]>
Commit | Line | Data |
---|---|---|
887d9d01 HW |
1 | /* |
2 | * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine | |
3 | * Copyright (c) 2013, Qualcomm Atheros, Inc. | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include <time.h> | |
10 | #include "includes.h" | |
11 | #include "common.h" | |
12 | #include "list.h" | |
13 | #include "eloop.h" | |
14 | #include "wpabuf.h" | |
15 | #include "state_machine.h" | |
16 | #include "l2_packet/l2_packet.h" | |
17 | #include "common/eapol_common.h" | |
18 | #include "crypto/aes_wrap.h" | |
19 | #include "ieee802_1x_cp.h" | |
20 | #include "ieee802_1x_key.h" | |
21 | #include "ieee802_1x_kay.h" | |
22 | #include "ieee802_1x_kay_i.h" | |
23 | #include "ieee802_1x_secy_ops.h" | |
24 | ||
25 | ||
26 | #define DEFAULT_SA_KEY_LEN 16 | |
27 | #define DEFAULT_ICV_LEN 16 | |
28 | #define MAX_ICV_LEN 32 /* 32 bytes, 256 bits */ | |
29 | ||
e4ae284b MS |
30 | #define MAX_MISSING_SAK_USE 10 /* Accept up to 10 inbound MKPDUs without |
31 | * SAK-USE before dropping */ | |
32 | ||
887d9d01 HW |
33 | #define PENDING_PN_EXHAUSTION 0xC0000000 |
34 | ||
d4f668fd SD |
35 | #define MKA_ALIGN_LENGTH(len) (((len) + 0x3) & ~0x3) |
36 | ||
887d9d01 HW |
37 | /* IEEE Std 802.1X-2010, Table 9-1 - MKA Algorithm Agility */ |
38 | #define MKA_ALGO_AGILITY_2009 { 0x00, 0x80, 0xC2, 0x01 } | |
39 | static u8 mka_algo_agility[4] = MKA_ALGO_AGILITY_2009; | |
40 | ||
41 | /* IEEE802.1AE-2006 Table 14-1 MACsec Cipher Suites */ | |
42 | static struct macsec_ciphersuite cipher_suite_tbl[] = { | |
43 | /* GCM-AES-128 */ | |
44 | { | |
8fab9e1c SD |
45 | .id = CS_ID_GCM_AES_128, |
46 | .name = CS_NAME_GCM_AES_128, | |
47 | .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50, | |
48 | .sak_len = DEFAULT_SA_KEY_LEN, | |
49 | .index = 0, | |
887d9d01 | 50 | }, |
1ff86057 | 51 | /* GCM-AES-256 */ |
52 | { | |
53 | .id = CS_ID_GCM_AES_256, | |
54 | .name = CS_NAME_GCM_AES_256, | |
55 | .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50, | |
56 | .sak_len = 32, | |
57 | .index = 1 /* index */ | |
58 | }, | |
887d9d01 HW |
59 | }; |
60 | #define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl)) | |
61 | #define DEFAULT_CS_INDEX 0 | |
62 | ||
63 | static struct mka_alg mka_alg_tbl[] = { | |
64 | { | |
8fab9e1c SD |
65 | .parameter = MKA_ALGO_AGILITY_2009, |
66 | ||
887d9d01 | 67 | /* 128-bit CAK, KEK, ICK, ICV */ |
8fab9e1c SD |
68 | .cak_len = DEFAULT_ICV_LEN, |
69 | .kek_len = DEFAULT_ICV_LEN, | |
70 | .ick_len = DEFAULT_ICV_LEN, | |
71 | .icv_len = DEFAULT_ICV_LEN, | |
72 | ||
73 | .cak_trfm = ieee802_1x_cak_128bits_aes_cmac, | |
74 | .ckn_trfm = ieee802_1x_ckn_128bits_aes_cmac, | |
75 | .kek_trfm = ieee802_1x_kek_128bits_aes_cmac, | |
76 | .ick_trfm = ieee802_1x_ick_128bits_aes_cmac, | |
77 | .icv_hash = ieee802_1x_icv_128bits_aes_cmac, | |
887d9d01 | 78 | |
8fab9e1c | 79 | .index = 1, |
887d9d01 HW |
80 | }, |
81 | }; | |
82 | #define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl)) | |
83 | ||
84 | ||
85 | static int is_ki_equal(struct ieee802_1x_mka_ki *ki1, | |
86 | struct ieee802_1x_mka_ki *ki2) | |
87 | { | |
88 | return os_memcmp(ki1->mi, ki2->mi, MI_LEN) == 0 && | |
89 | ki1->kn == ki2->kn; | |
90 | } | |
91 | ||
92 | ||
887d9d01 HW |
93 | static void set_mka_param_body_len(void *body, unsigned int len) |
94 | { | |
95 | struct ieee802_1x_mka_hdr *hdr = body; | |
96 | hdr->length = (len >> 8) & 0x0f; | |
97 | hdr->length1 = len & 0xff; | |
98 | } | |
99 | ||
100 | ||
101 | static unsigned int get_mka_param_body_len(const void *body) | |
102 | { | |
103 | const struct ieee802_1x_mka_hdr *hdr = body; | |
104 | return (hdr->length << 8) | hdr->length1; | |
105 | } | |
106 | ||
107 | ||
65b47738 | 108 | static u8 get_mka_param_body_type(const void *body) |
887d9d01 HW |
109 | { |
110 | const struct ieee802_1x_mka_hdr *hdr = body; | |
111 | return hdr->type; | |
112 | } | |
113 | ||
114 | ||
115 | /** | |
116 | * ieee802_1x_mka_dump_basic_body - | |
117 | */ | |
118 | static void | |
119 | ieee802_1x_mka_dump_basic_body(struct ieee802_1x_mka_basic_body *body) | |
120 | { | |
121 | size_t body_len; | |
122 | ||
123 | if (!body) | |
124 | return; | |
125 | ||
126 | body_len = get_mka_param_body_len(body); | |
127 | wpa_printf(MSG_DEBUG, "*** MKA Basic Parameter set ***"); | |
128 | wpa_printf(MSG_DEBUG, "\tVersion.......: %d", body->version); | |
129 | wpa_printf(MSG_DEBUG, "\tPriority......: %d", body->priority); | |
130 | wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server); | |
131 | wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired); | |
2e944898 | 132 | wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capability); |
3ceb4582 | 133 | wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len); |
887d9d01 HW |
134 | wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR, |
135 | MAC2STR(body->actor_sci.addr)); | |
136 | wpa_printf(MSG_DEBUG, "\tSCI Port .....: %d", | |
137 | be_to_host16(body->actor_sci.port)); | |
138 | wpa_hexdump(MSG_DEBUG, "\tMember Id.....:", | |
139 | body->actor_mi, sizeof(body->actor_mi)); | |
140 | wpa_printf(MSG_DEBUG, "\tMessage Number: %d", | |
141 | be_to_host32(body->actor_mn)); | |
142 | wpa_hexdump(MSG_DEBUG, "\tAlgo Agility..:", | |
143 | body->algo_agility, sizeof(body->algo_agility)); | |
144 | wpa_hexdump_ascii(MSG_DEBUG, "\tCAK Name......:", body->ckn, | |
145 | body_len + MKA_HDR_LEN - sizeof(*body)); | |
146 | } | |
147 | ||
148 | ||
149 | /** | |
150 | * ieee802_1x_mka_dump_peer_body - | |
151 | */ | |
152 | static void | |
153 | ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body) | |
154 | { | |
155 | size_t body_len; | |
156 | size_t i; | |
157 | u8 *mi; | |
4e7f5a4a | 158 | be32 mn; |
887d9d01 HW |
159 | |
160 | if (body == NULL) | |
161 | return; | |
162 | ||
163 | body_len = get_mka_param_body_len(body); | |
164 | if (body->type == MKA_LIVE_PEER_LIST) { | |
165 | wpa_printf(MSG_DEBUG, "*** Live Peer List ***"); | |
3ceb4582 | 166 | wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len); |
887d9d01 HW |
167 | } else if (body->type == MKA_POTENTIAL_PEER_LIST) { |
168 | wpa_printf(MSG_DEBUG, "*** Potential Live Peer List ***"); | |
3ceb4582 | 169 | wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len); |
887d9d01 HW |
170 | } |
171 | ||
172 | for (i = 0; i < body_len; i += MI_LEN + sizeof(mn)) { | |
173 | mi = body->peer + i; | |
174 | os_memcpy(&mn, mi + MI_LEN, sizeof(mn)); | |
175 | wpa_hexdump_ascii(MSG_DEBUG, "\tMember Id.....:", mi, MI_LEN); | |
176 | wpa_printf(MSG_DEBUG, "\tMessage Number: %d", be_to_host32(mn)); | |
177 | } | |
178 | } | |
179 | ||
180 | ||
181 | /** | |
182 | * ieee802_1x_mka_dump_dist_sak_body - | |
183 | */ | |
184 | static void | |
185 | ieee802_1x_mka_dump_dist_sak_body(struct ieee802_1x_mka_dist_sak_body *body) | |
186 | { | |
187 | size_t body_len; | |
188 | ||
189 | if (body == NULL) | |
190 | return; | |
191 | ||
192 | body_len = get_mka_param_body_len(body); | |
193 | wpa_printf(MSG_INFO, "*** Distributed SAK ***"); | |
194 | wpa_printf(MSG_INFO, "\tDistributed AN........: %d", body->dan); | |
195 | wpa_printf(MSG_INFO, "\tConfidentiality Offset: %d", | |
196 | body->confid_offset); | |
3ceb4582 | 197 | wpa_printf(MSG_INFO, "\tBody Length...........: %zu", body_len); |
887d9d01 HW |
198 | if (!body_len) |
199 | return; | |
200 | ||
201 | wpa_printf(MSG_INFO, "\tKey Number............: %d", | |
202 | be_to_host32(body->kn)); | |
203 | wpa_hexdump(MSG_INFO, "\tAES Key Wrap of SAK...:", body->sak, 24); | |
204 | } | |
205 | ||
206 | ||
207 | static const char * yes_no(int val) | |
208 | { | |
209 | return val ? "Yes" : "No"; | |
210 | } | |
211 | ||
212 | ||
213 | /** | |
214 | * ieee802_1x_mka_dump_sak_use_body - | |
215 | */ | |
216 | static void | |
217 | ieee802_1x_mka_dump_sak_use_body(struct ieee802_1x_mka_sak_use_body *body) | |
218 | { | |
219 | int body_len; | |
220 | ||
221 | if (body == NULL) | |
222 | return; | |
223 | ||
224 | body_len = get_mka_param_body_len(body); | |
225 | wpa_printf(MSG_DEBUG, "*** MACsec SAK Use ***"); | |
226 | wpa_printf(MSG_DEBUG, "\tLatest Key AN....: %d", body->lan); | |
227 | wpa_printf(MSG_DEBUG, "\tLatest Key Tx....: %s", yes_no(body->ltx)); | |
228 | wpa_printf(MSG_DEBUG, "\tLatest Key Rx....: %s", yes_no(body->lrx)); | |
229 | wpa_printf(MSG_DEBUG, "\tOld Key AN....: %d", body->oan); | |
230 | wpa_printf(MSG_DEBUG, "\tOld Key Tx....: %s", yes_no(body->otx)); | |
231 | wpa_printf(MSG_DEBUG, "\tOld Key Rx....: %s", yes_no(body->orx)); | |
232 | wpa_printf(MSG_DEBUG, "\tPlain Key Tx....: %s", yes_no(body->ptx)); | |
233 | wpa_printf(MSG_DEBUG, "\tPlain Key Rx....: %s", yes_no(body->prx)); | |
234 | wpa_printf(MSG_DEBUG, "\tDelay Protect....: %s", | |
235 | yes_no(body->delay_protect)); | |
236 | wpa_printf(MSG_DEBUG, "\tBody Length......: %d", body_len); | |
237 | if (!body_len) | |
238 | return; | |
239 | ||
240 | wpa_hexdump(MSG_DEBUG, "\tKey Server MI....:", | |
241 | body->lsrv_mi, sizeof(body->lsrv_mi)); | |
242 | wpa_printf(MSG_DEBUG, "\tKey Number.......: %u", | |
243 | be_to_host32(body->lkn)); | |
244 | wpa_printf(MSG_DEBUG, "\tLowest PN........: %u", | |
245 | be_to_host32(body->llpn)); | |
246 | wpa_hexdump_ascii(MSG_DEBUG, "\tOld Key Server MI....:", | |
247 | body->osrv_mi, sizeof(body->osrv_mi)); | |
248 | wpa_printf(MSG_DEBUG, "\tOld Key Number.......: %u", | |
249 | be_to_host32(body->okn)); | |
250 | wpa_printf(MSG_DEBUG, "\tOld Lowest PN........: %u", | |
251 | be_to_host32(body->olpn)); | |
252 | } | |
253 | ||
254 | ||
255 | /** | |
256 | * ieee802_1x_kay_get_participant - | |
257 | */ | |
258 | static struct ieee802_1x_mka_participant * | |
b54b53e6 MS |
259 | ieee802_1x_kay_get_participant(struct ieee802_1x_kay *kay, const u8 *ckn, |
260 | size_t len) | |
887d9d01 HW |
261 | { |
262 | struct ieee802_1x_mka_participant *participant; | |
263 | ||
264 | dl_list_for_each(participant, &kay->participant_list, | |
265 | struct ieee802_1x_mka_participant, list) { | |
b54b53e6 MS |
266 | if (participant->ckn.len == len && |
267 | os_memcmp(participant->ckn.name, ckn, | |
887d9d01 HW |
268 | participant->ckn.len) == 0) |
269 | return participant; | |
270 | } | |
271 | ||
272 | wpa_printf(MSG_DEBUG, "KaY: participant is not found"); | |
273 | ||
274 | return NULL; | |
275 | } | |
276 | ||
277 | ||
278 | /** | |
279 | * ieee802_1x_kay_get_principal_participant - | |
280 | */ | |
281 | static struct ieee802_1x_mka_participant * | |
282 | ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay) | |
283 | { | |
284 | struct ieee802_1x_mka_participant *participant; | |
285 | ||
286 | dl_list_for_each(participant, &kay->participant_list, | |
287 | struct ieee802_1x_mka_participant, list) { | |
288 | if (participant->principal) | |
289 | return participant; | |
290 | } | |
291 | ||
f9ea083b | 292 | wpa_printf(MSG_DEBUG, "KaY: principal participant is not found"); |
887d9d01 HW |
293 | return NULL; |
294 | } | |
295 | ||
296 | ||
297 | static struct ieee802_1x_kay_peer * get_peer_mi(struct dl_list *peers, | |
298 | const u8 *mi) | |
299 | { | |
300 | struct ieee802_1x_kay_peer *peer; | |
301 | ||
302 | dl_list_for_each(peer, peers, struct ieee802_1x_kay_peer, list) { | |
303 | if (os_memcmp(peer->mi, mi, MI_LEN) == 0) | |
304 | return peer; | |
305 | } | |
306 | ||
307 | return NULL; | |
308 | } | |
309 | ||
310 | ||
7c547cff SD |
311 | /** |
312 | * ieee802_1x_kay_get_potential_peer | |
313 | */ | |
314 | static struct ieee802_1x_kay_peer * | |
315 | ieee802_1x_kay_get_potential_peer( | |
316 | struct ieee802_1x_mka_participant *participant, const u8 *mi) | |
317 | { | |
318 | return get_peer_mi(&participant->potential_peers, mi); | |
319 | } | |
320 | ||
321 | ||
322 | /** | |
323 | * ieee802_1x_kay_get_live_peer | |
324 | */ | |
325 | static struct ieee802_1x_kay_peer * | |
326 | ieee802_1x_kay_get_live_peer(struct ieee802_1x_mka_participant *participant, | |
327 | const u8 *mi) | |
328 | { | |
329 | return get_peer_mi(&participant->live_peers, mi); | |
330 | } | |
331 | ||
332 | ||
887d9d01 HW |
333 | /** |
334 | * ieee802_1x_kay_is_in_potential_peer | |
335 | */ | |
336 | static Boolean | |
337 | ieee802_1x_kay_is_in_potential_peer( | |
338 | struct ieee802_1x_mka_participant *participant, const u8 *mi) | |
339 | { | |
7c547cff | 340 | return ieee802_1x_kay_get_potential_peer(participant, mi) != NULL; |
887d9d01 HW |
341 | } |
342 | ||
343 | ||
344 | /** | |
345 | * ieee802_1x_kay_is_in_live_peer | |
346 | */ | |
347 | static Boolean | |
348 | ieee802_1x_kay_is_in_live_peer( | |
349 | struct ieee802_1x_mka_participant *participant, const u8 *mi) | |
350 | { | |
7c547cff | 351 | return ieee802_1x_kay_get_live_peer(participant, mi) != NULL; |
887d9d01 HW |
352 | } |
353 | ||
354 | ||
887d9d01 HW |
355 | /** |
356 | * ieee802_1x_kay_get_peer | |
357 | */ | |
358 | static struct ieee802_1x_kay_peer * | |
359 | ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant, | |
360 | const u8 *mi) | |
361 | { | |
362 | struct ieee802_1x_kay_peer *peer; | |
363 | ||
7c547cff | 364 | peer = ieee802_1x_kay_get_live_peer(participant, mi); |
887d9d01 HW |
365 | if (peer) |
366 | return peer; | |
367 | ||
7c547cff | 368 | return ieee802_1x_kay_get_potential_peer(participant, mi); |
887d9d01 HW |
369 | } |
370 | ||
371 | ||
372 | /** | |
373 | * ieee802_1x_kay_get_cipher_suite | |
374 | */ | |
375 | static struct macsec_ciphersuite * | |
376 | ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant, | |
07a6bfe1 | 377 | const u8 *cs_id) |
887d9d01 HW |
378 | { |
379 | unsigned int i; | |
07a6bfe1 SD |
380 | u64 cs; |
381 | be64 _cs; | |
382 | ||
383 | os_memcpy(&_cs, cs_id, CS_ID_LEN); | |
384 | cs = be_to_host64(_cs); | |
887d9d01 HW |
385 | |
386 | for (i = 0; i < CS_TABLE_SIZE; i++) { | |
07a6bfe1 | 387 | if (cipher_suite_tbl[i].id == cs) |
d9639d1a | 388 | return &cipher_suite_tbl[i]; |
887d9d01 | 389 | } |
887d9d01 | 390 | |
d9639d1a | 391 | return NULL; |
887d9d01 HW |
392 | } |
393 | ||
394 | ||
f014d9db SD |
395 | u64 mka_sci_u64(struct ieee802_1x_mka_sci *sci) |
396 | { | |
397 | struct ieee802_1x_mka_sci tmp; | |
398 | ||
399 | os_memcpy(tmp.addr, sci->addr, ETH_ALEN); | |
400 | tmp.port = sci->port; | |
401 | ||
402 | return *((u64 *) &tmp); | |
403 | } | |
404 | ||
405 | ||
a33e3c32 SD |
406 | static Boolean sci_equal(const struct ieee802_1x_mka_sci *a, |
407 | const struct ieee802_1x_mka_sci *b) | |
408 | { | |
409 | return os_memcmp(a, b, sizeof(struct ieee802_1x_mka_sci)) == 0; | |
410 | } | |
411 | ||
412 | ||
887d9d01 HW |
413 | /** |
414 | * ieee802_1x_kay_get_peer_sci | |
415 | */ | |
416 | static struct ieee802_1x_kay_peer * | |
417 | ieee802_1x_kay_get_peer_sci(struct ieee802_1x_mka_participant *participant, | |
418 | const struct ieee802_1x_mka_sci *sci) | |
419 | { | |
420 | struct ieee802_1x_kay_peer *peer; | |
421 | ||
422 | dl_list_for_each(peer, &participant->live_peers, | |
423 | struct ieee802_1x_kay_peer, list) { | |
a33e3c32 | 424 | if (sci_equal(&peer->sci, sci)) |
887d9d01 HW |
425 | return peer; |
426 | } | |
427 | ||
428 | dl_list_for_each(peer, &participant->potential_peers, | |
429 | struct ieee802_1x_kay_peer, list) { | |
a33e3c32 | 430 | if (sci_equal(&peer->sci, sci)) |
887d9d01 HW |
431 | return peer; |
432 | } | |
433 | ||
434 | return NULL; | |
435 | } | |
436 | ||
437 | ||
99b82bf5 SD |
438 | static void ieee802_1x_kay_use_data_key(struct data_key *pkey); |
439 | ||
887d9d01 HW |
440 | /** |
441 | * ieee802_1x_kay_init_receive_sa - | |
442 | */ | |
443 | static struct receive_sa * | |
444 | ieee802_1x_kay_init_receive_sa(struct receive_sc *psc, u8 an, u32 lowest_pn, | |
445 | struct data_key *key) | |
446 | { | |
447 | struct receive_sa *psa; | |
448 | ||
449 | if (!psc || !key) | |
450 | return NULL; | |
451 | ||
452 | psa = os_zalloc(sizeof(*psa)); | |
453 | if (!psa) { | |
454 | wpa_printf(MSG_ERROR, "%s: out of memory", __func__); | |
455 | return NULL; | |
456 | } | |
457 | ||
99b82bf5 | 458 | ieee802_1x_kay_use_data_key(key); |
887d9d01 HW |
459 | psa->pkey = key; |
460 | psa->lowest_pn = lowest_pn; | |
461 | psa->next_pn = lowest_pn; | |
462 | psa->an = an; | |
463 | psa->sc = psc; | |
464 | ||
465 | os_get_time(&psa->created_time); | |
466 | psa->in_use = FALSE; | |
467 | ||
468 | dl_list_add(&psc->sa_list, &psa->list); | |
469 | wpa_printf(MSG_DEBUG, | |
6f551abd SD |
470 | "KaY: Create receive SA(AN: %hhu lowest_pn: %u of SC", |
471 | an, lowest_pn); | |
887d9d01 HW |
472 | |
473 | return psa; | |
474 | } | |
475 | ||
476 | ||
99b82bf5 SD |
477 | static void ieee802_1x_kay_deinit_data_key(struct data_key *pkey); |
478 | ||
887d9d01 HW |
479 | /** |
480 | * ieee802_1x_kay_deinit_receive_sa - | |
481 | */ | |
482 | static void ieee802_1x_kay_deinit_receive_sa(struct receive_sa *psa) | |
483 | { | |
99b82bf5 | 484 | ieee802_1x_kay_deinit_data_key(psa->pkey); |
887d9d01 HW |
485 | psa->pkey = NULL; |
486 | wpa_printf(MSG_DEBUG, | |
3ceb4582 SD |
487 | "KaY: Delete receive SA(an: %hhu) of SC", |
488 | psa->an); | |
887d9d01 HW |
489 | dl_list_del(&psa->list); |
490 | os_free(psa); | |
491 | } | |
492 | ||
493 | ||
494 | /** | |
495 | * ieee802_1x_kay_init_receive_sc - | |
496 | */ | |
497 | static struct receive_sc * | |
6f551abd | 498 | ieee802_1x_kay_init_receive_sc(const struct ieee802_1x_mka_sci *psci) |
887d9d01 HW |
499 | { |
500 | struct receive_sc *psc; | |
501 | ||
502 | if (!psci) | |
503 | return NULL; | |
504 | ||
505 | psc = os_zalloc(sizeof(*psc)); | |
506 | if (!psc) { | |
507 | wpa_printf(MSG_ERROR, "%s: out of memory", __func__); | |
508 | return NULL; | |
509 | } | |
510 | ||
511 | os_memcpy(&psc->sci, psci, sizeof(psc->sci)); | |
887d9d01 HW |
512 | |
513 | os_get_time(&psc->created_time); | |
514 | psc->receiving = FALSE; | |
515 | ||
516 | dl_list_init(&psc->sa_list); | |
6f551abd | 517 | wpa_printf(MSG_DEBUG, "KaY: Create receive SC"); |
887d9d01 HW |
518 | wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)psci, sizeof(*psci)); |
519 | ||
520 | return psc; | |
521 | } | |
522 | ||
523 | ||
23c3528a SD |
524 | static void ieee802_1x_delete_receive_sa(struct ieee802_1x_kay *kay, |
525 | struct receive_sa *sa) | |
526 | { | |
527 | secy_disable_receive_sa(kay, sa); | |
528 | secy_delete_receive_sa(kay, sa); | |
529 | ieee802_1x_kay_deinit_receive_sa(sa); | |
530 | } | |
531 | ||
532 | ||
887d9d01 HW |
533 | /** |
534 | * ieee802_1x_kay_deinit_receive_sc - | |
535 | **/ | |
536 | static void | |
537 | ieee802_1x_kay_deinit_receive_sc( | |
538 | struct ieee802_1x_mka_participant *participant, struct receive_sc *psc) | |
539 | { | |
540 | struct receive_sa *psa, *pre_sa; | |
541 | ||
6f551abd | 542 | wpa_printf(MSG_DEBUG, "KaY: Delete receive SC"); |
887d9d01 | 543 | dl_list_for_each_safe(psa, pre_sa, &psc->sa_list, struct receive_sa, |
23c3528a SD |
544 | list) |
545 | ieee802_1x_delete_receive_sa(participant->kay, psa); | |
546 | ||
887d9d01 | 547 | dl_list_del(&psc->list); |
529d6ed7 | 548 | secy_delete_receive_sc(participant->kay, psc); |
887d9d01 HW |
549 | os_free(psc); |
550 | } | |
551 | ||
552 | ||
1de7a9f8 SD |
553 | static void ieee802_1x_kay_dump_peer(struct ieee802_1x_kay_peer *peer) |
554 | { | |
555 | wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi)); | |
556 | wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn); | |
557 | wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN); | |
558 | wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port); | |
559 | } | |
560 | ||
561 | ||
887d9d01 | 562 | static struct ieee802_1x_kay_peer * |
1de7a9f8 | 563 | ieee802_1x_kay_create_peer(const u8 *mi, u32 mn) |
887d9d01 HW |
564 | { |
565 | struct ieee802_1x_kay_peer *peer; | |
887d9d01 HW |
566 | |
567 | peer = os_zalloc(sizeof(*peer)); | |
1de7a9f8 | 568 | if (!peer) { |
887d9d01 HW |
569 | wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__); |
570 | return NULL; | |
571 | } | |
572 | ||
573 | os_memcpy(peer->mi, mi, MI_LEN); | |
574 | peer->mn = mn; | |
575 | peer->expire = time(NULL) + MKA_LIFE_TIME / 1000; | |
576 | peer->sak_used = FALSE; | |
e4ae284b | 577 | peer->missing_sak_use_count = 0; |
1de7a9f8 SD |
578 | |
579 | return peer; | |
580 | } | |
581 | ||
582 | ||
583 | /** | |
584 | * ieee802_1x_kay_create_live_peer | |
585 | */ | |
586 | static struct ieee802_1x_kay_peer * | |
587 | ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant, | |
588 | const u8 *mi, u32 mn) | |
589 | { | |
590 | struct ieee802_1x_kay_peer *peer; | |
591 | struct receive_sc *rxsc; | |
1de7a9f8 SD |
592 | |
593 | peer = ieee802_1x_kay_create_peer(mi, mn); | |
594 | if (!peer) | |
595 | return NULL; | |
596 | ||
887d9d01 HW |
597 | os_memcpy(&peer->sci, &participant->current_peer_sci, |
598 | sizeof(peer->sci)); | |
887d9d01 | 599 | |
6f551abd | 600 | rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci); |
71dc7890 SD |
601 | if (!rxsc) { |
602 | os_free(peer); | |
887d9d01 | 603 | return NULL; |
71dc7890 | 604 | } |
887d9d01 | 605 | |
71dc7890 | 606 | dl_list_add(&participant->live_peers, &peer->list); |
887d9d01 HW |
607 | dl_list_add(&participant->rxsc_list, &rxsc->list); |
608 | secy_create_receive_sc(participant->kay, rxsc); | |
609 | ||
610 | wpa_printf(MSG_DEBUG, "KaY: Live peer created"); | |
1de7a9f8 | 611 | ieee802_1x_kay_dump_peer(peer); |
887d9d01 HW |
612 | |
613 | return peer; | |
614 | } | |
615 | ||
616 | ||
617 | /** | |
618 | * ieee802_1x_kay_create_potential_peer | |
619 | */ | |
620 | static struct ieee802_1x_kay_peer * | |
621 | ieee802_1x_kay_create_potential_peer( | |
622 | struct ieee802_1x_mka_participant *participant, const u8 *mi, u32 mn) | |
623 | { | |
624 | struct ieee802_1x_kay_peer *peer; | |
625 | ||
1de7a9f8 SD |
626 | peer = ieee802_1x_kay_create_peer(mi, mn); |
627 | if (!peer) | |
887d9d01 | 628 | return NULL; |
887d9d01 HW |
629 | |
630 | dl_list_add(&participant->potential_peers, &peer->list); | |
631 | ||
632 | wpa_printf(MSG_DEBUG, "KaY: potential peer created"); | |
1de7a9f8 | 633 | ieee802_1x_kay_dump_peer(peer); |
887d9d01 HW |
634 | |
635 | return peer; | |
636 | } | |
637 | ||
638 | ||
639 | /** | |
640 | * ieee802_1x_kay_move_live_peer | |
641 | */ | |
642 | static struct ieee802_1x_kay_peer * | |
643 | ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant, | |
644 | u8 *mi, u32 mn) | |
645 | { | |
646 | struct ieee802_1x_kay_peer *peer; | |
647 | struct receive_sc *rxsc; | |
887d9d01 | 648 | |
7c547cff | 649 | peer = ieee802_1x_kay_get_potential_peer(participant, mi); |
9f894823 RR |
650 | if (!peer) |
651 | return NULL; | |
887d9d01 | 652 | |
6f551abd | 653 | rxsc = ieee802_1x_kay_init_receive_sc(&participant->current_peer_sci); |
90bff0e2 SD |
654 | if (!rxsc) |
655 | return NULL; | |
656 | ||
887d9d01 HW |
657 | os_memcpy(&peer->sci, &participant->current_peer_sci, |
658 | sizeof(peer->sci)); | |
659 | peer->mn = mn; | |
660 | peer->expire = time(NULL) + MKA_LIFE_TIME / 1000; | |
661 | ||
662 | wpa_printf(MSG_DEBUG, "KaY: move potential peer to live peer"); | |
1de7a9f8 | 663 | ieee802_1x_kay_dump_peer(peer); |
887d9d01 HW |
664 | |
665 | dl_list_del(&peer->list); | |
666 | dl_list_add_tail(&participant->live_peers, &peer->list); | |
667 | ||
887d9d01 HW |
668 | dl_list_add(&participant->rxsc_list, &rxsc->list); |
669 | secy_create_receive_sc(participant->kay, rxsc); | |
670 | ||
671 | return peer; | |
672 | } | |
673 | ||
674 | ||
675 | ||
676 | /** | |
677 | * ieee802_1x_mka_basic_body_present - | |
678 | */ | |
679 | static Boolean | |
680 | ieee802_1x_mka_basic_body_present( | |
681 | struct ieee802_1x_mka_participant *participant) | |
682 | { | |
683 | return TRUE; | |
684 | } | |
685 | ||
686 | ||
687 | /** | |
688 | * ieee802_1x_mka_basic_body_length - | |
689 | */ | |
690 | static int | |
691 | ieee802_1x_mka_basic_body_length(struct ieee802_1x_mka_participant *participant) | |
692 | { | |
693 | int length; | |
694 | ||
695 | length = sizeof(struct ieee802_1x_mka_basic_body); | |
696 | length += participant->ckn.len; | |
d4f668fd | 697 | return MKA_ALIGN_LENGTH(length); |
887d9d01 HW |
698 | } |
699 | ||
700 | ||
701 | /** | |
702 | * ieee802_1x_mka_encode_basic_body | |
703 | */ | |
704 | static int | |
705 | ieee802_1x_mka_encode_basic_body( | |
706 | struct ieee802_1x_mka_participant *participant, | |
707 | struct wpabuf *buf) | |
708 | { | |
709 | struct ieee802_1x_mka_basic_body *body; | |
710 | struct ieee802_1x_kay *kay = participant->kay; | |
61127f16 | 711 | unsigned int length = sizeof(struct ieee802_1x_mka_basic_body); |
887d9d01 | 712 | |
61127f16 MB |
713 | length += participant->ckn.len; |
714 | body = wpabuf_put(buf, MKA_ALIGN_LENGTH(length)); | |
887d9d01 HW |
715 | |
716 | body->version = kay->mka_version; | |
717 | body->priority = kay->actor_priority; | |
718 | if (participant->is_elected) | |
719 | body->key_server = participant->is_key_server; | |
720 | else | |
721 | body->key_server = participant->can_be_key_server; | |
722 | ||
723 | body->macsec_desired = kay->macsec_desired; | |
2e944898 | 724 | body->macsec_capability = kay->macsec_capable; |
887d9d01 HW |
725 | set_mka_param_body_len(body, length - MKA_HDR_LEN); |
726 | ||
727 | os_memcpy(body->actor_sci.addr, kay->actor_sci.addr, | |
728 | sizeof(kay->actor_sci.addr)); | |
ce256b4a | 729 | body->actor_sci.port = kay->actor_sci.port; |
887d9d01 HW |
730 | |
731 | os_memcpy(body->actor_mi, participant->mi, sizeof(body->actor_mi)); | |
732 | participant->mn = participant->mn + 1; | |
733 | body->actor_mn = host_to_be32(participant->mn); | |
87b19c8d | 734 | os_memcpy(body->algo_agility, kay->algo_agility, |
887d9d01 HW |
735 | sizeof(body->algo_agility)); |
736 | ||
737 | os_memcpy(body->ckn, participant->ckn.name, participant->ckn.len); | |
738 | ||
739 | ieee802_1x_mka_dump_basic_body(body); | |
740 | ||
741 | return 0; | |
742 | } | |
743 | ||
744 | ||
2b13bcad SD |
745 | static Boolean |
746 | reset_participant_mi(struct ieee802_1x_mka_participant *participant) | |
747 | { | |
