[PATCH 00/15] MKA bugfixes and enhancements

msiedzik at extremenetworks.com msiedzik at extremenetworks.com
Fri Mar 2 12:10:48 PST 2018 

From: Mike Siedzik <msiedzik at extremenetworks.com>

This patch series fixes several bugs in the MACsec Key Agreement (MKA)
protocol.  The series also includes enhancements such as better handling
of errant and/or missing MKPDU parameter sets, detection of duplicate
MAC addresses, and pausing MKA when link is down.

Mike Siedzik (15):
  mka: When matching CKNs ensure that lengths are identical
  mka: Ignore MACsec SAK Use Old Key parameter if we don't remember our
    old key
  mka: Incorrect conf_offset sent in MKPDU when in policy mode
    "SHOULD_SECURE"
  mka: Loss of live peers should result in connect PENDING not
    AUTHENTICATED
  mka: finish implementation of CP state machine "port_enabled"
    parameter
  mka: KaY setting Parameter Set Body Length incorrectly
  mka: Detect duplicate MAC addresses during key server election
  mka: MKPDU SAK Use Body's Delay Protect bit set incorrectly
  mka: Lowest acceptable Packet Number (LPN) calculated and used
    incorrectly
  mka: Do not print contents of SAK to debug log
  mka: Fix a few minor bugs in CP state machine
  mka: resources leaked when duplicated SCI detected
  mka: do not ignore MKPDU parameter set decoding failures
  mka: consider missing MKPDU parameter sets a failure
  mka: do not update potential peer liveness timer

 src/drivers/driver.h              |   8 +
 src/drivers/driver_macsec_linux.c |  43 +++++
 src/pae/ieee802_1x_cp.c           |  26 ++-
 src/pae/ieee802_1x_cp.h           |   1 +
 src/pae/ieee802_1x_kay.c          | 384 ++++++++++++++++++++++++++++++--------
 src/pae/ieee802_1x_kay.h          |   5 +
 src/pae/ieee802_1x_kay_i.h        |   5 +-
 src/pae/ieee802_1x_secy_ops.c     |  21 +++
 src/pae/ieee802_1x_secy_ops.h     |   2 +
 wpa_supplicant/driver_i.h         |   8 +
 wpa_supplicant/wpas_kay.c         |   7 +
 11 files changed, 420 insertions(+), 90 deletions(-)

--
2.11.1


________________________________

DISCLAIMER:
This e-mail and any attachments to it may contain confidential and proprietary material and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.

More information about the Hostap mailing list