mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
mka: Ignore MACsec SAK Use Old Key parameter if we don't have our old key
Upon receipt of the "MACsec MKPDU SAK Use parameter set" the KaY verifies that both the latest key and the old key are valid. If the local system reboots or is reinitialized, the KaY won't have a copy of its old key. Therefore if the KaY does not have a copy of its old key it should not reject MKPDUs that contain old key data in the MACsec SAK Use parameter. Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
This commit is contained in:
parent
b54b53e644
commit
8fb546d8e6
@ -1343,8 +1343,8 @@ ieee802_1x_mka_decode_sak_use_body(
|
||||
}
|
||||
}
|
||||
|
||||
/* check old key is valid */
|
||||
if (body->otx || body->orx) {
|
||||
/* check old key is valid (but only if we remember our old key) */
|
||||
if (participant->oki.kn != 0 && (body->otx || body->orx)) {
|
||||
if (os_memcmp(participant->oki.mi, body->osrv_mi,
|
||||
sizeof(participant->oki.mi)) != 0 ||
|
||||
be_to_host32(body->okn) != participant->oki.kn ||
|
||||
|
Loading…
Reference in New Issue
Block a user