Merge "macsec: Use monotonic clock instead of system clock"
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index a1f8ae9..3c55c5a 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -592,6 +592,7 @@
ieee802_1x_kay_create_peer(const u8 *mi, u32 mn)
{
struct ieee802_1x_kay_peer *peer;
+ struct os_reltime now;
peer = os_zalloc(sizeof(*peer));
if (!peer) {
@@ -601,7 +602,8 @@
os_memcpy(peer->mi, mi, MI_LEN);
peer->mn = mn;
- peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ os_get_reltime(&now);
+ peer->expire = now.sec + MKA_LIFE_TIME / 1000;
peer->sak_used = false;
peer->missing_sak_use_count = 0;
@@ -678,6 +680,7 @@
{
struct ieee802_1x_kay_peer *peer;
struct receive_sc *rxsc;
+ struct os_reltime now;
peer = ieee802_1x_kay_get_potential_peer(participant, mi);
if (!peer)
@@ -690,7 +693,8 @@
os_memcpy(&peer->sci, &participant->current_peer_sci,
sizeof(peer->sci));
peer->mn = mn;
- peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ os_get_reltime(&now);
+ peer->expire = now.sec + MKA_LIFE_TIME / 1000;
wpa_printf(MSG_DEBUG, "KaY: Move potential peer to live peer");
ieee802_1x_kay_dump_peer(peer);
@@ -873,13 +877,15 @@
peer = ieee802_1x_kay_get_peer_sci(participant,
&body->actor_sci);
if (peer) {
- time_t new_expire;
+ os_time_t new_expire;
+ struct os_reltime now;
wpa_printf(MSG_WARNING,
"KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU");
/* Reduce timeout to speed up this process but left the
* chance for old one to prove aliveness. */
- new_expire = time(NULL) + MKA_HELLO_TIME * 1.5 / 1000;
+ os_get_reltime(&now);
+ new_expire = now.sec + MKA_HELLO_TIME * 1.5 / 1000;
if (peer->expire > new_expire)
peer->expire = new_expire;
return NULL;
@@ -2130,6 +2136,7 @@
unsigned int key_len;
u8 *key;
struct macsec_ciphersuite *cs;
+ struct os_reltime now;
/* check condition for generating a fresh SAK:
* must have one live peer
@@ -2150,7 +2157,8 @@
* here only check first item and ingore
* && (!dl_list_empty(&participant->potential_peers))) {
*/
- if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
+ os_get_reltime(&now);
+ if ((now.sec - kay->dist_time) < MKA_LIFE_TIME / 1000) {
wpa_printf(MSG_ERROR,
"KaY: Life time has not elapsed since prior SAK distributed");
return -1;
@@ -2244,7 +2252,7 @@
if (kay->dist_an > 3)
kay->dist_an = 0;
- kay->dist_time = time(NULL);
+ kay->dist_time = now.sec;
return 0;
@@ -2548,17 +2556,19 @@
struct ieee802_1x_mka_participant *participant;
struct ieee802_1x_kay *kay;
struct ieee802_1x_kay_peer *peer, *pre_peer;
- time_t now = time(NULL);
+ struct os_reltime now;
bool lp_changed;
struct receive_sc *rxsc, *pre_rxsc;
struct transmit_sa *txsa, *pre_txsa;
+ os_get_reltime(&now);
+
participant = (struct ieee802_1x_mka_participant *)eloop_ctx;
kay = participant->kay;
wpa_printf(MSG_DEBUG, "KaY: Participant timer (ifname=%s)",
kay->if_name);
if (participant->cak_life) {
- if (now > participant->cak_life)
+ if (now.sec > participant->cak_life)
goto delete_mka;
}
@@ -2566,7 +2576,7 @@
* when the MKA life elapsed since its creating */
if (participant->mka_life) {
if (dl_list_empty(&participant->live_peers)) {
- if (now > participant->mka_life)
+ if (now.sec > participant->mka_life)
goto delete_mka;
} else {
participant->mka_life = 0;
@@ -2576,7 +2586,7 @@
lp_changed = false;
dl_list_for_each_safe(peer, pre_peer, &participant->live_peers,
struct ieee802_1x_kay_peer, list) {
- if (now > peer->expire) {
+ if (now.sec > peer->expire) {
wpa_printf(MSG_DEBUG, "KaY: Live peer removed");
wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
sizeof(peer->mi));
@@ -2634,7 +2644,7 @@
dl_list_for_each_safe(peer, pre_peer, &participant->potential_peers,
struct ieee802_1x_kay_peer, list) {
- if (now > peer->expire) {
+ if (now.sec > peer->expire) {
wpa_printf(MSG_DEBUG, "KaY: Potential peer removed");
wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
sizeof(peer->mi));
@@ -3371,11 +3381,14 @@
return -1;
}
} else {
+ struct os_reltime now;
+
+ os_get_reltime(&now);
peer->missing_sak_use_count = 0;
/* Only update live peer watchdog after successful
* decode of all parameter sets */
- peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ peer->expire = now.sec + MKA_LIFE_TIME / 1000;
}
} else {
/* MKPDU is from new or potential peer */
@@ -3674,8 +3687,12 @@
os_memcpy(participant->cak.key, cak->key, cak->len);
wpa_hexdump_key(MSG_DEBUG, "KaY: CAK", participant->cak.key,
participant->cak.len);
- if (life)
- participant->cak_life = life + time(NULL);
+ if (life) {
+ struct os_reltime now;
+ os_get_reltime(&now);
+
+ participant->cak_life = life + now.sec;
+ }
switch (mode) {
case EAP_EXCHANGE:
@@ -3783,7 +3800,10 @@
* some peer appears.
*/
if (mode != PSK) {
- participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
+ struct os_reltime now;
+ os_get_reltime(&now);
+
+ participant->mka_life = MKA_LIFE_TIME / 1000 + now.sec +
usecs / 1000000;
}
participant->mode = mode;
diff --git a/src/pae/ieee802_1x_kay.h b/src/pae/ieee802_1x_kay.h
index 11cf7b7..525679f 100644
--- a/src/pae/ieee802_1x_kay.h
+++ b/src/pae/ieee802_1x_kay.h
@@ -213,7 +213,7 @@
u32 dist_kn;
u32 rcvd_keys;
u8 dist_an;
- time_t dist_time;
+ os_time_t dist_time;
u8 mka_version;
u8 algo_agility[4];
diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
index 7a04169..e4650b5 100644
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -45,7 +45,7 @@
struct ieee802_1x_mka_sci sci;
u8 mi[MI_LEN];
u32 mn;
- time_t expire;
+ os_time_t expire;
bool is_key_server;
u8 key_server_priority;
bool macsec_desired;
@@ -135,8 +135,8 @@
struct ieee802_1x_mka_peer_id current_peer_id;
struct ieee802_1x_mka_sci current_peer_sci;
- time_t cak_life;
- time_t mka_life;
+ os_time_t cak_life;
+ os_time_t mka_life;
bool to_dist_sak;
bool to_use_sak;
bool new_sak;
