Message ID | 20180302201103.16264-1-msiedzik@extremenetworks.com |
---|---|
Headers | show
Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=extremenetworks.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="NlB7VHgi"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3ztL9v4756z9s33 for <incoming@patchwork.ozlabs.org>; Sat, 3 Mar 2018 07:14:27 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=sUbdZjZtJV3IUHuwku+18pEvL/tXXF9yrZMzxeVRJNw=; b=NlB7VHgi1PdV+c aS4qMTmhMTjHBDpgHzuMDFr7P5L4QstXWauYJlJkJq1SVrWb1hyL7MSBWbfVZaC3rUOO5j0wp6vmr MgxK5vz4lEdzsuI/wL0qGO7x4VEuW+J0ppuZM4idPitWKwCtskUi5Jeg8iGmG4tzYOQHe+EGzMmTp uepqh9Pz6LPtqiOX2zSTjdN9+ZXvanCiV4MlRsqcb2sv8bsTjimoM+thSJc4xHCWzQLD5O+67Vy9X 1nYG/FnULxJWxoxScjzzgroBDGSr9sASN2E3FdjzOHEtXvmMoKVYriHIHzkzcEaf6oxBlP3pJi84s jPbZeeGN6QCDvSTccLBQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1err4D-0001sK-LR; Fri, 02 Mar 2018 20:14:09 +0000 Received: from us-smtp-delivery-183.mimecast.com ([216.205.24.183]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1err3M-0001J8-1u for hostap@lists.infradead.org; Fri, 02 Mar 2018 20:13:20 +0000 Received: from USNC-CASHT-P2.corp.extremenetworks.com (owamail.extremenetworks.com [134.141.9.1]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-104-kdl8RwPBPJOVF7hamH021A-1; Fri, 02 Mar 2018 15:10:58 -0500 Received: from USNC-CASHT-P2.corp.extremenetworks.com (10.6.17.64) by USNC-CASHT-P2.corp.extremenetworks.com (10.6.17.64) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 2 Mar 2018 15:10:58 -0500 Received: from smtp1.extremenetworks.com (10.6.24.34) by USNC-CASHT-P2.corp.extremenetworks.com (10.6.17.64) with Microsoft SMTP Server (TLS) id 15.0.1210.3 via Frontend Transport; Fri, 2 Mar 2018 15:10:58 -0500 Received: from cm-exos1.extremenetworks.com (a10-smtp.extremenetworks.com [10.6.24.14]) by smtp1.extremenetworks.com (8.13.8/8.13.8) with ESMTP id w22KAt5x032584; Fri, 2 Mar 2018 12:10:55 -0800 Received: from cm-exos1.extremenetworks.com (localhost [127.0.0.1]) by cm-exos1.extremenetworks.com (Postfix) with ESMTP id AF16C2C0291; Fri, 2 Mar 2018 15:11:06 -0500 (EST) Received: (from msiedzik@localhost) by cm-exos1.extremenetworks.com (8.14.7/8.14.7/Submit) id w22KB6a0016322; Fri, 2 Mar 2018 15:11:06 -0500 From: <msiedzik@extremenetworks.com> To: <hostap@lists.infradead.org> Subject: [PATCH 00/15] MKA bugfixes and enhancements Date: Fri, 2 Mar 2018 15:10:48 -0500 Message-ID: <20180302201103.16264-1-msiedzik@extremenetworks.com> X-Mailer: git-send-email 2.11.1 MIME-Version: 1.0 X-MC-Unique: kdl8RwPBPJOVF7hamH021A-1 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -2.6 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [216.205.24.183 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: <hostap.lists.infradead.org> List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>, <mailto:hostap-request@lists.infradead.org?subject=unsubscribe> List-Archive: <http://lists.infradead.org/pipermail/hostap/> List-Post: <mailto:hostap@lists.infradead.org> List-Help: <mailto:hostap-request@lists.infradead.org?subject=help> List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>, <mailto:hostap-request@lists.infradead.org?subject=subscribe> Cc: Mike Siedzik <msiedzik@extremenetworks.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org |
Series |
MKA bugfixes and enhancements
|
expand
|
From: Mike Siedzik <msiedzik@extremenetworks.com> This patch series fixes several bugs in the MACsec Key Agreement (MKA) protocol. The series also includes enhancements such as better handling of errant and/or missing MKPDU parameter sets, detection of duplicate MAC addresses, and pausing MKA when link is down. Mike Siedzik (15): mka: When matching CKNs ensure that lengths are identical mka: Ignore MACsec SAK Use Old Key parameter if we don't remember our old key mka: Incorrect conf_offset sent in MKPDU when in policy mode "SHOULD_SECURE" mka: Loss of live peers should result in connect PENDING not AUTHENTICATED mka: finish implementation of CP state machine "port_enabled" parameter mka: KaY setting Parameter Set Body Length incorrectly mka: Detect duplicate MAC addresses during key server election mka: MKPDU SAK Use Body's Delay Protect bit set incorrectly mka: Lowest acceptable Packet Number (LPN) calculated and used incorrectly mka: Do not print contents of SAK to debug log mka: Fix a few minor bugs in CP state machine mka: resources leaked when duplicated SCI detected mka: do not ignore MKPDU parameter set decoding failures mka: consider missing MKPDU parameter sets a failure mka: do not update potential peer liveness timer src/drivers/driver.h | 8 + src/drivers/driver_macsec_linux.c | 43 +++++ src/pae/ieee802_1x_cp.c | 26 ++- src/pae/ieee802_1x_cp.h | 1 + src/pae/ieee802_1x_kay.c | 384 ++++++++++++++++++++++++++++++-------- src/pae/ieee802_1x_kay.h | 5 + src/pae/ieee802_1x_kay_i.h | 5 +- src/pae/ieee802_1x_secy_ops.c | 21 +++ src/pae/ieee802_1x_secy_ops.h | 2 + wpa_supplicant/driver_i.h | 8 + wpa_supplicant/wpas_kay.c | 7 + 11 files changed, 420 insertions(+), 90 deletions(-) -- 2.11.1