[PATCH] MKA: Process DIST-SAK after SAK-USE.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ieee802_1x_mka_decode_sak_use_body returns 0 for "KaY: We don't have a latest distributed key - ignore SAK use". Thus DIST-SAK is processed. Updating the MI breaks everything. I could find nothing in the spec for this.

Signed-off-by: Greg Goblirsch <gregg@xxxxxxxxxxxxxxxx>

@@ -3310,22 +3334,10 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
                        if (mka_body_handler[body_type].body_rx
                                (participant, pos, left_len) != 0) {
                                /* Handle parameter set failure */
-                               if (body_type != MKA_SAK_USE) {
-                                       wpa_printf(MSG_INFO,
-                                                  "KaY: Discarding Rx MKPDU: decode of parameter set type (%d) failed",
-                                                  body_type);
-                                       return -1;
-                               }
-
-                               /* Ideally DIST-SAK should be processed before
-                                * SAK-USE. Unfortunately IEEE Std 802.1X-2010,
-                                * 11.11.3 (Encoding MKPDUs) states SAK-USE(3)
-                                * must always be encoded before DIST-SAK(4).
-                                * Rather than redesigning mka_body_handler so
-                                * that it somehow processes DIST-SAK before
-                                * SAK-USE, just ignore SAK-USE failures if
-                                * DIST-SAK is also present in this MKPDU. */
-                               bad_sak_use = true;
+                               wpa_printf(MSG_INFO,
+                                          "KaY: Discarding Rx MKPDU: decode of parameter set type (%d) failed",
+                                          body_type);
+                               return -1;
                        }
                } else {
                        wpa_printf(MSG_ERROR,
@@ -3334,19 +3346,6 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
                }
        }
 
-       if (bad_sak_use && !handled[MKA_DISTRIBUTED_SAK]) {
-               wpa_printf(MSG_INFO,
-                          "KaY: Discarding Rx MKPDU: decode of parameter set type (%d) failed",
-                          MKA_SAK_USE);
-               if (!reset_participant_mi(participant))
-                       wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
-               else
-                       wpa_printf(MSG_DEBUG,
-                                  "KaY: Selected a new random MI: %s",
-                                  mi_txt(participant->mi));
-               return -1;
-       }
-
        /* Detect missing parameter sets */
        peer = ieee802_1x_kay_get_live_peer(participant,
                                            participant->current_peer_id.mi);

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux