Patch 1 adds a pre-shared key mode for MKA, so that we don't need to setup full authentication. Some switches already use this, and that's a pretty easy way to configure a network. Patch 2 allows a MKA-PSK agent to stay in stand-by mode indefinitely until peers appear on the network, instead of timeouting quickly if no peer exists when the agent is started up. Patch 3 adds a configuration parameter to enable or disable encryption. When encryption is disabled, MACsec will only provide integrity. Patch 4 implements the encryption control in MKA. Patch 5 allows choosing the port component in the SCI. Currently, wpa_supplicant only supports port == 1. Sabrina Dubroca (5): wpa_supplicant: allow pre-shared (CAK,CKN) pair for MKA mka: disable peer detection timeout for PSK mode wpa_supplicant: add macsec_integ_only setting for MKA mka: add enable_encrypt op and call it from CP state machine wpa_supplicant: allow configuring the MACsec port for MKA src/common/ieee802_1x_defs.h | 6 ++++ src/drivers/driver.h | 9 +++++ src/pae/ieee802_1x_cp.c | 4 +++ src/pae/ieee802_1x_kay.c | 18 +++++++--- src/pae/ieee802_1x_kay.h | 4 ++- src/pae/ieee802_1x_secy_ops.c | 20 +++++++++++ src/pae/ieee802_1x_secy_ops.h | 1 + wpa_supplicant/config.c | 62 +++++++++++++++++++++++++++++++++ wpa_supplicant/config_file.c | 2 ++ wpa_supplicant/config_ssid.h | 41 ++++++++++++++++++++++ wpa_supplicant/driver_i.h | 8 +++++ wpa_supplicant/wpa_cli.c | 2 ++ wpa_supplicant/wpa_supplicant.c | 5 ++- wpa_supplicant/wpa_supplicant.conf | 18 ++++++++++ wpa_supplicant/wpas_kay.c | 71 ++++++++++++++++++++++++++++++++++++-- wpa_supplicant/wpas_kay.h | 9 +++++ 16 files changed, 272 insertions(+), 8 deletions(-) -- 2.10.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