748 | if (os_get_random(participant->mi, sizeof(participant->mi)) < 0) | |
749 | return FALSE; | |
750 | participant->mn = 0; | |
751 | ||
752 | return TRUE; | |
753 | } | |
754 | ||
755 | ||
887d9d01 HW |
756 | /** |
757 | * ieee802_1x_mka_decode_basic_body - | |
758 | */ | |
759 | static struct ieee802_1x_mka_participant * | |
760 | ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg, | |
761 | size_t msg_len) | |
762 | { | |
763 | struct ieee802_1x_mka_participant *participant; | |
764 | const struct ieee802_1x_mka_basic_body *body; | |
765 | struct ieee802_1x_kay_peer *peer; | |
b54b53e6 MS |
766 | size_t ckn_len; |
767 | size_t body_len; | |
887d9d01 HW |
768 | |
769 | body = (const struct ieee802_1x_mka_basic_body *) mka_msg; | |
770 | ||
771 | if (body->version > MKA_VERSION_ID) { | |
772 | wpa_printf(MSG_DEBUG, | |
773 | "KaY: peer's version(%d) greater than mka current version(%d)", | |
774 | body->version, MKA_VERSION_ID); | |
775 | } | |
776 | if (kay->is_obliged_key_server && body->key_server) { | |
777 | wpa_printf(MSG_DEBUG, "I must be as key server"); | |
778 | return NULL; | |
779 | } | |
780 | ||
b54b53e6 MS |
781 | body_len = get_mka_param_body_len(body); |
782 | if (body_len < sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN) { | |
783 | wpa_printf(MSG_DEBUG, "KaY: Too small body length %zu", | |
784 | body_len); | |
785 | return NULL; | |
786 | } | |
787 | ckn_len = body_len - | |
788 | (sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN); | |
789 | participant = ieee802_1x_kay_get_participant(kay, body->ckn, ckn_len); | |
887d9d01 HW |
790 | if (!participant) { |
791 | wpa_printf(MSG_DEBUG, "Peer is not included in my CA"); | |
792 | return NULL; | |
793 | } | |
794 | ||
795 | /* If the peer's MI is my MI, I will choose new MI */ | |
796 | if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) { | |
2b13bcad | 797 | if (!reset_participant_mi(participant)) |
533d7fb7 | 798 | return NULL; |
887d9d01 HW |
799 | } |
800 | ||
801 | os_memcpy(participant->current_peer_id.mi, body->actor_mi, MI_LEN); | |
4874b782 | 802 | participant->current_peer_id.mn = body->actor_mn; |
887d9d01 HW |
803 | os_memcpy(participant->current_peer_sci.addr, body->actor_sci.addr, |
804 | sizeof(participant->current_peer_sci.addr)); | |
ce256b4a | 805 | participant->current_peer_sci.port = body->actor_sci.port; |
887d9d01 HW |
806 | |
807 | /* handler peer */ | |
808 | peer = ieee802_1x_kay_get_peer(participant, body->actor_mi); | |
809 | if (!peer) { | |
bab1d0d3 MS |
810 | /* Check duplicated SCI |
811 | * | |
812 | * A duplicated SCI indicates either an active attacker or | |
813 | * a valid peer whose MI is being changed. The latter scenario | |
814 | * is more likely because to have gotten this far the received | |
815 | * MKPDU must have had a valid ICV, indicating the peer holds | |
816 | * the same CAK as our participant. | |
817 | * | |
818 | * Before creating a new peer object for the new MI we must | |
819 | * clean up the resources (SCs and SAs) associated with the | |
820 | * old peer. An easy way to do this is to ignore MKPDUs with | |
821 | * the new MI's for now and just wait for the old peer to | |
822 | * time out and clean itself up (within MKA_LIFE_TIME). | |
823 | * | |
824 | * This method is preferable to deleting the old peer here | |
825 | * and now and continuing on with processing because if this | |
826 | * MKPDU is from an attacker it's better to ignore the MKPDU | |
827 | * than to process it (and delete a valid peer as well). | |
887d9d01 HW |
828 | */ |
829 | peer = ieee802_1x_kay_get_peer_sci(participant, | |
830 | &body->actor_sci); | |
831 | if (peer) { | |
832 | wpa_printf(MSG_WARNING, | |
bab1d0d3 MS |
833 | "KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU"); |
834 | return NULL; | |
887d9d01 HW |
835 | } |
836 | ||
837 | peer = ieee802_1x_kay_create_potential_peer( | |
838 | participant, body->actor_mi, | |
839 | be_to_host32(body->actor_mn)); | |
840 | if (!peer) | |
841 | return NULL; | |
842 | ||
843 | peer->macsec_desired = body->macsec_desired; | |
2e944898 | 844 | peer->macsec_capability = body->macsec_capability; |
887d9d01 HW |
845 | peer->is_key_server = (Boolean) body->key_server; |
846 | peer->key_server_priority = body->priority; | |
847 | } else if (peer->mn < be_to_host32(body->actor_mn)) { | |
848 | peer->mn = be_to_host32(body->actor_mn); | |
887d9d01 | 849 | peer->macsec_desired = body->macsec_desired; |
2e944898 | 850 | peer->macsec_capability = body->macsec_capability; |
887d9d01 HW |
851 | peer->is_key_server = (Boolean) body->key_server; |
852 | peer->key_server_priority = body->priority; | |
853 | } else { | |
854 | wpa_printf(MSG_WARNING, "KaY: The peer MN have received"); | |
855 | return NULL; | |
856 | } | |
857 | ||
858 | return participant; | |
859 | } | |
860 | ||
861 | ||
862 | /** | |
863 | * ieee802_1x_mka_live_peer_body_present | |
864 | */ | |
865 | static Boolean | |
866 | ieee802_1x_mka_live_peer_body_present( | |
867 | struct ieee802_1x_mka_participant *participant) | |
868 | { | |
869 | return !dl_list_empty(&participant->live_peers); | |
870 | } | |
871 | ||
872 | ||
873 | /** | |
874 | * ieee802_1x_kay_get_live_peer_length | |
875 | */ | |
876 | static int | |
877 | ieee802_1x_mka_get_live_peer_length( | |
878 | struct ieee802_1x_mka_participant *participant) | |
879 | { | |
880 | int len = MKA_HDR_LEN; | |
881 | struct ieee802_1x_kay_peer *peer; | |
882 | ||
883 | dl_list_for_each(peer, &participant->live_peers, | |
884 | struct ieee802_1x_kay_peer, list) | |
885 | len += sizeof(struct ieee802_1x_mka_peer_id); | |
886 | ||
d4f668fd | 887 | return MKA_ALIGN_LENGTH(len); |
887d9d01 HW |
888 | } |
889 | ||
890 | ||
891 | /** | |
892 | * ieee802_1x_mka_encode_live_peer_body - | |
893 | */ | |
894 | static int | |
895 | ieee802_1x_mka_encode_live_peer_body( | |
896 | struct ieee802_1x_mka_participant *participant, | |
897 | struct wpabuf *buf) | |
898 | { | |
899 | struct ieee802_1x_mka_peer_body *body; | |
900 | struct ieee802_1x_kay_peer *peer; | |
901 | unsigned int length; | |
902 | struct ieee802_1x_mka_peer_id *body_peer; | |
903 | ||
904 | length = ieee802_1x_mka_get_live_peer_length(participant); | |
905 | body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body)); | |
906 | ||
907 | body->type = MKA_LIVE_PEER_LIST; | |
908 | set_mka_param_body_len(body, length - MKA_HDR_LEN); | |
909 | ||
910 | dl_list_for_each(peer, &participant->live_peers, | |
911 | struct ieee802_1x_kay_peer, list) { | |
912 | body_peer = wpabuf_put(buf, | |
913 | sizeof(struct ieee802_1x_mka_peer_id)); | |
914 | os_memcpy(body_peer->mi, peer->mi, MI_LEN); | |
915 | body_peer->mn = host_to_be32(peer->mn); | |
887d9d01 HW |
916 | } |
917 | ||
918 | ieee802_1x_mka_dump_peer_body(body); | |
919 | return 0; | |
920 | } | |
921 | ||
922 | /** | |
923 | * ieee802_1x_mka_potential_peer_body_present | |
924 | */ | |
925 | static Boolean | |
926 | ieee802_1x_mka_potential_peer_body_present( | |
927 | struct ieee802_1x_mka_participant *participant) | |
928 | { | |
929 | return !dl_list_empty(&participant->potential_peers); | |
930 | } | |
931 | ||
932 | ||
933 | /** | |
934 | * ieee802_1x_kay_get_potential_peer_length | |
935 | */ | |
936 | static int | |
937 | ieee802_1x_mka_get_potential_peer_length( | |
938 | struct ieee802_1x_mka_participant *participant) | |
939 | { | |
940 | int len = MKA_HDR_LEN; | |
941 | struct ieee802_1x_kay_peer *peer; | |
942 | ||
943 | dl_list_for_each(peer, &participant->potential_peers, | |
944 | struct ieee802_1x_kay_peer, list) | |
945 | len += sizeof(struct ieee802_1x_mka_peer_id); | |
946 | ||
d4f668fd | 947 | return MKA_ALIGN_LENGTH(len); |
887d9d01 HW |
948 | } |
949 | ||
950 | ||
951 | /** | |
952 | * ieee802_1x_mka_encode_potential_peer_body - | |
953 | */ | |
954 | static int | |
955 | ieee802_1x_mka_encode_potential_peer_body( | |
956 | struct ieee802_1x_mka_participant *participant, | |
957 | struct wpabuf *buf) | |
958 | { | |
959 | struct ieee802_1x_mka_peer_body *body; | |
960 | struct ieee802_1x_kay_peer *peer; | |
961 | unsigned int length; | |
962 | struct ieee802_1x_mka_peer_id *body_peer; | |
963 | ||
964 | length = ieee802_1x_mka_get_potential_peer_length(participant); | |
965 | body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body)); | |
966 | ||
967 | body->type = MKA_POTENTIAL_PEER_LIST; | |
968 | set_mka_param_body_len(body, length - MKA_HDR_LEN); | |
969 | ||
970 | dl_list_for_each(peer, &participant->potential_peers, | |
971 | struct ieee802_1x_kay_peer, list) { | |
972 | body_peer = wpabuf_put(buf, | |
973 | sizeof(struct ieee802_1x_mka_peer_id)); | |
974 | os_memcpy(body_peer->mi, peer->mi, MI_LEN); | |
975 | body_peer->mn = host_to_be32(peer->mn); | |
887d9d01 HW |
976 | } |
977 | ||
978 | ieee802_1x_mka_dump_peer_body(body); | |
979 | return 0; | |
980 | } | |
981 | ||
982 | ||
983 | /** | |
984 | * ieee802_1x_mka_i_in_peerlist - | |
985 | */ | |
986 | static Boolean | |
987 | ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant, | |
988 | const u8 *mka_msg, size_t msg_len) | |
989 | { | |
887d9d01 HW |
990 | struct ieee802_1x_mka_hdr *hdr; |
991 | size_t body_len; | |
992 | size_t left_len; | |
65b47738 | 993 | u8 body_type; |
887d9d01 HW |
994 | const u8 *pos; |
995 | size_t i; | |
996 | ||
b3df7836 SD |
997 | for (pos = mka_msg, left_len = msg_len; |
998 | left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN; | |
61127f16 MB |
999 | left_len -= MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN, |
1000 | pos += MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN) { | |
887d9d01 HW |
1001 | hdr = (struct ieee802_1x_mka_hdr *) pos; |
1002 | body_len = get_mka_param_body_len(hdr); | |
1003 | body_type = get_mka_param_body_type(hdr); | |
1004 | ||
0ad5893a | 1005 | if (left_len < (MKA_HDR_LEN + MKA_ALIGN_LENGTH(body_len) + DEFAULT_ICV_LEN)) { |
887d9d01 | 1006 | wpa_printf(MSG_ERROR, |
3ceb4582 SD |
1007 | "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV", |
1008 | left_len, MKA_HDR_LEN, | |
0ad5893a MB |
1009 | MKA_ALIGN_LENGTH(body_len), |
1010 | DEFAULT_ICV_LEN); | |
1011 | return FALSE; | |
887d9d01 HW |
1012 | } |
1013 | ||
0ad5893a MB |
1014 | if (body_type != MKA_LIVE_PEER_LIST && |
1015 | body_type != MKA_POTENTIAL_PEER_LIST) | |
1016 | continue; | |
1017 | ||
887d9d01 HW |
1018 | if ((body_len % 16) != 0) { |
1019 | wpa_printf(MSG_ERROR, | |
3ceb4582 SD |
1020 | "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets", |
1021 | body_len); | |
b3df7836 | 1022 | continue; |
887d9d01 HW |
1023 | } |
1024 | ||
0ad5893a MB |
1025 | ieee802_1x_mka_dump_peer_body( |
1026 | (struct ieee802_1x_mka_peer_body *)pos); | |
1027 | ||
b3df7836 SD |
1028 | for (i = 0; i < body_len; |
1029 | i += sizeof(struct ieee802_1x_mka_peer_id)) { | |
1030 | const struct ieee802_1x_mka_peer_id *peer_mi; | |
887d9d01 | 1031 | |
b3df7836 SD |
1032 | peer_mi = (const struct ieee802_1x_mka_peer_id *) |
1033 | (pos + MKA_HDR_LEN + i); | |
1034 | if (os_memcmp(peer_mi->mi, participant->mi, | |
1035 | MI_LEN) == 0 && | |
1036 | be_to_host32(peer_mi->mn) == participant->mn) | |
1037 | return TRUE; | |
1038 | } | |
887d9d01 HW |
1039 | } |
1040 | ||
1041 | return FALSE; | |
1042 | } | |
1043 | ||
1044 | ||
1045 | /** | |
1046 | * ieee802_1x_mka_decode_live_peer_body - | |
1047 | */ | |
1048 | static int ieee802_1x_mka_decode_live_peer_body( | |
1049 | struct ieee802_1x_mka_participant *participant, | |
1050 | const u8 *peer_msg, size_t msg_len) | |
1051 | { | |
1052 | const struct ieee802_1x_mka_hdr *hdr; | |
1053 | struct ieee802_1x_kay_peer *peer; | |
1054 | size_t body_len; | |
887d9d01 HW |
1055 | size_t i; |
1056 | Boolean is_included; | |
1057 | ||
1058 | is_included = ieee802_1x_kay_is_in_live_peer( | |
1059 | participant, participant->current_peer_id.mi); | |
1060 | ||
1061 | hdr = (const struct ieee802_1x_mka_hdr *) peer_msg; | |
1062 | body_len = get_mka_param_body_len(hdr); | |
d68b73cf SD |
1063 | if (body_len % 16 != 0) { |
1064 | wpa_printf(MSG_ERROR, | |
1065 | "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets", | |
1066 | body_len); | |
1067 | return -1; | |
1068 | } | |
887d9d01 | 1069 | |
b3df7836 SD |
1070 | for (i = 0; i < body_len; i += sizeof(struct ieee802_1x_mka_peer_id)) { |
1071 | const struct ieee802_1x_mka_peer_id *peer_mi; | |
1072 | u32 peer_mn; | |
1073 | ||
1074 | peer_mi = (const struct ieee802_1x_mka_peer_id *) | |
1075 | (peer_msg + MKA_HDR_LEN + i); | |
1076 | peer_mn = be_to_host32(peer_mi->mn); | |
887d9d01 HW |
1077 | |
1078 | /* it is myself */ | |
1079 | if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) { | |
1080 | /* My message id is used by other participant */ | |
2b13bcad SD |
1081 | if (peer_mn > participant->mn && |
1082 | !reset_participant_mi(participant)) | |
1083 | wpa_printf(MSG_DEBUG, "KaY: Could not update mi"); | |
887d9d01 HW |
1084 | continue; |
1085 | } | |
b3df7836 | 1086 | |
887d9d01 HW |
1087 | if (!is_included) |
1088 | continue; | |
