[PATCH 0/5] introduce new mka configuration options
Sabrina Dubroca
sd at queasysnail.net
Wed Nov 2 08:38:34 PDT 2016
Patch 1 adds a pre-shared key mode for MKA, so that we don't need to
setup full authentication. Some switches already use this, and that's
a pretty easy way to configure a network.
Patch 2 allows a MKA-PSK agent to stay in stand-by mode indefinitely
until peers appear on the network, instead of timeouting quickly if no
peer exists when the agent is started up.
Patch 3 adds a configuration parameter to enable or disable
encryption. When encryption is disabled, MACsec will only provide
integrity.
Patch 4 implements the encryption control in MKA.
Patch 5 allows choosing the port component in the SCI. Currently,
wpa_supplicant only supports port == 1.
Sabrina Dubroca (5):
wpa_supplicant: allow pre-shared (CAK,CKN) pair for MKA
mka: disable peer detection timeout for PSK mode
wpa_supplicant: add macsec_integ_only setting for MKA
mka: add enable_encrypt op and call it from CP state machine
wpa_supplicant: allow configuring the MACsec port for MKA
src/common/ieee802_1x_defs.h | 6 ++++
src/drivers/driver.h | 9 +++++
src/pae/ieee802_1x_cp.c | 4 +++
src/pae/ieee802_1x_kay.c | 18 +++++++---
src/pae/ieee802_1x_kay.h | 4 ++-
src/pae/ieee802_1x_secy_ops.c | 20 +++++++++++
src/pae/ieee802_1x_secy_ops.h | 1 +
wpa_supplicant/config.c | 62 +++++++++++++++++++++++++++++++++
wpa_supplicant/config_file.c | 2 ++
wpa_supplicant/config_ssid.h | 41 ++++++++++++++++++++++
wpa_supplicant/driver_i.h | 8 +++++
wpa_supplicant/wpa_cli.c | 2 ++
wpa_supplicant/wpa_supplicant.c | 5 ++-
wpa_supplicant/wpa_supplicant.conf | 18 ++++++++++
wpa_supplicant/wpas_kay.c | 71 ++++++++++++++++++++++++++++++++++++--
wpa_supplicant/wpas_kay.h | 9 +++++
16 files changed, 272 insertions(+), 8 deletions(-)
--
2.10.1
More information about the Hostap
mailing list