an issue with macsec key agreement (machine falling out of sync?)
Jaap Keuter
jaap.keuter at xs4all.nl
Thu Feb 22 11:15:56 PST 2024
Hi,
Yes, I’ve seen that too. Recently it seemed to have gotten better, but the issue is still there.
Although I’ve been searching for it, I’ve only come across a single observation which lead to an idea for a change.
--------------------------- src/pae/ieee802_1x_kay.c ---------------------------
index b0a418ef0..442d487f7 100644
@@ -1101,9 +1101,11 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
* values (i.e., peer having copied my MI,MN
* from either of the last two MKPDUs that I
* have sent). */
- if (mn == participant->mn ||
- (participant->mn > 1 &&
- mn == participant->mn - 1))
+ /* BUG: This is shown to be too tight.
+ * With packets being send/received out of
+ * sequence this assumption is not valid.
+ * Adjusted to three. */
+ if (participant->mn + 3 >= mn)
return true;
}
}
I’ve created a test setup which allows you to experiment with this on a single linux host.
https://gitlab.com/JaapKeuter/MACsec-sim
Now it works fairly well with three nodes, but increasing to eight, for instance, shows the failure.
Hope it helps.
> On 21 Feb 2024, at 17:34, Moritz Wilhelmy <mw-hostap at barfooze.de> wrote:
>
> Hello,
>
> Before I will probably have to bury this macsec project at work I want
> to report what appears to be a bug to me in wpa_supplicant's macsec key
> agreement (MKA) implementation:
>
> I have 3 machines: ed0, ed1 and ed2, they all share the same
> wpa_supplicant.conf with the same values for MKA pre-shared keys and
> systemd unit that starts wpa_supplicant.
>
> Sometimes when I reboot all machines it works fine on start up, when I
> ping the IPv6 link local multicast address ff02::1%macsec0 I get
> response packets from all three machines:
>
> ed0# ping ff02::1%macsec0
> PING ff02::1%macsec0(ff02::1%macsec0) 56 data bytes
> 64 bytes from fe80::4801:e9ff:fe34:a268%macsec0: icmp_seq=1 ttl=64 time=0.117 ms
> 64 bytes from fe80::747f:28ff:fedc:abaa%macsec0: icmp_seq=1 ttl=64 time=2.85 ms (DUP!)
> 64 bytes from fe80::60a2:b8ff:fe98:ad8f%macsec0: icmp_seq=1 ttl=64 time=4.67 ms (DUP!)
> ^C
>
> Other times one of the machines seems to have issues with key agreement
> despite having the same shared key as the other machines (i.e. only one
> DUP! response on pinging the multicast address):
>
> $ ssh ed1
> Warning: Permanently added 'fe80::4801:e9ff:fe34:a268%eno1' (ED25519) to the list of known hosts.
> ed1# ping ff02::1%macsec0
> PING ff02::1%macsec0(ff02::1%macsec0) 56 data bytes
> 64 bytes from fe80::4801:e9ff:fe34:a268%macsec0: icmp_seq=1 ttl=64 time=0.112 ms
> 64 bytes from fe80::60a2:b8ff:fe98:ad8f%macsec0: icmp_seq=1 ttl=64 time=4.89 ms (DUP!) <--- second DUP! from the 3rd machine is missing
> 64 bytes from fe80::4801:e9ff:fe34:a268%macsec0: icmp_seq=2 ttl=64 time=0.098 ms
> 64 bytes from fe80::60a2:b8ff:fe98:ad8f%macsec0: icmp_seq=2 ttl=64 time=2.69 ms (DUP!)
> ^C
> --- ff02::1%macsec0 ping statistics ---
> 2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 1001ms
> rtt min/avg/max/mdev = 0.098/1.947/4.890/1.999 ms
> ed1# systemctl status wpa_supplicant
> ● wpa_supplicant.service - WPA supplicant
> Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; enabled; vendor preset: disabled)
> Active: active (running) since Sat 2024-02-10 16:07:19 UTC; 20s ago
> Main PID: 496 (wpa_supplicant)
> Tasks: 1 (limit: 404)
> Memory: 4.9M
> CGroup: /system.slice/wpa_supplicant.service
> └─496 /usr/sbin/wpa_supplicant -u -i br0 -Dmacsec_linux -c /etc/wpa_supplicant.conf
>
> Feb 10 16:07:19 hostname systemd[1]: Starting WPA supplicant...
> Feb 10 16:07:19 hostname wpa_supplicant[496]: Successfully initialized wpa_supplicant
> Feb 10 16:07:19 hostname systemd[1]: Started WPA supplicant.
> Feb 10 16:07:20 hostname wpa_supplicant[496]: br0: Associated with 01:80:c2:00:00:03
> Feb 10 16:07:20 hostname wpa_supplicant[496]: br0: CTRL-EVENT-CONNECTED - Connection to 01:80:c2:00:00:03 completed [id=0 id_str=]
> Feb 10 16:07:20 hostname wpa_supplicant[496]: br0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
> Feb 10 16:07:26 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU
> Feb 10 16:07:28 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU
> Feb 10 16:07:30 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU
> Feb 10 16:07:33 hostname wpa_supplicant[496]: KaY: Life time has not elapsed since prior SAK distributed
> ed1# logout
> Connection to fe80::4801:e9ff:fe34:a268%eno1 closed.