1089 | ||
b3df7836 SD |
1090 | peer = ieee802_1x_kay_get_peer(participant, peer_mi->mi); |
1091 | if (peer) { | |
887d9d01 | 1092 | peer->mn = peer_mn; |
b3df7836 SD |
1093 | } else if (!ieee802_1x_kay_create_potential_peer( |
1094 | participant, peer_mi->mi, peer_mn)) { | |
1095 | return -1; | |
887d9d01 HW |
1096 | } |
1097 | } | |
1098 | ||
1099 | return 0; | |
1100 | } | |
1101 | ||
1102 | ||
1103 | /** | |
1104 | * ieee802_1x_mka_decode_potential_peer_body - | |
1105 | */ | |
1106 | static int | |
1107 | ieee802_1x_mka_decode_potential_peer_body( | |
1108 | struct ieee802_1x_mka_participant *participant, | |
1109 | const u8 *peer_msg, size_t msg_len) | |
1110 | { | |
46bbda2b | 1111 | const struct ieee802_1x_mka_hdr *hdr; |
887d9d01 | 1112 | size_t body_len; |
887d9d01 HW |
1113 | size_t i; |
1114 | ||
46bbda2b | 1115 | hdr = (const struct ieee802_1x_mka_hdr *) peer_msg; |
887d9d01 | 1116 | body_len = get_mka_param_body_len(hdr); |
d68b73cf SD |
1117 | if (body_len % 16 != 0) { |
1118 | wpa_printf(MSG_ERROR, | |
1119 | "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets", | |
1120 | body_len); | |
1121 | return -1; | |
1122 | } | |
887d9d01 | 1123 | |
46bbda2b SD |
1124 | for (i = 0; i < body_len; i += sizeof(struct ieee802_1x_mka_peer_id)) { |
1125 | const struct ieee802_1x_mka_peer_id *peer_mi; | |
1126 | u32 peer_mn; | |
1127 | ||
1128 | peer_mi = (struct ieee802_1x_mka_peer_id *) | |
1129 | (peer_msg + MKA_HDR_LEN + i); | |
1130 | peer_mn = be_to_host32(peer_mi->mn); | |
887d9d01 HW |
1131 | |
1132 | /* it is myself */ | |
1133 | if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) { | |
1134 | /* My message id is used by other participant */ | |
2b13bcad SD |
1135 | if (peer_mn > participant->mn && |
1136 | !reset_participant_mi(participant)) | |
1137 | wpa_printf(MSG_DEBUG, "KaY: Could not update mi"); | |
887d9d01 HW |
1138 | continue; |
1139 | } | |
1140 | } | |
1141 | ||
1142 | return 0; | |
1143 | } | |
1144 | ||
1145 | ||
1146 | /** | |
1147 | * ieee802_1x_mka_sak_use_body_present | |
1148 | */ | |
1149 | static Boolean | |
1150 | ieee802_1x_mka_sak_use_body_present( | |
1151 | struct ieee802_1x_mka_participant *participant) | |
1152 | { | |
8b4a1488 | 1153 | return participant->to_use_sak; |
887d9d01 HW |
1154 | } |
1155 | ||
1156 | ||
1157 | /** | |
1158 | * ieee802_1x_mka_get_sak_use_length | |
1159 | */ | |
1160 | static int | |
1161 | ieee802_1x_mka_get_sak_use_length( | |
1162 | struct ieee802_1x_mka_participant *participant) | |
1163 | { | |
1164 | int length = MKA_HDR_LEN; | |
1165 | ||
1166 | if (participant->kay->macsec_desired && participant->advised_desired) | |
1167 | length = sizeof(struct ieee802_1x_mka_sak_use_body); | |
887d9d01 | 1168 | |
d4f668fd | 1169 | return MKA_ALIGN_LENGTH(length); |
887d9d01 HW |
1170 | } |
1171 | ||
1172 | ||
1173 | /** | |
2fc06756 | 1174 | * ieee802_1x_mka_get_lpn |
887d9d01 HW |
1175 | */ |
1176 | static u32 | |
1177 | ieee802_1x_mka_get_lpn(struct ieee802_1x_mka_participant *principal, | |
1178 | struct ieee802_1x_mka_ki *ki) | |
1179 | { | |
2fc06756 | 1180 | struct transmit_sa *txsa; |
887d9d01 HW |
1181 | u32 lpn = 0; |
1182 | ||
2fc06756 MS |
1183 | dl_list_for_each(txsa, &principal->txsc->sa_list, |
1184 | struct transmit_sa, list) { | |
1185 | if (is_ki_equal(&txsa->pkey->key_identifier, ki)) { | |
1186 | /* Per IEEE Std 802.1X-2010, Clause 9, "Each SecY uses | |
1187 | * MKA to communicate the lowest PN used for | |
1188 | * transmission with the SAK within the last two | |
1189 | * seconds". Achieve this 2 second delay by setting the | |
1190 | * lpn using the transmit next PN (i.e., txsa->next_pn) | |
1191 | * that was read last time here (i.e., mka_hello_time | |
1192 | * 2 seconds ago). | |
1193 | * | |
1194 | * The lowest acceptable PN is the same as the last | |
1195 | * transmitted PN, which is one less than the next | |
1196 | * transmit PN. | |
1197 | * | |
1198 | * NOTE: This method only works if mka_hello_time is 2s. | |
1199 | */ | |
1200 | lpn = (txsa->next_pn > 0) ? (txsa->next_pn - 1) : 0; | |
1201 | ||
1202 | /* Now read the current transmit next PN for use next | |
1203 | * time through. */ | |
1204 | secy_get_transmit_next_pn(principal->kay, txsa); | |
1205 | break; | |
887d9d01 HW |
1206 | } |
1207 | } | |
1208 | ||
1209 | if (lpn == 0) | |
1210 | lpn = 1; | |
1211 | ||
1212 | return lpn; | |
1213 | } | |
1214 | ||
1215 | ||
1216 | /** | |
1217 | * ieee802_1x_mka_encode_sak_use_body - | |
1218 | */ | |
1219 | static int | |
1220 | ieee802_1x_mka_encode_sak_use_body( | |
1221 | struct ieee802_1x_mka_participant *participant, | |
1222 | struct wpabuf *buf) | |
1223 | { | |
1224 | struct ieee802_1x_mka_sak_use_body *body; | |
87b19c8d | 1225 | struct ieee802_1x_kay *kay = participant->kay; |
887d9d01 HW |
1226 | unsigned int length; |
1227 | u32 pn = 1; | |
1228 | ||
1229 | length = ieee802_1x_mka_get_sak_use_length(participant); | |
12447457 | 1230 | body = wpabuf_put(buf, length); |
887d9d01 HW |
1231 | |
1232 | body->type = MKA_SAK_USE; | |
1233 | set_mka_param_body_len(body, length - MKA_HDR_LEN); | |
1234 | ||
1235 | if (length == MKA_HDR_LEN) { | |
1236 | body->ptx = TRUE; | |
1237 | body->prx = TRUE; | |
1238 | body->lan = 0; | |
1239 | body->lrx = FALSE; | |
1240 | body->ltx = FALSE; | |
1241 | body->delay_protect = FALSE; | |
1242 | return 0; | |
1243 | } | |
1244 | ||
e49b78c0 | 1245 | /* data delay protect */ |
d9a0a722 | 1246 | body->delay_protect = kay->mka_hello_time <= MKA_BOUNDED_HELLO_TIME; |
e49b78c0 | 1247 | /* lowest accept packet number */ |
887d9d01 | 1248 | pn = ieee802_1x_mka_get_lpn(participant, &participant->lki); |
87b19c8d | 1249 | if (pn > kay->pn_exhaustion) { |
887d9d01 HW |
1250 | wpa_printf(MSG_WARNING, "KaY: My LPN exhaustion"); |
1251 | if (participant->is_key_server) | |
1252 | participant->new_sak = TRUE; | |
1253 | } | |
1254 | ||
1255 | body->llpn = host_to_be32(pn); | |
1256 | pn = ieee802_1x_mka_get_lpn(participant, &participant->oki); | |
1257 | body->olpn = host_to_be32(pn); | |
1258 | ||
1259 | /* plain tx, plain rx */ | |
87b19c8d SD |
1260 | body->ptx = !kay->macsec_protect; |
1261 | body->prx = kay->macsec_validate != Strict; | |
887d9d01 HW |
1262 | |
1263 | /* latest key: rx, tx, key server member identifier key number */ | |
1264 | body->lan = participant->lan; | |
87b19c8d | 1265 | os_memcpy(body->lsrv_mi, participant->lki.mi, sizeof(body->lsrv_mi)); |
887d9d01 HW |
1266 | body->lkn = host_to_be32(participant->lki.kn); |
1267 | body->lrx = participant->lrx; | |
1268 | body->ltx = participant->ltx; | |
1269 | ||
1270 | /* old key: rx, tx, key server member identifier key number */ | |
1271 | body->oan = participant->oan; | |
1272 | if (participant->oki.kn != participant->lki.kn && | |
1273 | participant->oki.kn != 0) { | |
1274 | body->otx = TRUE; | |
1275 | body->orx = TRUE; | |
1276 | os_memcpy(body->osrv_mi, participant->oki.mi, | |
1277 | sizeof(body->osrv_mi)); | |
1278 | body->okn = host_to_be32(participant->oki.kn); | |
1279 | } else { | |
1280 | body->otx = FALSE; | |
1281 | body->orx = FALSE; | |
1282 | } | |
1283 | ||
1284 | /* set CP's variable */ | |
1285 | if (body->ltx) { | |
87b19c8d SD |
1286 | kay->tx_enable = TRUE; |
1287 | kay->port_enable = TRUE; | |
887d9d01 | 1288 | } |
87b19c8d SD |
1289 | if (body->lrx) |
1290 | kay->rx_enable = TRUE; | |
887d9d01 HW |
1291 | |
1292 | ieee802_1x_mka_dump_sak_use_body(body); | |
1293 | return 0; | |
1294 | } | |
1295 | ||
1296 | ||
1297 | /** | |
1298 | * ieee802_1x_mka_decode_sak_use_body - | |
1299 | */ | |
1300 | static int | |
1301 | ieee802_1x_mka_decode_sak_use_body( | |
1302 | struct ieee802_1x_mka_participant *participant, | |
1303 | const u8 *mka_msg, size_t msg_len) | |
1304 | { | |
1305 | struct ieee802_1x_mka_hdr *hdr; | |
1306 | struct ieee802_1x_mka_sak_use_body *body; | |
1307 | struct ieee802_1x_kay_peer *peer; | |
2fc06756 MS |
1308 | struct receive_sc *rxsc; |
1309 | struct receive_sa *rxsa; | |
887d9d01 HW |
1310 | struct data_key *sa_key = NULL; |
1311 | size_t body_len; | |
1312 | struct ieee802_1x_mka_ki ki; | |
1313 | u32 lpn; | |
1314 | Boolean all_receiving; | |
f9ea083b | 1315 | Boolean found; |
87b19c8d | 1316 | struct ieee802_1x_kay *kay = participant->kay; |
887d9d01 HW |
1317 | |
1318 | if (!participant->principal) { | |
1319 | wpa_printf(MSG_WARNING, "KaY: Participant is not principal"); | |
1320 | return -1; | |
1321 | } | |
1322 | peer = ieee802_1x_kay_get_live_peer(participant, | |
1323 | participant->current_peer_id.mi); | |
1324 | if (!peer) { | |
1325 | wpa_printf(MSG_WARNING, "KaY: the peer is not my live peer"); | |
1326 | return -1; | |
1327 | } | |
1328 | ||
1329 | hdr = (struct ieee802_1x_mka_hdr *) mka_msg; | |
1330 | body_len = get_mka_param_body_len(hdr); | |
1331 | body = (struct ieee802_1x_mka_sak_use_body *) mka_msg; | |
1332 | ieee802_1x_mka_dump_sak_use_body(body); | |
1333 | ||
1334 | if ((body_len != 0) && (body_len < 40)) { | |
1335 | wpa_printf(MSG_ERROR, | |
3ceb4582 SD |
1336 | "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 40, or more octets", |
1337 | body_len); | |
887d9d01 HW |
1338 | return -1; |
1339 | } | |
1340 | ||
1341 | /* TODO: what action should I take when peer does not support MACsec */ | |
1342 | if (body_len == 0) { | |
1343 | wpa_printf(MSG_WARNING, "KaY: Peer does not support MACsec"); | |
1344 | return 0; | |
1345 | } | |
1346 | ||
1347 | /* TODO: when the plain tx or rx of peer is true, should I change | |
1348 | * the attribute of controlled port | |
1349 | */ | |
1350 | if (body->prx) | |
1351 | wpa_printf(MSG_WARNING, "KaY: peer's plain rx are TRUE"); | |
1352 | ||
1353 | if (body->ptx) | |
1354 | wpa_printf(MSG_WARNING, "KaY: peer's plain tx are TRUE"); | |
1355 | ||
1356 | /* check latest key is valid */ | |
1357 | if (body->ltx || body->lrx) { | |
f9ea083b | 1358 | found = FALSE; |
887d9d01 | 1359 | os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi)); |
4e7f5a4a | 1360 | ki.kn = be_to_host32(body->lkn); |
887d9d01 HW |
1361 | dl_list_for_each(sa_key, &participant->sak_list, |
1362 | struct data_key, list) { | |
1363 | if (is_ki_equal(&sa_key->key_identifier, &ki)) { | |
f9ea083b | 1364 | found = TRUE; |
887d9d01 HW |
1365 | break; |
1366 | } | |
1367 | } | |
f9ea083b | 1368 | if (!found) { |
db9ca18b | 1369 | wpa_printf(MSG_INFO, "KaY: Latest key is invalid"); |
887d9d01 HW |
1370 | return -1; |
1371 | } | |
1372 | if (os_memcmp(participant->lki.mi, body->lsrv_mi, | |
1373 | sizeof(participant->lki.mi)) == 0 && | |
4e7f5a4a | 1374 | be_to_host32(body->lkn) == participant->lki.kn && |
887d9d01 HW |
1375 | body->lan == participant->lan) { |
1376 | peer->sak_used = TRUE; | |
1377 | } | |
1378 | if (body->ltx && peer->is_key_server) { | |
87b19c8d SD |
1379 | ieee802_1x_cp_set_servertransmitting(kay->cp, TRUE); |
1380 | ieee802_1x_cp_sm_step(kay->cp); | |
887d9d01 HW |
1381 | } |
1382 | } | |
1383 | ||
8fb546d8 MS |
1384 | /* check old key is valid (but only if we remember our old key) */ |
1385 | if (participant->oki.kn != 0 && (body->otx || body->orx)) { | |
887d9d01 HW |
1386 | if (os_memcmp(participant->oki.mi, body->osrv_mi, |
1387 | sizeof(participant->oki.mi)) != 0 || | |
4e7f5a4a | 1388 | be_to_host32(body->okn) != participant->oki.kn || |
887d9d01 HW |
1389 | body->oan != participant->oan) { |
1390 | wpa_printf(MSG_WARNING, "KaY: Old key is invalid"); | |
1391 | return -1; | |
1392 | } | |
1393 | } | |
1394 | ||
1395 | /* TODO: how to set the MACsec hardware when delay_protect is true */ | |
4e7f5a4a JM |
1396 | if (body->delay_protect && |
1397 | (!be_to_host32(body->llpn) || !be_to_host32(body->olpn))) { | |
887d9d01 HW |
1398 | wpa_printf(MSG_WARNING, |
1399 | "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE"); | |
1400 | return -1; | |
1401 | } | |
1402 | ||
1403 | /* check all live peer have used the sak for receiving sa */ | |
1404 | all_receiving = TRUE; | |
1405 | dl_list_for_each(peer, &participant->live_peers, | |
1406 | struct ieee802_1x_kay_peer, list) { | |
1407 | if (!peer->sak_used) { | |
1408 | all_receiving = FALSE; | |
1409 | break; | |
1410 | } | |
1411 | } | |
1412 | if (all_receiving) { | |
1413 | participant->to_dist_sak = FALSE; | |
87b19c8d SD |
1414 | ieee802_1x_cp_set_allreceiving(kay->cp, TRUE); |
1415 | ieee802_1x_cp_sm_step(kay->cp); | |
887d9d01 HW |
1416 | } |
1417 | ||
1418 | /* if i'm key server, and detects peer member pn exhaustion, rekey.*/ | |
4e7f5a4a | 1419 | lpn = be_to_host32(body->llpn); |
87b19c8d | 1420 | if (lpn > kay->pn_exhaustion) { |
887d9d01 HW |
1421 | if (participant->is_key_server) { |
1422 | participant->new_sak = TRUE; | |
1423 | wpa_printf(MSG_WARNING, "KaY: Peer LPN exhaustion"); | |
1424 | } | |
1425 | } | |
1426 | ||
f9ea083b | 1427 | found = FALSE; |
2fc06756 MS |
1428 | dl_list_for_each(rxsc, &participant->rxsc_list, struct receive_sc, |
1429 | list) { | |
1430 | dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, | |
1431 | list) { | |
