV");
 		return -1;
 	}
 
@@ -3029,9 +3030,9 @@ static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
 	 * packet body length.
 	 */
 	if (mka_alg_tbl[kay->mka_algindex].icv_hash(
-		    participant->ick.key,
+		    participant->ick.key, participant->ick.len,
 		    buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
-		wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
+		wpa_printf(MSG_ERROR, "KaY: failed to calculate ICV");
 		return -1;
 	}
 

src/pae/ieee802_1x_kay_i.h

@@ -80,7 +80,8 @@ struct mka_alg {
 	int (*ick_trfm)(const u8 *cak, size_t cak_bytes,
 			const u8 *ckn, size_t ckn_len,
 			u8 *ick, size_t ick_bytes);
-	int (*icv_hash)(const u8 *ick, const u8 *msg, size_t msg_len, u8 *icv);
+	int (*icv_hash)(const u8 *ick, size_t ick_bytes,
+			const u8 *msg, size_t msg_len, u8 *icv);
 
 	int index; /* index for configuring */
 };

src/pae/ieee802_1x_key.c

@@ -172,16 +172,25 @@ int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
 
 
 /**
- * ieee802_1x_icv_128bits_aes_cmac
+ * ieee802_1x_icv_aes_cmac
  *
  * IEEE Std 802.1X-2010, 9.4.1
  * ICV = AES-CMAC(ICK, M, 128)
  */
-int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
+int ieee802_1x_icv_aes_cmac(const u8 *ick, size_t ick_bytes, const u8 *msg,
-				    size_t msg_bytes, u8 *icv)
+			    size_t msg_bytes, u8 *icv)
 {
-	if (omac1_aes_128(ick, msg, msg_bytes, icv)) {
+	int res;
-		wpa_printf(MSG_ERROR, "MKA: omac1_aes_128 failed");
+
+	if (ick_bytes == 16)
+		res = omac1_aes_128(ick, msg, msg_bytes, icv);
+	else if (ick_bytes == 32)
+		res = omac1_aes_256(ick, msg, msg_bytes, icv);
+	else
+		return -1;
+	if (res) {
+		wpa_printf(MSG_ERROR,
+			   "MKA: AES-CMAC failed for ICV calculation");
 		return -1;
 	}
 	return 0;

src/pae/ieee802_1x_key.h

@@ -18,8 +18,8 @@ int ieee802_1x_kek_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
 			    size_t ckn_bytes, u8 *kek, size_t kek_bytes);
 int ieee802_1x_ick_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ckn,
 			    size_t ckn_bytes, u8 *ick, size_t ick_bytes);
-int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
+int ieee802_1x_icv_aes_cmac(const u8 *ick, size_t ick_bytes, const u8 *msg,
-				    size_t msg_bytes, u8 *icv);
+			    size_t msg_bytes, u8 *icv);
 int ieee802_1x_sak_aes_cmac(const u8 *cak, size_t cak_bytes, const u8 *ctx,
 			    size_t ctx_bytes, u8 *sak, size_t sak_bytes);