>
> $ ssh ed2
> Warning: Permanently added 'fe80::60a2:b8ff:fe98:ad8f%eno1' (ED25519) to the list of known hosts.
> ed2# systemctl status wpa_supplicant
> ● wpa_supplicant.service - WPA supplicant
> Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; enabled; vendor preset: disabled)
> Active: active (running) since Sat 2024-02-10 16:01:48 UTC; 47s ago
> Main PID: 496 (wpa_supplicant)
> Tasks: 1 (limit: 404)
> Memory: 4.8M
> CGroup: /system.slice/wpa_supplicant.service
> └─496 /usr/sbin/wpa_supplicant -u -i br0 -Dmacsec_linux -c /etc/wpa_supplicant.conf
>
> Feb 10 16:01:47 hostname systemd[1]: Starting WPA supplicant...
> Feb 10 16:01:48 hostname wpa_supplicant[496]: Successfully initialized wpa_supplicant
> Feb 10 16:01:48 hostname systemd[1]: Started WPA supplicant.
> Feb 10 16:01:48 hostname wpa_supplicant[496]: br0: Associated with 01:80:c2:00:00:03
> Feb 10 16:01:48 hostname wpa_supplicant[496]: br0: CTRL-EVENT-CONNECTED - Connection to 01:80:c2:00:00:03 completed [id=0 id_str=]
> Feb 10 16:01:48 hostname wpa_supplicant[496]: br0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
> Feb 10 16:01:54 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU
> Feb 10 16:01:56 hostname wpa_supplicant[496]: KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU
> ed2# logout
> Connection to fe80::60a2:b8ff:fe98:ad8f%eno1 closed.
>
> $ ssh ed0
> Warning: Permanently added 'fe80::747f:28ff:fedc:abaa%eno1' (ED25519) to the list of known hosts.
> ed0# systemctl status wpa_supplicant
> ● wpa_supplicant.service - WPA supplicant
> Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; enabled; vendor preset: disabled)
> Active: active (running) since Sat 2024-02-10 16:07:00 UTC; 54s ago
> Main PID: 495 (wpa_supplicant)
> Tasks: 1 (limit: 404)
> Memory: 4.8M
> CGroup: /system.slice/wpa_supplicant.service
> └─495 /usr/sbin/wpa_supplicant -u -i br0 -Dmacsec_linux -c /etc/wpa_supplicant.conf
>
> Feb 10 16:07:06 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param>
> Feb 10 16:07:06 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed
> Feb 10 16:07:06 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param>
> Feb 10 16:07:06 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed
> Feb 10 16:07:07 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param>
> Feb 10 16:07:07 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed
> Feb 10 16:07:09 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param>
> Feb 10 16:07:09 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed
> Feb 10 16:07:11 hostname wpa_supplicant[495]: KaY: The peer (73cec9c3a974289e25a335a4) is not my live peer - ignore MACsec SAK Use param>
> Feb 10 16:07:11 hostname wpa_supplicant[495]: KaY: Discarding Rx MKPDU: decode of parameter set type (3) failed
>
> ^^^^ seems to me that the culprit in this case is ed0 that somehow fell
> out of sync with the others if I'm reading this right, but I didn't
> write this software so perhaps you tell me :)
>
> Are you aware of/have you encountered this issue before? Is there any
> known solution/software version where it's fixed?
>
> Here's some more context and diagnostical info:
>
> ed0# wpa_supplicant -v
> wpa_supplicant v2.10
> Copyright (c) 2003-2022, Jouni Malinen <j at w1.fi> and contributors
>
> ed0# uname -a
> Linux hostname 5.4.24 #1 SMP PREEMPT Thu Oct 7 08:39:19 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
>
> ed0# cat /sys/class/net/br0/bridge/group_fwd_mask
> 0x8
>
> ed0# cat /etc/wpa_supplicant.conf
> ctrl_interface=/var/run/wpa_supplicant
> eapol_version=3
> ap_scan=0
> fast_reauth=1
>
> network={
> key_mgmt=NONE
> eapol_flags=0
> macsec_policy=1
>
> mka_cak=35659df249c7c90fcaeb675ef59eb783
> mka_ckn=83f447da8078c18a7bae35851a0349384e9da84ab45a705f304731f3dc7fee
> }
>
>
>
> The file is left as copied from the [RedHat introduction][1] with some
> keys filled in where they belong and then copied identically to all
> three machines.
>
> Sorry I had to edit the logs to remove the hostname, I've signed an NDA.
>
> Best regards,
>
> Moritz
>
> [1]: https://developers.redhat.com/blog/2017/06/28/whats-new-in-macsec-setting-up-macsec-using-wpa_supplicant-and-optionally-networkmanager#
>
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap
More information about the Hostap
mailing list