1432 | if (sa_key && rxsa->pkey == sa_key) { | |
1433 | found = TRUE; | |
1434 | break; | |
1435 | } | |
887d9d01 | 1436 | } |
2fc06756 MS |
1437 | if (found) |
1438 | break; | |
887d9d01 | 1439 | } |
f9ea083b | 1440 | if (!found) { |
2fc06756 | 1441 | wpa_printf(MSG_WARNING, "KaY: Can't find rxsa"); |
887d9d01 HW |
1442 | return -1; |
1443 | } | |
1444 | ||
2fc06756 MS |
1445 | if (body->delay_protect) { |
1446 | secy_get_receive_lowest_pn(participant->kay, rxsa); | |
1447 | if (lpn > rxsa->lowest_pn) { | |
1448 | /* Delay protect window (communicated via MKA) is | |
1449 | * tighter than SecY's current replay protect window, | |
1450 | * so tell SecY the new (and higher) lpn. */ | |
1451 | rxsa->lowest_pn = lpn; | |
1452 | secy_set_receive_lowest_pn(participant->kay, rxsa); | |
1453 | wpa_printf(MSG_DEBUG, "KaY: update lpn =0x%x", lpn); | |
1454 | } | |
1455 | /* FIX: Delay protection for olpn not implemented. | |
1456 | * Note that Old Key is only active for MKA_SAK_RETIRE_TIME | |
1457 | * (3 seconds) and delay protection does allow PN's within | |
1458 | * a 2 seconds window, so olpn would be a lot of work for | |
1459 | * just 1 second's worth of protection. */ | |
887d9d01 HW |
1460 | } |
1461 | ||
1462 | return 0; | |
1463 | } | |
1464 | ||
1465 | ||
1466 | /** | |
1467 | * ieee802_1x_mka_dist_sak_body_present | |
1468 | */ | |
1469 | static Boolean | |
1470 | ieee802_1x_mka_dist_sak_body_present( | |
1471 | struct ieee802_1x_mka_participant *participant) | |
1472 | { | |
05283e7a | 1473 | return participant->to_dist_sak && participant->new_key; |
887d9d01 HW |
1474 | } |
1475 | ||
1476 | ||
1477 | /** | |
1478 | * ieee802_1x_kay_get_dist_sak_length | |
1479 | */ | |
1480 | static int | |
1481 | ieee802_1x_mka_get_dist_sak_length( | |
1482 | struct ieee802_1x_mka_participant *participant) | |
1483 | { | |
d4f668fd | 1484 | int length = MKA_HDR_LEN; |
535a8b87 | 1485 | unsigned int cs_index = participant->kay->macsec_csindex; |
887d9d01 | 1486 | |
7dcec248 | 1487 | if (participant->advised_desired && cs_index < CS_TABLE_SIZE) { |
887d9d01 HW |
1488 | length = sizeof(struct ieee802_1x_mka_dist_sak_body); |
1489 | if (cs_index != DEFAULT_CS_INDEX) | |
1490 | length += CS_ID_LEN; | |
1491 | ||
1492 | length += cipher_suite_tbl[cs_index].sak_len + 8; | |
887d9d01 | 1493 | } |
887d9d01 | 1494 | |
d4f668fd | 1495 | return MKA_ALIGN_LENGTH(length); |
887d9d01 HW |
1496 | } |
1497 | ||
1498 | ||
1499 | /** | |
1500 | * ieee802_1x_mka_encode_dist_sak_body - | |
1501 | */ | |
1502 | static int | |
1503 | ieee802_1x_mka_encode_dist_sak_body( | |
1504 | struct ieee802_1x_mka_participant *participant, | |
1505 | struct wpabuf *buf) | |
1506 | { | |
1507 | struct ieee802_1x_mka_dist_sak_body *body; | |
1508 | struct data_key *sak; | |
1509 | unsigned int length; | |
535a8b87 | 1510 | unsigned int cs_index; |
887d9d01 HW |
1511 | int sak_pos; |
1512 | ||
1513 | length = ieee802_1x_mka_get_dist_sak_length(participant); | |
1514 | body = wpabuf_put(buf, length); | |
1515 | body->type = MKA_DISTRIBUTED_SAK; | |
1516 | set_mka_param_body_len(body, length - MKA_HDR_LEN); | |
1517 | if (length == MKA_HDR_LEN) { | |
1518 | body->confid_offset = 0; | |
1519 | body->dan = 0; | |
1520 | return 0; | |
1521 | } | |
1522 | ||
1523 | sak = participant->new_key; | |
1524 | body->confid_offset = sak->confidentiality_offset; | |
1525 | body->dan = sak->an; | |
1526 | body->kn = host_to_be32(sak->key_identifier.kn); | |
1527 | cs_index = participant->kay->macsec_csindex; | |
1528 | sak_pos = 0; | |
7dcec248 SD |
1529 | if (cs_index >= CS_TABLE_SIZE) |
1530 | return -1; | |
887d9d01 | 1531 | if (cs_index != DEFAULT_CS_INDEX) { |
07a6bfe1 SD |
1532 | be64 cs; |
1533 | ||
1534 | cs = host_to_be64(cipher_suite_tbl[cs_index].id); | |
1535 | os_memcpy(body->sak, &cs, CS_ID_LEN); | |
887d9d01 HW |
1536 | sak_pos = CS_ID_LEN; |
1537 | } | |
eefec1e4 | 1538 | if (aes_wrap(participant->kek.key, 16, |
887d9d01 HW |
1539 | cipher_suite_tbl[cs_index].sak_len / 8, |
1540 | sak->key, body->sak + sak_pos)) { | |
1541 | wpa_printf(MSG_ERROR, "KaY: AES wrap failed"); | |
1542 | return -1; | |
1543 | } | |
1544 | ||
1545 | ieee802_1x_mka_dump_dist_sak_body(body); | |
1546 | ||
1547 | return 0; | |
1548 | } | |
1549 | ||
1550 | ||
1551 | /** | |
1552 | * ieee802_1x_kay_init_data_key - | |
1553 | */ | |
7dcec248 | 1554 | static void ieee802_1x_kay_init_data_key(struct data_key *pkey) |
887d9d01 | 1555 | { |
7dcec248 SD |
1556 | pkey->transmits = TRUE; |
1557 | pkey->receives = TRUE; | |
887d9d01 HW |
1558 | os_get_time(&pkey->created_time); |
1559 | ||
1560 | pkey->user = 1; | |
887d9d01 HW |
1561 | } |
1562 | ||
1563 | ||
1564 | /** | |
1565 | * ieee802_1x_kay_decode_dist_sak_body - | |
1566 | */ | |
1567 | static int | |
1568 | ieee802_1x_mka_decode_dist_sak_body( | |
1569 | struct ieee802_1x_mka_participant *participant, | |
1570 | const u8 *mka_msg, size_t msg_len) | |
1571 | { | |
1572 | struct ieee802_1x_mka_hdr *hdr; | |
1573 | struct ieee802_1x_mka_dist_sak_body *body; | |
1574 | struct ieee802_1x_kay_peer *peer; | |
1575 | struct macsec_ciphersuite *cs; | |
1576 | size_t body_len; | |
887d9d01 | 1577 | struct data_key *sa_key = NULL; |
887d9d01 HW |
1578 | int sak_len; |
1579 | u8 *wrap_sak; | |
1580 | u8 *unwrap_sak; | |
87b19c8d | 1581 | struct ieee802_1x_kay *kay = participant->kay; |
887d9d01 HW |
1582 | |
1583 | hdr = (struct ieee802_1x_mka_hdr *) mka_msg; | |
1584 | body_len = get_mka_param_body_len(hdr); | |
1585 | if ((body_len != 0) && (body_len != 28) && (body_len < 36)) { | |
1586 | wpa_printf(MSG_ERROR, | |
3ceb4582 SD |
1587 | "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 28, 36, or more octets", |
1588 | body_len); | |
887d9d01 HW |
1589 | return -1; |
1590 | } | |
1591 | ||
1592 | if (!participant->principal) { | |
1593 | wpa_printf(MSG_ERROR, | |
1594 | "KaY: I can't accept the distributed SAK as I am not principal"); | |
1595 | return -1; | |
1596 | } | |
1597 | if (participant->is_key_server) { | |
1598 | wpa_printf(MSG_ERROR, | |
1599 | "KaY: I can't accept the distributed SAK as myself is key server "); | |
1600 | return -1; | |
1601 | } | |
87b19c8d SD |
1602 | if (!kay->macsec_desired || |
1603 | kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) { | |
887d9d01 HW |
1604 | wpa_printf(MSG_ERROR, |
1605 | "KaY: I am not MACsec-desired or without MACsec capable"); | |
1606 | return -1; | |
1607 | } | |
1608 | ||
1609 | peer = ieee802_1x_kay_get_live_peer(participant, | |
1610 | participant->current_peer_id.mi); | |
1611 | if (!peer) { | |
1612 | wpa_printf(MSG_ERROR, | |
1613 | "KaY: The key server is not in my live peers list"); | |
1614 | return -1; | |
1615 | } | |
87b19c8d | 1616 | if (!sci_equal(&kay->key_server_sci, &peer->sci)) { |
887d9d01 HW |
1617 | wpa_printf(MSG_ERROR, "KaY: The key server is not elected"); |
1618 | return -1; | |
1619 | } | |
87b19c8d | 1620 | |
887d9d01 | 1621 | if (body_len == 0) { |
87b19c8d SD |
1622 | kay->authenticated = TRUE; |
1623 | kay->secured = FALSE; | |
1624 | kay->failed = FALSE; | |
887d9d01 | 1625 | participant->advised_desired = FALSE; |
87b19c8d SD |
1626 | ieee802_1x_cp_connect_authenticated(kay->cp); |
1627 | ieee802_1x_cp_sm_step(kay->cp); | |
887d9d01 | 1628 | wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec"); |
7faf403f | 1629 | participant->to_use_sak = FALSE; |
887d9d01 HW |
1630 | return 0; |
1631 | } | |
87b19c8d | 1632 | |
887d9d01 | 1633 | participant->advised_desired = TRUE; |
87b19c8d SD |
1634 | kay->authenticated = FALSE; |
1635 | kay->secured = TRUE; | |
1636 | kay->failed = FALSE; | |
1637 | ieee802_1x_cp_connect_secure(kay->cp); | |
1638 | ieee802_1x_cp_sm_step(kay->cp); | |
887d9d01 HW |
1639 | |
1640 | body = (struct ieee802_1x_mka_dist_sak_body *)mka_msg; | |
1641 | ieee802_1x_mka_dump_dist_sak_body(body); | |
1642 | dl_list_for_each(sa_key, &participant->sak_list, struct data_key, list) | |
1643 | { | |
1644 | if (os_memcmp(sa_key->key_identifier.mi, | |
1645 | participant->current_peer_id.mi, MI_LEN) == 0 && | |
1646 | sa_key->key_identifier.kn == be_to_host32(body->kn)) { | |
1647 | wpa_printf(MSG_WARNING, "KaY:The Key has installed"); | |
1648 | return 0; | |
1649 | } | |
1650 | } | |
87b19c8d | 1651 | |
887d9d01 HW |
1652 | if (body_len == 28) { |
1653 | sak_len = DEFAULT_SA_KEY_LEN; | |
1654 | wrap_sak = body->sak; | |
87b19c8d | 1655 | kay->macsec_csindex = DEFAULT_CS_INDEX; |
7dcec248 | 1656 | cs = &cipher_suite_tbl[kay->macsec_csindex]; |
887d9d01 HW |
1657 | } else { |
1658 | cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak); | |
1659 | if (!cs) { | |
1660 | wpa_printf(MSG_ERROR, | |
1661 | "KaY: I can't support the Cipher Suite advised by key server"); | |
1662 | return -1; | |
1663 | } | |
1664 | sak_len = cs->sak_len; | |
1665 | wrap_sak = body->sak + CS_ID_LEN; | |
87b19c8d | 1666 | kay->macsec_csindex = cs->index; |
887d9d01 HW |
1667 | } |
1668 | ||
1669 | unwrap_sak = os_zalloc(sak_len); | |
1670 | if (!unwrap_sak) { | |
1671 | wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__); | |
1672 | return -1; | |
1673 | } | |
eefec1e4 | 1674 | if (aes_unwrap(participant->kek.key, 16, sak_len >> 3, wrap_sak, |
887d9d01 HW |
1675 | unwrap_sak)) { |
1676 | wpa_printf(MSG_ERROR, "KaY: AES unwrap failed"); | |
1677 | os_free(unwrap_sak); | |
1678 | return -1; | |
1679 | } | |
3a52f6b3 MS |
1680 | wpa_hexdump_key(MSG_DEBUG, "\tAES Key Unwrap of SAK:", |
1681 | unwrap_sak, sak_len); | |
887d9d01 | 1682 | |
7dcec248 SD |
1683 | sa_key = os_zalloc(sizeof(*sa_key)); |
1684 | if (!sa_key) { | |
887d9d01 | 1685 | os_free(unwrap_sak); |
887d9d01 HW |
1686 | return -1; |
1687 | } | |
1688 | ||
7dcec248 SD |
1689 | os_memcpy(&sa_key->key_identifier.mi, &participant->current_peer_id.mi, |
1690 | MI_LEN); | |
1691 | sa_key->key_identifier.kn = be_to_host32(body->kn); | |
887d9d01 | 1692 | |
7dcec248 SD |
1693 | sa_key->key = unwrap_sak; |
1694 | sa_key->key_len = sak_len; | |
887d9d01 | 1695 | |
7dcec248 SD |
1696 | sa_key->confidentiality_offset = body->confid_offset; |
1697 | sa_key->an = body->dan; | |
1698 | ieee802_1x_kay_init_data_key(sa_key); | |
887d9d01 | 1699 | |
99b82bf5 | 1700 | ieee802_1x_kay_use_data_key(sa_key); |
887d9d01 HW |
1701 | dl_list_add(&participant->sak_list, &sa_key->list); |
1702 | ||
7dcec248 | 1703 | ieee802_1x_cp_set_ciphersuite(kay->cp, cs->id); |
87b19c8d SD |
1704 | ieee802_1x_cp_sm_step(kay->cp); |
1705 | ieee802_1x_cp_set_offset(kay->cp, body->confid_offset); | |
1706 | ieee802_1x_cp_sm_step(kay->cp); | |
7dcec248 | 1707 | ieee802_1x_cp_set_distributedki(kay->cp, &sa_key->key_identifier); |
87b19c8d SD |
1708 | ieee802_1x_cp_set_distributedan(kay->cp, body->dan); |
1709 | ieee802_1x_cp_signal_newsak(kay->cp); | |
1710 | ieee802_1x_cp_sm_step(kay->cp); | |
887d9d01 | 1711 | |
7508c2ad | 1712 | kay->rcvd_keys++; |
887d9d01 HW |
1713 | participant->to_use_sak = TRUE; |
1714 | ||
887d9d01 HW |
1715 | return 0; |
1716 | } | |
1717 | ||
1718 | ||
1719 | /** | |
1720 | * ieee802_1x_mka_icv_body_present | |
1721 | */ | |
1722 | static Boolean | |
1723 | ieee802_1x_mka_icv_body_present(struct ieee802_1x_mka_participant *participant) | |
1724 | { | |
1725 | return TRUE; | |
1726 | } | |
1727 | ||
1728 | ||
1729 | /** | |
1730 | * ieee802_1x_kay_get_icv_length | |
1731 | */ | |
1732 | static int | |
1733 | ieee802_1x_mka_get_icv_length(struct ieee802_1x_mka_participant *participant) | |
1734 | { | |
1735 | int length; | |
1736 | ||
1737 | length = sizeof(struct ieee802_1x_mka_icv_body); | |
1738 | length += mka_alg_tbl[participant->kay->mka_algindex].icv_len; | |
1739 | ||
d4f668fd | 1740 | return MKA_ALIGN_LENGTH(length); |
887d9d01 HW |
1741 | } |
1742 | ||
1743 | ||
1744 | /** | |
1745 | * ieee802_1x_mka_encode_icv_body - | |
1746 | */ | |
1747 | static int | |
1748 | ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant, | |
1749 | struct wpabuf *buf) | |
1750 | { | |
1751 | struct ieee802_1x_mka_icv_body *body; | |
1752 | unsigned int length; | |
1753 | u8 cmac[MAX_ICV_LEN]; | |
1754 | ||
1755 | length = ieee802_1x_mka_get_icv_length(participant); | |
1756 | if (length != DEFAULT_ICV_LEN) { | |
1757 | body = wpabuf_put(buf, MKA_HDR_LEN); | |
1758 | body->type = MKA_ICV_INDICATOR; | |
1759 | set_mka_param_body_len(body, length - MKA_HDR_LEN); | |
1760 | } | |
1761 | ||
1762 | if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash( | |
1763 | participant->ick.key, wpabuf_head(buf), buf->used, cmac)) { | |
1764 | wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed"); | |
1765 | return -1; | |
1766 | } | |
1767 | ||
cf375eb2 SD |
1768 | if (length != DEFAULT_ICV_LEN) |
1769 | length -= MKA_HDR_LEN; | |
1770 | os_memcpy(wpabuf_put(buf, length), cmac, length); | |
887d9d01 HW |
1771 | |
1772 | return 0; | |
1773 | } | |
1774 | ||
1775 | /** | |
1776 | * ieee802_1x_mka_decode_icv_body - | |
1777 | */ | |
1778 | static u8 * | |
1779 | ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant, | |
