path: root/src/pae
Commit message (Collapse)AuthorAgeFilesLines
* MACsec: Update protect frames and replay on reauthenticationXiaofei Shen2014-12-091-0/+3
| | | | | | | | | | Some cases like ifconfig down/up may require MACsec restart. To make sure the appropriate protect frames and replay parameters get configured in cases where the interface was down, set these parameters from KaY configuration to the driver before creating a new transmit SC. This allows MACsec functionality to recover automatically on such restart. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MACsec: Fix policy configurationJouni Malinen2014-10-301-2/+2
| | | | | | | | | | | macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1) instead of the enum validate_frames values (Disabled(0), Checked(1), Strict(2). This ended up policy == SHOULD_SECURE to be mapped to macsec_validate == Checked instead of Strict. This could have resulted in unintended SecY forwarding of invalid packets rather than dropping them. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MACsec: Check os_get_random() return valueJouni Malinen2014-10-111-7/+18
| | | | | | | This makes the MACsec implementation more consistent with rest of wpa_supplicant. (CID 72677, CID 72695, CID 72701, CID 72709, CID 72711) Signed-off-by: Jouni Malinen <j@w1.fi>
* AES: Extend key wrap design to support longer AES keysJouni Malinen2014-10-071-2/+2
| | | | | | | | | | | This adds kek_len argument to aes_wrap() and aes_unwrap() functions and allows AES to be initialized with 192 and 256 bit KEK in addition to the previously supported 128 bit KEK. The test vectors in test-aes.c are extended to cover all the test vectors from RFC 3394. Signed-off-by: Jouni Malinen <j@w1.fi>
* MACsec: Use os_memcmp_const() for hash/password comparisonsJouni Malinen2014-07-021-2/+3
| | | | | | | | | This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
* MACsec: Add PAE implementationHu Wang2014-05-0910-0/+5710
This adds initial implementation of IEEE Std 802.1X-2010 PAE for MACsec. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>