[00/15] MKA bugfixes and enhancements

Message ID	20180302201103.16264-1-msiedzik@extremenetworks.com
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: <msiedzik@extremenetworks.com> To: <hostap@lists.infradead.org> Subject: [PATCH 00/15] MKA bugfixes and enhancements Date: Fri, 2 Mar 2018 15:10:48 -0500 Message-ID: <20180302201103.16264-1-msiedzik@extremenetworks.com> MIME-Version: 1.0 summary: Content analysis details: (-2.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [216.205.24.183 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Precedence: list Cc: Mike Siedzik <msiedzik@extremenetworks.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	MKA bugfixes and enhancements \| expand [00/15] MKA bugfixes and enhancements [01/15] mka: When matching CKNs ensure that lengths are identical [02/15] mka: Ignore MACsec SAK Use Old Key parameter if we don't remember our old key [03/15] mka: Incorrect conf_offset sent in MKPDU when in policy mode "SHOULD_SECURE" [04/15] mka: Loss of live peers should result in connect PENDING not AUTHENTICATED [05/15] mka: finish implementation of CP state machine "port_enabled" parameter [06/15] mka: KaY setting Parameter Set Body Length incorrectly [07/15] mka: Detect duplicate MAC addresses during key server election [08/15] mka: MKPDU SAK Use Body's Delay Protect bit set incorrectly [09/15] mka: Lowest acceptable Packet Number (LPN) calculated and used incorrectly [10/15] mka: Do not print contents of SAK to debug log [11/15] mka: Fix a few minor bugs in CP state machine [12/15] mka: resources leaked when duplicated SCI detected [13/15] mka: do not ignore MKPDU parameter set decoding failures [14/15] mka: consider missing MKPDU parameter sets a failure [15/15] mka: do not update potential peer liveness timer

Message ID

20180302201103.16264-1-msiedzik@extremenetworks.com

Headers

From: <msiedzik@extremenetworks.com>
To: <hostap@lists.infradead.org>
Subject: [PATCH 00/15] MKA bugfixes and enhancements
Date: Fri, 2 Mar 2018 15:10:48 -0500
Message-ID: <20180302201103.16264-1-msiedzik@extremenetworks.com>
MIME-Version: 1.0
Precedence: list
Cc: Mike Siedzik <msiedzik@extremenetworks.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

MKA bugfixes and enhancements | expand

Message

Michael Siedzik March 2, 2018, 8:10 p.m. UTC

From: Mike Siedzik <msiedzik@extremenetworks.com>

This patch series fixes several bugs in the MACsec Key Agreement (MKA)
protocol.  The series also includes enhancements such as better handling
of errant and/or missing MKPDU parameter sets, detection of duplicate
MAC addresses, and pausing MKA when link is down.

Mike Siedzik (15):
  mka: When matching CKNs ensure that lengths are identical
  mka: Ignore MACsec SAK Use Old Key parameter if we don't remember our
    old key
  mka: Incorrect conf_offset sent in MKPDU when in policy mode
    "SHOULD_SECURE"
  mka: Loss of live peers should result in connect PENDING not
    AUTHENTICATED
  mka: finish implementation of CP state machine "port_enabled"
    parameter
  mka: KaY setting Parameter Set Body Length incorrectly
  mka: Detect duplicate MAC addresses during key server election
  mka: MKPDU SAK Use Body's Delay Protect bit set incorrectly
  mka: Lowest acceptable Packet Number (LPN) calculated and used
    incorrectly
  mka: Do not print contents of SAK to debug log
  mka: Fix a few minor bugs in CP state machine
  mka: resources leaked when duplicated SCI detected
  mka: do not ignore MKPDU parameter set decoding failures
  mka: consider missing MKPDU parameter sets a failure
  mka: do not update potential peer liveness timer

 src/drivers/driver.h              |   8 +
 src/drivers/driver_macsec_linux.c |  43 +++++
 src/pae/ieee802_1x_cp.c           |  26 ++-
 src/pae/ieee802_1x_cp.h           |   1 +
 src/pae/ieee802_1x_kay.c          | 384 ++++++++++++++++++++++++++++++--------
 src/pae/ieee802_1x_kay.h          |   5 +
 src/pae/ieee802_1x_kay_i.h        |   5 +-
 src/pae/ieee802_1x_secy_ops.c     |  21 +++
 src/pae/ieee802_1x_secy_ops.h     |   2 +
 wpa_supplicant/driver_i.h         |   8 +
 wpa_supplicant/wpas_kay.c         |   7 +
 11 files changed, 420 insertions(+), 90 deletions(-)

--
2.11.1