1780 | const u8 *mka_msg, size_t msg_len) | |
1781 | { | |
1782 | struct ieee802_1x_mka_hdr *hdr; | |
1783 | struct ieee802_1x_mka_icv_body *body; | |
1784 | size_t body_len; | |
1785 | size_t left_len; | |
65b47738 | 1786 | u8 body_type; |
887d9d01 HW |
1787 | const u8 *pos; |
1788 | ||
1789 | pos = mka_msg; | |
1790 | left_len = msg_len; | |
1791 | while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) { | |
1792 | hdr = (struct ieee802_1x_mka_hdr *) pos; | |
61127f16 | 1793 | body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr)); |
887d9d01 HW |
1794 | body_type = get_mka_param_body_type(hdr); |
1795 | ||
1796 | if (left_len < (body_len + MKA_HDR_LEN)) | |
1797 | break; | |
1798 | ||
1799 | if (body_type != MKA_ICV_INDICATOR) { | |
1800 | left_len -= MKA_HDR_LEN + body_len; | |
1801 | pos += MKA_HDR_LEN + body_len; | |
1802 | continue; | |
1803 | } | |
1804 | ||
1805 | body = (struct ieee802_1x_mka_icv_body *)pos; | |
1806 | if (body_len | |
1807 | < mka_alg_tbl[participant->kay->mka_algindex].icv_len) { | |
1808 | return NULL; | |
1809 | } | |
1810 | ||
1811 | return body->icv; | |
1812 | } | |
1813 | ||
1814 | return (u8 *) (mka_msg + msg_len - DEFAULT_ICV_LEN); | |
1815 | } | |
1816 | ||
1817 | ||
1818 | /** | |
1819 | * ieee802_1x_mka_decode_dist_cak_body- | |
1820 | */ | |
1821 | static int | |
1822 | ieee802_1x_mka_decode_dist_cak_body( | |
1823 | struct ieee802_1x_mka_participant *participant, | |
1824 | const u8 *mka_msg, size_t msg_len) | |
1825 | { | |
1826 | struct ieee802_1x_mka_hdr *hdr; | |
1827 | size_t body_len; | |
1828 | ||
1829 | hdr = (struct ieee802_1x_mka_hdr *) mka_msg; | |
1830 | body_len = get_mka_param_body_len(hdr); | |
1831 | if (body_len < 28) { | |
1832 | wpa_printf(MSG_ERROR, | |
3ceb4582 SD |
1833 | "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 28 or more octets", |
1834 | body_len); | |
887d9d01 HW |
1835 | return -1; |
1836 | } | |
1837 | ||
1838 | return 0; | |
1839 | } | |
1840 | ||
1841 | ||
1842 | /** | |
1843 | * ieee802_1x_mka_decode_kmd_body - | |
1844 | */ | |
1845 | static int | |
1846 | ieee802_1x_mka_decode_kmd_body( | |
1847 | struct ieee802_1x_mka_participant *participant, | |
1848 | const u8 *mka_msg, size_t msg_len) | |
1849 | { | |
1850 | struct ieee802_1x_mka_hdr *hdr; | |
1851 | size_t body_len; | |
1852 | ||
1853 | hdr = (struct ieee802_1x_mka_hdr *) mka_msg; | |
1854 | body_len = get_mka_param_body_len(hdr); | |
1855 | if (body_len < 5) { | |
1856 | wpa_printf(MSG_ERROR, | |
3ceb4582 SD |
1857 | "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 5 or more octets", |
1858 | body_len); | |
887d9d01 HW |
1859 | return -1; |
1860 | } | |
1861 | ||
1862 | return 0; | |
1863 | } | |
1864 | ||
1865 | ||
1866 | /** | |
1867 | * ieee802_1x_mka_decode_announce_body - | |
1868 | */ | |
1869 | static int ieee802_1x_mka_decode_announce_body( | |
1870 | struct ieee802_1x_mka_participant *participant, | |
1871 | const u8 *mka_msg, size_t msg_len) | |
1872 | { | |
1873 | return 0; | |
1874 | } | |
1875 | ||
1876 | ||
921171f5 SD |
1877 | struct mka_param_body_handler { |
1878 | int (*body_tx)(struct ieee802_1x_mka_participant *participant, | |
1879 | struct wpabuf *buf); | |
1880 | int (*body_rx)(struct ieee802_1x_mka_participant *participant, | |
1881 | const u8 *mka_msg, size_t msg_len); | |
1882 | int (*body_length)(struct ieee802_1x_mka_participant *participant); | |
1883 | Boolean (*body_present)(struct ieee802_1x_mka_participant *participant); | |
1884 | }; | |
1885 | ||
1886 | ||
515bc1ae | 1887 | static struct mka_param_body_handler mka_body_handler[] = { |
887d9d01 HW |
1888 | /* basic parameter set */ |
1889 | { | |
921171f5 SD |
1890 | .body_tx = ieee802_1x_mka_encode_basic_body, |
1891 | .body_rx = NULL, | |
1892 | .body_length = ieee802_1x_mka_basic_body_length, | |
1893 | .body_present = ieee802_1x_mka_basic_body_present | |
887d9d01 HW |
1894 | }, |
1895 | ||
1896 | /* live peer list parameter set */ | |
1897 | { | |
921171f5 SD |
1898 | .body_tx = ieee802_1x_mka_encode_live_peer_body, |
1899 | .body_rx = ieee802_1x_mka_decode_live_peer_body, | |
1900 | .body_length = ieee802_1x_mka_get_live_peer_length, | |
1901 | .body_present = ieee802_1x_mka_live_peer_body_present | |
887d9d01 HW |
1902 | }, |
1903 | ||
1904 | /* potential peer list parameter set */ | |
1905 | { | |
921171f5 SD |
1906 | .body_tx = ieee802_1x_mka_encode_potential_peer_body, |
1907 | .body_rx = ieee802_1x_mka_decode_potential_peer_body, | |
1908 | .body_length = ieee802_1x_mka_get_potential_peer_length, | |
1909 | .body_present = ieee802_1x_mka_potential_peer_body_present | |
887d9d01 HW |
1910 | }, |
1911 | ||
1912 | /* sak use parameter set */ | |
1913 | { | |
921171f5 SD |
1914 | .body_tx = ieee802_1x_mka_encode_sak_use_body, |
1915 | .body_rx = ieee802_1x_mka_decode_sak_use_body, | |
1916 | .body_length = ieee802_1x_mka_get_sak_use_length, | |
1917 | .body_present = ieee802_1x_mka_sak_use_body_present | |
887d9d01 HW |
1918 | }, |
1919 | ||
1920 | /* distribute sak parameter set */ | |
1921 | { | |
921171f5 SD |
1922 | .body_tx = ieee802_1x_mka_encode_dist_sak_body, |
1923 | .body_rx = ieee802_1x_mka_decode_dist_sak_body, | |
1924 | .body_length = ieee802_1x_mka_get_dist_sak_length, | |
1925 | .body_present = ieee802_1x_mka_dist_sak_body_present | |
887d9d01 HW |
1926 | }, |
1927 | ||
1928 | /* distribute cak parameter set */ | |
1929 | { | |
921171f5 SD |
1930 | .body_tx = NULL, |
1931 | .body_rx = ieee802_1x_mka_decode_dist_cak_body, | |
1932 | .body_length = NULL, | |
1933 | .body_present = NULL | |
887d9d01 HW |
1934 | }, |
1935 | ||
1936 | /* kmd parameter set */ | |
1937 | { | |
921171f5 SD |
1938 | .body_tx = NULL, |
1939 | .body_rx = ieee802_1x_mka_decode_kmd_body, | |
1940 | .body_length = NULL, | |
1941 | .body_present = NULL | |
887d9d01 HW |
1942 | }, |
1943 | ||
1944 | /* announce parameter set */ | |
1945 | { | |
921171f5 SD |
1946 | .body_tx = NULL, |
1947 | .body_rx = ieee802_1x_mka_decode_announce_body, | |
1948 | .body_length = NULL, | |
1949 | .body_present = NULL | |
887d9d01 HW |
1950 | }, |
1951 | ||
1952 | /* icv parameter set */ | |
1953 | { | |
921171f5 SD |
1954 | .body_tx = ieee802_1x_mka_encode_icv_body, |
1955 | .body_rx = NULL, | |
1956 | .body_length = ieee802_1x_mka_get_icv_length, | |
1957 | .body_present = ieee802_1x_mka_icv_body_present | |
887d9d01 HW |
1958 | }, |
1959 | }; | |
1960 | ||
1961 | ||
1962 | /** | |
99b82bf5 SD |
1963 | * ieee802_1x_kay_use_data_key - Take reference on a key |
1964 | */ | |
1965 | static void ieee802_1x_kay_use_data_key(struct data_key *pkey) | |
1966 | { | |
1967 | pkey->user++; | |
1968 | } | |
1969 | ||
1970 | ||
1971 | /** | |
1972 | * ieee802_1x_kay_deinit_data_key - Release reference on a key and | |
1973 | * free if there are no remaining users | |
887d9d01 | 1974 | */ |
799a7ed8 | 1975 | static void ieee802_1x_kay_deinit_data_key(struct data_key *pkey) |
887d9d01 HW |
1976 | { |
1977 | if (!pkey) | |
1978 | return; | |
1979 | ||
1980 | pkey->user--; | |
1981 | if (pkey->user > 1) | |
1982 | return; | |
1983 | ||
887d9d01 HW |
1984 | os_free(pkey->key); |
1985 | os_free(pkey); | |
1986 | } | |
1987 | ||
1988 | ||
1989 | /** | |
1990 | * ieee802_1x_kay_generate_new_sak - | |
1991 | */ | |
1992 | static int | |
1993 | ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant) | |
1994 | { | |
1995 | struct data_key *sa_key = NULL; | |
887d9d01 HW |
1996 | struct ieee802_1x_kay_peer *peer; |
1997 | struct ieee802_1x_kay *kay = participant->kay; | |
1998 | int ctx_len, ctx_offset; | |
1999 | u8 *context; | |
7dcec248 SD |
2000 | unsigned int key_len; |
2001 | u8 *key; | |
2002 | struct macsec_ciphersuite *cs; | |
887d9d01 HW |
2003 | |
2004 | /* check condition for generating a fresh SAK: | |
2005 | * must have one live peer | |
2006 | * and MKA life time elapse since last distribution | |
2007 | * or potential peer is empty | |
2008 | */ | |
2009 | if (dl_list_empty(&participant->live_peers)) { | |
2010 | wpa_printf(MSG_ERROR, | |
2011 | "KaY: Live peers list must not empty when generating fresh SAK"); | |
2012 | return -1; | |
2013 | } | |
2014 | ||
2015 | /* FIXME: A fresh SAK not generated until | |
2016 | * the live peer list contains at least one peer and | |
2017 | * MKA life time has elapsed since the prior SAK was first distributed, | |
2018 | * or the Key server's potential peer is empty | |
2019 | * but I can't understand the second item, so | |
2020 | * here only check first item and ingore | |
2021 | * && (!dl_list_empty(&participant->potential_peers))) { | |
2022 | */ | |
2023 | if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) { | |
2024 | wpa_printf(MSG_ERROR, | |
2025 | "KaY: Life time have not elapsed since prior SAK distributed"); | |
2026 | return -1; | |
2027 | } | |
2028 | ||
7dcec248 SD |
2029 | cs = &cipher_suite_tbl[kay->macsec_csindex]; |
2030 | key_len = cs->sak_len; | |
2031 | key = os_zalloc(key_len); | |
2032 | if (!key) { | |
887d9d01 HW |
2033 | wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__); |
2034 | return -1; | |
2035 | } | |
2036 | ||
7dcec248 | 2037 | ctx_len = key_len + sizeof(kay->dist_kn); |
887d9d01 HW |
2038 | dl_list_for_each(peer, &participant->live_peers, |
2039 | struct ieee802_1x_kay_peer, list) | |
2040 | ctx_len += sizeof(peer->mi); | |
2041 | ctx_len += sizeof(participant->mi); | |
2042 | ||
2043 | context = os_zalloc(ctx_len); | |
7dcec248 SD |
2044 | if (!context) |
2045 | goto fail; | |
2046 | ||
887d9d01 | 2047 | ctx_offset = 0; |
7dcec248 SD |
2048 | if (os_get_random(context + ctx_offset, key_len) < 0) |
2049 | goto fail; | |
2050 | ||
2051 | ctx_offset += key_len; | |
887d9d01 HW |
2052 | dl_list_for_each(peer, &participant->live_peers, |
2053 | struct ieee802_1x_kay_peer, list) { | |
2054 | os_memcpy(context + ctx_offset, peer->mi, sizeof(peer->mi)); | |
2055 | ctx_offset += sizeof(peer->mi); | |
2056 | } | |
2057 | os_memcpy(context + ctx_offset, participant->mi, | |
2058 | sizeof(participant->mi)); | |
2059 | ctx_offset += sizeof(participant->mi); | |
2060 | os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn)); | |
2061 | ||
7dcec248 | 2062 | if (key_len == 16) { |
887d9d01 | 2063 | ieee802_1x_sak_128bits_aes_cmac(participant->cak.key, |
7dcec248 SD |
2064 | context, ctx_len, key); |
2065 | } else if (key_len == 32) { | |
887d9d01 | 2066 | ieee802_1x_sak_128bits_aes_cmac(participant->cak.key, |
7dcec248 | 2067 | context, ctx_len, key); |
887d9d01 HW |
2068 | } else { |
2069 | wpa_printf(MSG_ERROR, "KaY: SAK Length not support"); | |
7dcec248 | 2070 | goto fail; |
887d9d01 | 2071 | } |
3a52f6b3 | 2072 | wpa_hexdump_key(MSG_DEBUG, "KaY: generated new SAK", key, key_len); |
7dcec248 SD |
2073 | os_free(context); |
2074 | context = NULL; | |
887d9d01 | 2075 | |
7dcec248 | 2076 | sa_key = os_zalloc(sizeof(*sa_key)); |
887d9d01 | 2077 | if (!sa_key) { |
7dcec248 SD |
2078 | wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__); |
2079 | goto fail; | |
887d9d01 | 2080 | } |
7dcec248 SD |
2081 | |
2082 | sa_key->key = key; | |
2083 | sa_key->key_len = key_len; | |
2084 | os_memcpy(sa_key->key_identifier.mi, participant->mi, MI_LEN); | |
2085 | sa_key->key_identifier.kn = kay->dist_kn; | |
2086 | ||
2087 | sa_key->confidentiality_offset = kay->macsec_confidentiality; | |
2088 | sa_key->an = kay->dist_an; | |
2089 | ieee802_1x_kay_init_data_key(sa_key); | |
2090 | ||
887d9d01 HW |
2091 | participant->new_key = sa_key; |
2092 | ||
99b82bf5 | 2093 | ieee802_1x_kay_use_data_key(sa_key); |
887d9d01 | 2094 | dl_list_add(&participant->sak_list, &sa_key->list); |
99b82bf5 | 2095 | |
7dcec248 | 2096 | ieee802_1x_cp_set_ciphersuite(kay->cp, cs->id); |
887d9d01 | 2097 | ieee802_1x_cp_sm_step(kay->cp); |
7dcec248 | 2098 | ieee802_1x_cp_set_offset(kay->cp, kay->macsec_confidentiality); |
887d9d01 | 2099 | ieee802_1x_cp_sm_step(kay->cp); |
7dcec248 SD |
2100 | ieee802_1x_cp_set_distributedki(kay->cp, &sa_key->key_identifier); |
2101 | ieee802_1x_cp_set_distributedan(kay->cp, sa_key->an); | |
887d9d01 HW |
2102 | ieee802_1x_cp_signal_newsak(kay->cp); |
2103 | ieee802_1x_cp_sm_step(kay->cp); | |
2104 | ||
2105 | dl_list_for_each(peer, &participant->live_peers, | |
2106 | struct ieee802_1x_kay_peer, list) | |
2107 | peer->sak_used = FALSE; | |
2108 | ||
87b19c8d SD |
2109 | kay->dist_kn++; |
2110 | kay->dist_an++; | |
2111 | if (kay->dist_an > 3) | |
2112 | kay->dist_an = 0; | |
887d9d01 | 2113 | |
87b19c8d | 2114 | kay->dist_time = time(NULL); |
887d9d01 | 2115 | |
887d9d01 | 2116 | return 0; |
7dcec248 SD |
2117 | |
2118 | fail: | |
2119 | os_free(key); | |
2120 | os_free(context); | |
2121 | return -1; | |
887d9d01 HW |
2122 | } |
2123 | ||
2124 | ||
0dabf79b SD |
2125 | static int compare_priorities(const struct ieee802_1x_kay_peer *peer, |
2126 | const struct ieee802_1x_kay_peer *other) | |
2127 | { | |
2128 | if (peer->key_server_priority < other->key_server_priority) | |
2129 | return -1; | |
