DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

AES: Extend key wrap design to support longer AES keys

Browse source 
This adds kek_len argument to aes_wrap() and aes_unwrap() functions and
allows AES to be initialized with 192 and 256 bit KEK in addition to
the previously supported 128 bit KEK.

The test vectors in test-aes.c are extended to cover all the test
vectors from RFC 3394.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-10-07 13:48:45 +03:00
parent 98a1571d88
commit eefec1e40b
11 changed files with 292 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/eap_server/eap_server_fast.c
View file

@ -161,8 +161,8 @@ static int eap_fast_session_ticket_cb(void *ctx, const u8 *ticket, size_t len,
return 0;
}
if (aes_unwrap(data->pac_opaque_encr, (pac_opaque_len - 8) / 8,
pac_opaque, buf) < 0) {
if (aes_unwrap(data->pac_opaque_encr, sizeof(data->pac_opaque_encr),
(pac_opaque_len - 8) / 8, pac_opaque, buf) < 0) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to decrypt "
"PAC-Opaque");
os_free(buf);
@ -731,8 +731,8 @@ static struct wpabuf * eap_fast_build_pac(struct eap_sm *sm,
os_free(pac_buf);
return NULL;
}
if (aes_wrap(data->pac_opaque_encr, pac_len / 8, pac_buf,
pac_opaque) < 0) {
if (aes_wrap(data->pac_opaque_encr, sizeof(data->pac_opaque_encr),
pac_len / 8, pac_buf, pac_opaque) < 0) {
os_free(pac_buf);
os_free(pac_opaque);
return NULL;