Commit graph

9 commits

Author SHA1 Message Date
Jouni Malinen
ce256b4a49 PAE: Use sci->port more consistently
This is now annotated as be16, so use it as such in all cases instead of
first storing host byte order value and then swapping that to big endian
in other instances of the same structure. This gets rid of number of
sparse warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-24 19:02:58 +03:00
Jouni Malinen
799a7ed8a9 PAE: Mark ieee802_1x_kay_deinit_data_key() static
This function is not used outside this file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-24 01:40:24 +03:00
Jouni Malinen
4e7f5a4a2a PAE: Use be16/be32 instead of u16/u32 for spartse
This converts some of the PAE code to use a design that gets rid
unnecessary warnings from sparse and allows more thorough validation of
byte order operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-24 01:38:48 +03:00
Xiaofei Shen
f68e86a4d6 MACsec: Update protect frames and replay on reauthentication
Some cases like ifconfig down/up may require MACsec restart. To make
sure the appropriate protect frames and replay parameters get configured
in cases where the interface was down, set these parameters from KaY
configuration to the driver before creating a new transmit SC. This
allows MACsec functionality to recover automatically on such restart.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-09 16:56:10 +02:00
Jouni Malinen
43d8592718 MACsec: Fix policy configuration
macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1)
instead of the enum validate_frames values (Disabled(0), Checked(1),
Strict(2). This ended up policy == SHOULD_SECURE to be mapped to
macsec_validate == Checked instead of Strict. This could have resulted
in unintended SecY forwarding of invalid packets rather than dropping
them.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-30 11:43:47 +02:00
Jouni Malinen
533d7fb7b7 MACsec: Check os_get_random() return value
This makes the MACsec implementation more consistent with rest of
wpa_supplicant. (CID 72677, CID 72695, CID 72701, CID 72709, CID 72711)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-11 18:54:43 +03:00
Jouni Malinen
eefec1e40b AES: Extend key wrap design to support longer AES keys
This adds kek_len argument to aes_wrap() and aes_unwrap() functions and
allows AES to be initialized with 192 and 256 bit KEK in addition to
the previously supported 128 bit KEK.

The test vectors in test-aes.c are extended to cover all the test
vectors from RFC 3394.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-07 14:57:06 +03:00
Jouni Malinen
72619ce61b MACsec: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Hu Wang
887d9d01ab MACsec: Add PAE implementation
This adds initial implementation of IEEE Std 802.1X-2010 PAE for MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00