2130 | if (other->key_server_priority < peer->key_server_priority) | |
2131 | return 1; | |
2132 | ||
2133 | return os_memcmp(peer->sci.addr, other->sci.addr, ETH_ALEN); | |
2134 | } | |
2135 | ||
2136 | ||
887d9d01 HW |
2137 | /** |
2138 | * ieee802_1x_kay_elect_key_server - elect the key server | |
2139 | * when to elect: whenever the live peers list changes | |
2140 | */ | |
2141 | static int | |
2142 | ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant) | |
2143 | { | |
2144 | struct ieee802_1x_kay_peer *peer; | |
2145 | struct ieee802_1x_kay_peer *key_server = NULL; | |
2146 | struct ieee802_1x_kay *kay = participant->kay; | |
2147 | Boolean i_is_key_server; | |
77977b3d | 2148 | int priority_comparison; |
887d9d01 HW |
2149 | |
2150 | if (participant->is_obliged_key_server) { | |
2151 | participant->new_sak = TRUE; | |
2152 | participant->to_dist_sak = FALSE; | |
2153 | ieee802_1x_cp_set_electedself(kay->cp, TRUE); | |
2154 | return 0; | |
2155 | } | |
2156 | ||
2157 | /* elect the key server among the peers */ | |
2158 | dl_list_for_each(peer, &participant->live_peers, | |
2159 | struct ieee802_1x_kay_peer, list) { | |
2160 | if (!peer->is_key_server) | |
2161 | continue; | |
2162 | ||
2163 | if (!key_server) { | |
2164 | key_server = peer; | |
2165 | continue; | |
2166 | } | |
2167 | ||
0dabf79b | 2168 | if (compare_priorities(peer, key_server) < 0) |
887d9d01 | 2169 | key_server = peer; |
887d9d01 HW |
2170 | } |
2171 | ||
2172 | /* elect the key server between me and the above elected peer */ | |
2173 | i_is_key_server = FALSE; | |
2174 | if (key_server && participant->can_be_key_server) { | |
0dabf79b SD |
2175 | struct ieee802_1x_kay_peer tmp; |
2176 | ||
2177 | tmp.key_server_priority = kay->actor_priority; | |
2178 | os_memcpy(&tmp.sci, &kay->actor_sci, sizeof(tmp.sci)); | |
77977b3d MS |
2179 | priority_comparison = compare_priorities(&tmp, key_server); |
2180 | if (priority_comparison < 0) { | |
887d9d01 | 2181 | i_is_key_server = TRUE; |
77977b3d MS |
2182 | } else if (priority_comparison == 0) { |
2183 | wpa_printf(MSG_WARNING, | |
2184 | "KaY: Cannot elect key server between me and peer, duplicate MAC detected"); | |
2185 | key_server = NULL; | |
2186 | } | |
099613e4 SD |
2187 | } else if (participant->can_be_key_server) { |
2188 | i_is_key_server = TRUE; | |
887d9d01 HW |
2189 | } |
2190 | ||
2191 | if (i_is_key_server) { | |
2192 | ieee802_1x_cp_set_electedself(kay->cp, TRUE); | |
a33e3c32 | 2193 | if (!sci_equal(&kay->key_server_sci, &kay->actor_sci)) { |
887d9d01 HW |
2194 | ieee802_1x_cp_signal_chgdserver(kay->cp); |
2195 | ieee802_1x_cp_sm_step(kay->cp); | |
2196 | } | |
2197 | ||
2198 | participant->is_key_server = TRUE; | |
2199 | participant->principal = TRUE; | |
2200 | participant->new_sak = TRUE; | |
2201 | wpa_printf(MSG_DEBUG, "KaY: I is elected as key server"); | |
2202 | participant->to_dist_sak = FALSE; | |
2203 | participant->is_elected = TRUE; | |
2204 | ||
2205 | os_memcpy(&kay->key_server_sci, &kay->actor_sci, | |
2206 | sizeof(kay->key_server_sci)); | |
2207 | kay->key_server_priority = kay->actor_priority; | |
099613e4 | 2208 | } else if (key_server) { |
887d9d01 | 2209 | ieee802_1x_cp_set_electedself(kay->cp, FALSE); |
a33e3c32 | 2210 | if (!sci_equal(&kay->key_server_sci, &key_server->sci)) { |
887d9d01 HW |
2211 | ieee802_1x_cp_signal_chgdserver(kay->cp); |
2212 | ieee802_1x_cp_sm_step(kay->cp); | |
2213 | } | |
2214 | ||
2215 | participant->is_key_server = FALSE; | |
2216 | participant->principal = TRUE; | |
2217 | participant->is_elected = TRUE; | |
2218 | ||
2219 | os_memcpy(&kay->key_server_sci, &key_server->sci, | |
2220 | sizeof(kay->key_server_sci)); | |
2221 | kay->key_server_priority = key_server->key_server_priority; | |
099613e4 SD |
2222 | } else { |
2223 | participant->principal = FALSE; | |
2224 | participant->is_key_server = FALSE; | |
2225 | participant->is_elected = FALSE; | |
887d9d01 HW |
2226 | } |
2227 | ||
2228 | return 0; | |
2229 | } | |
2230 | ||
2231 | ||
2232 | /** | |
2233 | * ieee802_1x_kay_decide_macsec_use - the key server determinate | |
2234 | * how to use MACsec: whether use MACsec and its capability | |
2235 | * protectFrames will be advised if the key server and one of its live peers are | |
2236 | * MACsec capable and one of those request MACsec protection | |
2237 | */ | |
2238 | static int | |
2239 | ieee802_1x_kay_decide_macsec_use( | |
2240 | struct ieee802_1x_mka_participant *participant) | |
2241 | { | |
2242 | struct ieee802_1x_kay *kay = participant->kay; | |
2243 | struct ieee802_1x_kay_peer *peer; | |
2244 | enum macsec_cap less_capability; | |
2245 | Boolean has_peer; | |
2246 | ||
2247 | if (!participant->is_key_server) | |
2248 | return -1; | |
2249 | ||
2250 | /* key server self is MACsec-desired and requesting MACsec */ | |
2251 | if (!kay->macsec_desired) { | |
2252 | participant->advised_desired = FALSE; | |
2253 | return -1; | |
2254 | } | |
2255 | if (kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) { | |
2256 | participant->advised_desired = FALSE; | |
2257 | return -1; | |
2258 | } | |
2259 | less_capability = kay->macsec_capable; | |
2260 | ||
2261 | /* at least one of peers is MACsec-desired and requesting MACsec */ | |
2262 | has_peer = FALSE; | |
2263 | dl_list_for_each(peer, &participant->live_peers, | |
2264 | struct ieee802_1x_kay_peer, list) { | |
2265 | if (!peer->macsec_desired) | |
2266 | continue; | |
2267 | ||
2e944898 | 2268 | if (peer->macsec_capability == MACSEC_CAP_NOT_IMPLEMENTED) |
887d9d01 HW |
2269 | continue; |
2270 | ||
2e944898 SD |
2271 | less_capability = (less_capability < peer->macsec_capability) ? |
2272 | less_capability : peer->macsec_capability; | |
887d9d01 HW |
2273 | has_peer = TRUE; |
2274 | } | |
2275 | ||
2276 | if (has_peer) { | |
2277 | participant->advised_desired = TRUE; | |
2278 | participant->advised_capability = less_capability; | |
2279 | kay->authenticated = FALSE; | |
2280 | kay->secured = TRUE; | |
2281 | kay->failed = FALSE; | |
2282 | ieee802_1x_cp_connect_secure(kay->cp); | |
2283 | ieee802_1x_cp_sm_step(kay->cp); | |
2284 | } else { | |
2285 | participant->advised_desired = FALSE; | |
2286 | participant->advised_capability = MACSEC_CAP_NOT_IMPLEMENTED; | |
2287 | participant->to_use_sak = FALSE; | |
2288 | kay->authenticated = TRUE; | |
2289 | kay->secured = FALSE; | |
2290 | kay->failed = FALSE; | |
2291 | kay->ltx_kn = 0; | |
2292 | kay->ltx_an = 0; | |
2293 | kay->lrx_kn = 0; | |
2294 | kay->lrx_an = 0; | |
2295 | kay->otx_kn = 0; | |
2296 | kay->otx_an = 0; | |
2297 | kay->orx_kn = 0; | |
2298 | kay->orx_an = 0; | |
2299 | ieee802_1x_cp_connect_authenticated(kay->cp); | |
2300 | ieee802_1x_cp_sm_step(kay->cp); | |
2301 | } | |
2302 | ||
2303 | return 0; | |
2304 | } | |
2305 | ||
2306 | static const u8 pae_group_addr[ETH_ALEN] = { | |
2307 | 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 | |
2308 | }; | |
2309 | ||
2310 | ||
2311 | /** | |
2312 | * ieee802_1x_kay_encode_mkpdu - | |
2313 | */ | |
2314 | static int | |
2315 | ieee802_1x_kay_encode_mkpdu(struct ieee802_1x_mka_participant *participant, | |
2316 | struct wpabuf *pbuf) | |
2317 | { | |
2318 | unsigned int i; | |
2319 | struct ieee8023_hdr *ether_hdr; | |
2320 | struct ieee802_1x_hdr *eapol_hdr; | |
2321 | ||
2322 | ether_hdr = wpabuf_put(pbuf, sizeof(*ether_hdr)); | |
2323 | os_memcpy(ether_hdr->dest, pae_group_addr, sizeof(ether_hdr->dest)); | |
2324 | os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr, | |
2325 | sizeof(ether_hdr->dest)); | |
2326 | ether_hdr->ethertype = host_to_be16(ETH_P_EAPOL); | |
2327 | ||
2328 | eapol_hdr = wpabuf_put(pbuf, sizeof(*eapol_hdr)); | |
2329 | eapol_hdr->version = EAPOL_VERSION; | |
2330 | eapol_hdr->type = IEEE802_1X_TYPE_EAPOL_MKA; | |
2331 | eapol_hdr->length = host_to_be16(pbuf->size - pbuf->used); | |
2332 | ||
515bc1ae SD |
2333 | for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) { |
2334 | if (mka_body_handler[i].body_present && | |
2335 | mka_body_handler[i].body_present(participant)) { | |
2336 | if (mka_body_handler[i].body_tx(participant, pbuf)) | |
887d9d01 HW |
2337 | return -1; |
2338 | } | |
2339 | } | |
2340 | ||
2341 | return 0; | |
2342 | } | |
2343 | ||
2344 | /** | |
2345 | * ieee802_1x_participant_send_mkpdu - | |
2346 | */ | |
2347 | static int | |
2348 | ieee802_1x_participant_send_mkpdu( | |
2349 | struct ieee802_1x_mka_participant *participant) | |
2350 | { | |
2351 | struct wpabuf *buf; | |
2352 | struct ieee802_1x_kay *kay = participant->kay; | |
2353 | size_t length = 0; | |
2354 | unsigned int i; | |
2355 | ||
2356 | wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU"); | |
2357 | length += sizeof(struct ieee802_1x_hdr) + sizeof(struct ieee8023_hdr); | |
515bc1ae SD |
2358 | for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) { |
2359 | if (mka_body_handler[i].body_present && | |
2360 | mka_body_handler[i].body_present(participant)) | |
2361 | length += mka_body_handler[i].body_length(participant); | |
887d9d01 HW |
2362 | } |
2363 | ||
2364 | buf = wpabuf_alloc(length); | |
2365 | if (!buf) { | |
2366 | wpa_printf(MSG_ERROR, "KaY: out of memory"); | |
2367 | return -1; | |
2368 | } | |
2369 | ||
2370 | if (ieee802_1x_kay_encode_mkpdu(participant, buf)) { | |
2371 | wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail!"); | |
2372 | return -1; | |
2373 | } | |
2374 | ||
2375 | l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf)); | |
2376 | wpabuf_free(buf); | |
2377 | ||
2378 | kay->active = TRUE; | |
2379 | participant->active = TRUE; | |
2380 | ||
2381 | return 0; | |
2382 | } | |
2383 | ||
2384 | ||
2385 | static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa); | |
23c3528a SD |
2386 | |
2387 | static void ieee802_1x_delete_transmit_sa(struct ieee802_1x_kay *kay, | |
2388 | struct transmit_sa *sa) | |
2389 | { | |
2390 | secy_disable_transmit_sa(kay, sa); | |
2391 | secy_delete_transmit_sa(kay, sa); | |
2392 | ieee802_1x_kay_deinit_transmit_sa(sa); | |
2393 | } | |
2394 | ||
2395 | ||
887d9d01 HW |
2396 | /** |
2397 | * ieee802_1x_participant_timer - | |
2398 | */ | |
2399 | static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx) | |
2400 | { | |
2401 | struct ieee802_1x_mka_participant *participant; | |
2402 | struct ieee802_1x_kay *kay; | |
2403 | struct ieee802_1x_kay_peer *peer, *pre_peer; | |
2404 | time_t now = time(NULL); | |
2405 | Boolean lp_changed; | |
2406 | struct receive_sc *rxsc, *pre_rxsc; | |
2407 | struct transmit_sa *txsa, *pre_txsa; | |
2408 | ||
2409 | participant = (struct ieee802_1x_mka_participant *)eloop_ctx; | |
2410 | kay = participant->kay; | |
2411 | if (participant->cak_life) { | |
34dbe90a SD |
2412 | if (now > participant->cak_life) |
2413 | goto delete_mka; | |
887d9d01 HW |
2414 | } |
2415 | ||
2416 | /* should delete MKA instance if there are not live peers | |
2417 | * when the MKA life elapsed since its creating */ | |
2418 | if (participant->mka_life) { | |
2419 | if (dl_list_empty(&participant->live_peers)) { | |
34dbe90a SD |
2420 | if (now > participant->mka_life) |
2421 | goto delete_mka; | |
887d9d01 HW |
2422 | } else { |
2423 | participant->mka_life = 0; | |
2424 | } | |
2425 | } | |
2426 | ||
2427 | lp_changed = FALSE; | |
2428 | dl_list_for_each_safe(peer, pre_peer, &participant->live_peers, | |
2429 | struct ieee802_1x_kay_peer, list) { | |
2430 | if (now > peer->expire) { | |
2431 | wpa_printf(MSG_DEBUG, "KaY: Live peer removed"); | |
2432 | wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, | |
2433 | sizeof(peer->mi)); | |
2434 | wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn); | |
2435 | dl_list_for_each_safe(rxsc, pre_rxsc, | |
2436 | &participant->rxsc_list, | |
2437 | struct receive_sc, list) { | |
a33e3c32 | 2438 | if (sci_equal(&rxsc->sci, &peer->sci)) { |
887d9d01 HW |
2439 | ieee802_1x_kay_deinit_receive_sc( |
2440 | participant, rxsc); | |
2441 | } | |
2442 | } | |
2443 | dl_list_del(&peer->list); | |
2444 | os_free(peer); | |
2445 | lp_changed = TRUE; | |
2446 | } | |
2447 | } | |
2448 | ||
2449 | if (lp_changed) { | |
2450 | if (dl_list_empty(&participant->live_peers)) { | |
2451 | participant->advised_desired = FALSE; | |
2452 | participant->advised_capability = | |
2453 | MACSEC_CAP_NOT_IMPLEMENTED; | |
2454 | participant->to_use_sak = FALSE; | |
e5469110 BA |
2455 | participant->ltx = FALSE; |
2456 | participant->lrx = FALSE; | |
2457 | participant->otx = FALSE; | |
2458 | participant->orx = FALSE; | |
2459 | participant->is_key_server = FALSE; | |
2460 | participant->is_elected = FALSE; | |
5762855a | 2461 | kay->authenticated = FALSE; |
887d9d01 HW |
2462 | kay->secured = FALSE; |
2463 | kay->failed = FALSE; | |
2464 | kay->ltx_kn = 0; | |
2465 | kay->ltx_an = 0; | |
2466 | kay->lrx_kn = 0; | |
2467 | kay->lrx_an = 0; | |
2468 | kay->otx_kn = 0; | |
2469 | kay->otx_an = 0; | |
2470 | kay->orx_kn = 0; | |
2471 | kay->orx_an = 0; | |
2472 | dl_list_for_each_safe(txsa, pre_txsa, | |
