fragattacks/src
Mike Siedzik d9a0a72229 mka: Fix MKPDU SAK Use Body's Delay Protect bit setting
Delay Protect and Replay Protect are two separate and distinct features
of MKA. Per IEEE Std 802.1X-2010, 9.10.1 "Delay Protect, TRUE if LPNs
are being reported sufficiently frequently to allow the recipient to
provide data delay protection. If FALSE, the LPN can be reported as
zero", and per 9.10 "NOTE--Enforcement of bounded received delay
necessitates transmission of MKPDUs at frequent (0.5 s) intervals, to
meet a maximum data delay of 2 s while minimizing connectivity
interruption due to the possibility of lost or delayed MKPDUs."

This means struct ieee802_1x_mka_sak_use_body::delay_protect should only
be set TRUE when MKPDUs are being transmitted every 0.5 s (or faster).
By default the KaY sends MKPDUs every MKA_HELLO_TIME (2.0 s), so by
default delay_protect should be FALSE.

Add a new 'u32 mka_hello_time' parameter to struct ieee802_1x_kay. If
delay protection is desired, the KaY initialization code should set
kay->mka_hello_time to MKA_BOUNDED_HELLO_TIME (500 ms).

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2018-12-26 16:42:25 +02:00
..
ap Check snprintf result to avoid compiler warnings 2018-12-24 11:09:22 +02:00
common Vendor command to query the supported AKMs from the driver 2018-12-21 21:09:48 +02:00
crypto Fix build with LibreSSL 2018-12-21 12:09:11 +02:00
drivers macsec_linux: Add driver status information 2018-12-25 00:54:51 +02:00
eap_common EAP-pwd: Mask timing of PWE derivation 2018-05-28 22:15:15 +03:00
eap_peer EAP-pwd peer: Fix memory leak in eap_pwd_perform_confirm_exchange() 2018-10-16 12:11:32 +03:00
eap_server EAP: Make method and IMSI available from server structures 2018-12-14 15:56:16 +02:00
eapol_auth Add hostapd tls_flags parameter 2017-09-18 12:12:48 +03:00
eapol_supp eap_proxy: Fix memory leaks when using eap_peer_erp_init() 2018-09-21 21:34:08 +03:00
fst fst: Fix compile error in fst_ctrl_aux.h with C++ compilers 2018-05-21 17:47:03 +03:00
l2_packet wpa_supplicant: Don't reply to EAPOL if pkt_type is PACKET_OTHERHOST 2018-04-02 12:21:27 +03:00
p2p P2P: Continue P2P_WAIT_PEER_(IDLE/CONNECT) sequence on a listen cancel 2017-11-03 21:47:32 +02:00
pae mka: Fix MKPDU SAK Use Body's Delay Protect bit setting 2018-12-26 16:42:25 +02:00
radius HS 2.0 server: RADIUS server support for SIM provisioning 2018-12-15 18:01:38 +02:00
rsn_supp OCV: Include and verify OCI in the FILS handshake 2018-12-17 15:50:12 +02:00
tls Use os_memdup() 2017-03-07 13:19:10 +02:00
utils Enable the close-on-exec flag for the debug log file descriptor 2018-10-20 19:26:03 +03:00
wps WPS: Fix wps_validate_credential() argument type 2018-12-24 11:12:53 +02:00
lib.rules Add QUIET=1 option for make 2014-12-29 15:49:05 +02:00
Makefile FST: Add the Fast Session Transfer (FST) module 2015-07-16 18:26:15 +03:00