2473 | &participant->txsc->sa_list, | |
2474 | struct transmit_sa, list) { | |
23c3528a | 2475 | ieee802_1x_delete_transmit_sa(kay, txsa); |
887d9d01 HW |
2476 | } |
2477 | ||
5762855a | 2478 | ieee802_1x_cp_connect_pending(kay->cp); |
887d9d01 HW |
2479 | ieee802_1x_cp_sm_step(kay->cp); |
2480 | } else { | |
2481 | ieee802_1x_kay_elect_key_server(participant); | |
2482 | ieee802_1x_kay_decide_macsec_use(participant); | |
2483 | } | |
2484 | } | |
2485 | ||
2486 | dl_list_for_each_safe(peer, pre_peer, &participant->potential_peers, | |
2487 | struct ieee802_1x_kay_peer, list) { | |
2488 | if (now > peer->expire) { | |
2489 | wpa_printf(MSG_DEBUG, "KaY: Potential peer removed"); | |
2490 | wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, | |
2491 | sizeof(peer->mi)); | |
2492 | wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn); | |
2493 | dl_list_del(&peer->list); | |
2494 | os_free(peer); | |
2495 | } | |
2496 | } | |
2497 | ||
2498 | if (participant->new_sak) { | |
2499 | if (!ieee802_1x_kay_generate_new_sak(participant)) | |
2500 | participant->to_dist_sak = TRUE; | |
2501 | ||
2502 | participant->new_sak = FALSE; | |
2503 | } | |
2504 | ||
37e9f511 BA |
2505 | if (participant->retry_count < MAX_RETRY_CNT || |
2506 | participant->mode == PSK) { | |
887d9d01 HW |
2507 | ieee802_1x_participant_send_mkpdu(participant); |
2508 | participant->retry_count++; | |
2509 | } | |
2510 | ||
d9a0a722 | 2511 | eloop_register_timeout(kay->mka_hello_time / 1000, 0, |
887d9d01 HW |
2512 | ieee802_1x_participant_timer, |
2513 | participant, NULL); | |
34dbe90a SD |
2514 | |
2515 | return; | |
2516 | ||
2517 | delete_mka: | |
2518 | kay->authenticated = FALSE; | |
2519 | kay->secured = FALSE; | |
2520 | kay->failed = TRUE; | |
2521 | ieee802_1x_kay_delete_mka(kay, &participant->ckn); | |
887d9d01 HW |
2522 | } |
2523 | ||
2524 | ||
2525 | /** | |
2526 | * ieee802_1x_kay_init_transmit_sa - | |
2527 | */ | |
2528 | static struct transmit_sa * | |
2529 | ieee802_1x_kay_init_transmit_sa(struct transmit_sc *psc, u8 an, u32 next_PN, | |
2530 | struct data_key *key) | |
2531 | { | |
2532 | struct transmit_sa *psa; | |
2533 | ||
2534 | key->tx_latest = TRUE; | |
2535 | key->rx_latest = TRUE; | |
2536 | ||
2537 | psa = os_zalloc(sizeof(*psa)); | |
2538 | if (!psa) { | |
2539 | wpa_printf(MSG_ERROR, "%s: out of memory", __func__); | |
2540 | return NULL; | |
2541 | } | |
2542 | ||
2543 | if (key->confidentiality_offset >= CONFIDENTIALITY_OFFSET_0 && | |
2544 | key->confidentiality_offset <= CONFIDENTIALITY_OFFSET_50) | |
2545 | psa->confidentiality = TRUE; | |
2546 | else | |
2547 | psa->confidentiality = FALSE; | |
2548 | ||
2549 | psa->an = an; | |
99b82bf5 | 2550 | ieee802_1x_kay_use_data_key(key); |
887d9d01 HW |
2551 | psa->pkey = key; |
2552 | psa->next_pn = next_PN; | |
2553 | psa->sc = psc; | |
2554 | ||
2555 | os_get_time(&psa->created_time); | |
2556 | psa->in_use = FALSE; | |
2557 | ||
2558 | dl_list_add(&psc->sa_list, &psa->list); | |
2559 | wpa_printf(MSG_DEBUG, | |
6f551abd SD |
2560 | "KaY: Create transmit SA(an: %hhu, next_PN: %u) of SC", |
2561 | an, next_PN); | |
887d9d01 HW |
2562 | |
2563 | return psa; | |
2564 | } | |
2565 | ||
2566 | ||
2567 | /** | |
2568 | * ieee802_1x_kay_deinit_transmit_sa - | |
2569 | */ | |
2570 | static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa) | |
2571 | { | |
99b82bf5 | 2572 | ieee802_1x_kay_deinit_data_key(psa->pkey); |
887d9d01 HW |
2573 | psa->pkey = NULL; |
2574 | wpa_printf(MSG_DEBUG, | |
3ceb4582 SD |
2575 | "KaY: Delete transmit SA(an: %hhu) of SC", |
2576 | psa->an); | |
887d9d01 HW |
2577 | dl_list_del(&psa->list); |
2578 | os_free(psa); | |
2579 | } | |
2580 | ||
2581 | ||
2582 | /** | |
2583 | * init_transmit_sc - | |
2584 | */ | |
2585 | static struct transmit_sc * | |
6f551abd | 2586 | ieee802_1x_kay_init_transmit_sc(const struct ieee802_1x_mka_sci *sci) |
887d9d01 HW |
2587 | { |
2588 | struct transmit_sc *psc; | |
2589 | ||
2590 | psc = os_zalloc(sizeof(*psc)); | |
2591 | if (!psc) { | |
2592 | wpa_printf(MSG_ERROR, "%s: out of memory", __func__); | |
2593 | return NULL; | |
2594 | } | |
2595 | os_memcpy(&psc->sci, sci, sizeof(psc->sci)); | |
887d9d01 HW |
2596 | |
2597 | os_get_time(&psc->created_time); | |
2598 | psc->transmitting = FALSE; | |
2599 | psc->encoding_sa = FALSE; | |
2600 | psc->enciphering_sa = FALSE; | |
2601 | ||
2602 | dl_list_init(&psc->sa_list); | |
6f551abd | 2603 | wpa_printf(MSG_DEBUG, "KaY: Create transmit SC"); |
887d9d01 HW |
2604 | wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)sci , sizeof(*sci)); |
2605 | ||
2606 | return psc; | |
2607 | } | |
2608 | ||
2609 | ||
2610 | /** | |
2611 | * ieee802_1x_kay_deinit_transmit_sc - | |
2612 | */ | |
2613 | static void | |
2614 | ieee802_1x_kay_deinit_transmit_sc( | |
2615 | struct ieee802_1x_mka_participant *participant, struct transmit_sc *psc) | |
2616 | { | |
2617 | struct transmit_sa *psa, *tmp; | |
2618 | ||
6f551abd | 2619 | wpa_printf(MSG_DEBUG, "KaY: Delete transmit SC"); |
23c3528a SD |
2620 | dl_list_for_each_safe(psa, tmp, &psc->sa_list, struct transmit_sa, list) |
2621 | ieee802_1x_delete_transmit_sa(participant->kay, psa); | |
887d9d01 | 2622 | |
e50df5d2 | 2623 | secy_delete_transmit_sc(participant->kay, psc); |
887d9d01 HW |
2624 | os_free(psc); |
2625 | } | |
2626 | ||
2627 | ||
2628 | /****************** Interface between CP and KAY *********************/ | |
2629 | /** | |
2630 | * ieee802_1x_kay_set_latest_sa_attr - | |
2631 | */ | |
2632 | int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay, | |
2633 | struct ieee802_1x_mka_ki *lki, u8 lan, | |
2634 | Boolean ltx, Boolean lrx) | |
2635 | { | |
2636 | struct ieee802_1x_mka_participant *principal; | |
2637 | ||
2638 | principal = ieee802_1x_kay_get_principal_participant(kay); | |
2639 | if (!principal) | |
2640 | return -1; | |
2641 | ||
2642 | if (!lki) | |
2643 | os_memset(&principal->lki, 0, sizeof(principal->lki)); | |
2644 | else | |
2645 | os_memcpy(&principal->lki, lki, sizeof(principal->lki)); | |
2646 | ||
2647 | principal->lan = lan; | |
2648 | principal->ltx = ltx; | |
2649 | principal->lrx = lrx; | |
2650 | if (!lki) { | |
2651 | kay->ltx_kn = 0; | |
2652 | kay->lrx_kn = 0; | |
2653 | } else { | |
2654 | kay->ltx_kn = lki->kn; | |
2655 | kay->lrx_kn = lki->kn; | |
2656 | } | |
2657 | kay->ltx_an = lan; | |
2658 | kay->lrx_an = lan; | |
2659 | ||
2660 | return 0; | |
2661 | } | |
2662 | ||
2663 | ||
2664 | /** | |
2665 | * ieee802_1x_kay_set_old_sa_attr - | |
2666 | */ | |
2667 | int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay, | |
2668 | struct ieee802_1x_mka_ki *oki, | |
2669 | u8 oan, Boolean otx, Boolean orx) | |
2670 | { | |
2671 | struct ieee802_1x_mka_participant *principal; | |
2672 | ||
2673 | principal = ieee802_1x_kay_get_principal_participant(kay); | |
2674 | if (!principal) | |
2675 | return -1; | |
2676 | ||
2677 | if (!oki) | |
2678 | os_memset(&principal->oki, 0, sizeof(principal->oki)); | |
2679 | else | |
2680 | os_memcpy(&principal->oki, oki, sizeof(principal->oki)); | |
2681 | ||
2682 | principal->oan = oan; | |
2683 | principal->otx = otx; | |
2684 | principal->orx = orx; | |
2685 | ||
2686 | if (!oki) { | |
2687 | kay->otx_kn = 0; | |
2688 | kay->orx_kn = 0; | |
2689 | } else { | |
2690 | kay->otx_kn = oki->kn; | |
2691 | kay->orx_kn = oki->kn; | |
2692 | } | |
2693 | kay->otx_an = oan; | |
2694 | kay->orx_an = oan; | |
2695 | ||
2696 | return 0; | |
2697 | } | |
2698 | ||
2699 | ||
23c3528a SD |
2700 | static struct transmit_sa * lookup_txsa_by_an(struct transmit_sc *txsc, u8 an) |
2701 | { | |
2702 | struct transmit_sa *txsa; | |
2703 | ||
2704 | dl_list_for_each(txsa, &txsc->sa_list, struct transmit_sa, list) { | |
2705 | if (txsa->an == an) | |
2706 | return txsa; | |
2707 | } | |
2708 | ||
2709 | return NULL; | |
2710 | } | |
2711 | ||
2712 | ||
2713 | static struct receive_sa * lookup_rxsa_by_an(struct receive_sc *rxsc, u8 an) | |
2714 | { | |
2715 | struct receive_sa *rxsa; | |
2716 | ||
2717 | dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list) { | |
2718 | if (rxsa->an == an) | |
2719 | return rxsa; | |
2720 | } | |
2721 | ||
2722 | return NULL; | |
2723 | } | |
2724 | ||
2725 | ||
887d9d01 HW |
2726 | /** |
2727 | * ieee802_1x_kay_create_sas - | |
2728 | */ | |
2729 | int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay, | |
2730 | struct ieee802_1x_mka_ki *lki) | |
2731 | { | |
2732 | struct data_key *sa_key, *latest_sak; | |
2733 | struct ieee802_1x_mka_participant *principal; | |
2734 | struct receive_sc *rxsc; | |
2735 | struct receive_sa *rxsa; | |
2736 | struct transmit_sa *txsa; | |
2737 | ||
2738 | principal = ieee802_1x_kay_get_principal_participant(kay); | |
2739 | if (!principal) | |
2740 | return -1; | |
2741 | ||
2742 | latest_sak = NULL; | |
2743 | dl_list_for_each(sa_key, &principal->sak_list, struct data_key, list) { | |
2744 | if (is_ki_equal(&sa_key->key_identifier, lki)) { | |
2745 | sa_key->rx_latest = TRUE; | |
2746 | sa_key->tx_latest = TRUE; | |
2747 | latest_sak = sa_key; | |
2748 | principal->to_use_sak = TRUE; | |
2749 | } else { | |
2750 | sa_key->rx_latest = FALSE; | |
2751 | sa_key->tx_latest = FALSE; | |
2752 | } | |
2753 | } | |
2754 | if (!latest_sak) { | |
2755 | wpa_printf(MSG_ERROR, "lki related sak not found"); | |
2756 | return -1; | |
2757 | } | |
2758 | ||
2759 | dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) { | |
23c3528a SD |
2760 | while ((rxsa = lookup_rxsa_by_an(rxsc, latest_sak->an)) != NULL) |
2761 | ieee802_1x_delete_receive_sa(kay, rxsa); | |
2762 | ||
887d9d01 HW |
2763 | rxsa = ieee802_1x_kay_init_receive_sa(rxsc, latest_sak->an, 1, |
2764 | latest_sak); | |
2765 | if (!rxsa) | |
2766 | return -1; | |
2767 | ||
2768 | secy_create_receive_sa(kay, rxsa); | |
2769 | } | |
2770 | ||
23c3528a SD |
2771 | while ((txsa = lookup_txsa_by_an(principal->txsc, latest_sak->an)) != |
2772 | NULL) | |
2773 | ieee802_1x_delete_transmit_sa(kay, txsa); | |
2774 | ||
887d9d01 HW |
2775 | txsa = ieee802_1x_kay_init_transmit_sa(principal->txsc, latest_sak->an, |
2776 | 1, latest_sak); | |
2777 | if (!txsa) | |
2778 | return -1; | |
2779 | ||
2780 | secy_create_transmit_sa(kay, txsa); | |
2781 | ||
2782 | ||
2783 | ||
2784 | return 0; | |
2785 | } | |
2786 | ||
2787 | ||
2788 | /** | |
2789 | * ieee802_1x_kay_delete_sas - | |
2790 | */ | |
2791 | int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay, | |
2792 | struct ieee802_1x_mka_ki *ki) | |
2793 | { | |
2794 | struct data_key *sa_key, *pre_key; | |
2795 | struct transmit_sa *txsa, *pre_txsa; | |
2796 | struct receive_sa *rxsa, *pre_rxsa; | |
2797 | struct receive_sc *rxsc; | |
2798 | struct ieee802_1x_mka_participant *principal; | |
2799 | ||
2800 | wpa_printf(MSG_DEBUG, "KaY: Entry into %s", __func__); | |
2801 | principal = ieee802_1x_kay_get_principal_participant(kay); | |
2802 | if (!principal) | |
2803 | return -1; | |
2804 | ||
2805 | /* remove the transmit sa */ | |
2806 | dl_list_for_each_safe(txsa, pre_txsa, &principal->txsc->sa_list, | |
2807 | struct transmit_sa, list) { | |
23c3528a SD |
2808 | if (is_ki_equal(&txsa->pkey->key_identifier, ki)) |
2809 | ieee802_1x_delete_transmit_sa(kay, txsa); | |
887d9d01 HW |
2810 | } |
2811 | ||
2812 | /* remove the receive sa */ | |
2813 | dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) { | |
2814 | dl_list_for_each_safe(rxsa, pre_rxsa, &rxsc->sa_list, | |
2815 | struct receive_sa, list) { | |
23c3528a SD |
2816 | if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) |
2817 | ieee802_1x_delete_receive_sa(kay, rxsa); | |
887d9d01 HW |
2818 | } |
2819 | } | |
2820 | ||
2821 | /* remove the sak */ | |
2822 | dl_list_for_each_safe(sa_key, pre_key, &principal->sak_list, | |
2823 | struct data_key, list) { | |
2824 | if (is_ki_equal(&sa_key->key_identifier, ki)) { | |
99b82bf5 | 2825 | dl_list_del(&sa_key->list); |
887d9d01 HW |
2826 | ieee802_1x_kay_deinit_data_key(sa_key); |
2827 | break; | |
2828 | } | |
2829 | if (principal->new_key == sa_key) | |
2830 | principal->new_key = NULL; | |
2831 | } | |
2832 | ||
2833 | return 0; | |
2834 | } | |
2835 | ||
2836 | ||
2837 | /** | |
2838 | * ieee802_1x_kay_enable_tx_sas - | |
2839 | */ | |
2840 | int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay, | |
2841 | struct ieee802_1x_mka_ki *lki) | |
2842 | { | |
2843 | struct ieee802_1x_mka_participant *principal; | |
2844 | struct transmit_sa *txsa; | |
2845 | ||
2846 | principal = ieee802_1x_kay_get_principal_participant(kay); | |
2847 | if (!principal) | |
2848 | return -1; | |
2849 | ||
2850 | dl_list_for_each(txsa, &principal->txsc->sa_list, struct transmit_sa, | |
2851 | list) { | |
2852 | if (is_ki_equal(&txsa->pkey->key_identifier, lki)) { | |
2853 | txsa->in_use = TRUE; | |
2854 | secy_enable_transmit_sa(kay, txsa); | |
2855 | ieee802_1x_cp_set_usingtransmitas( | |
2856 | principal->kay->cp, TRUE); | |
2857 | ieee802_1x_cp_sm_step(principal->kay->cp); | |
2858 | } | |
2859 | } | |
2860 | ||
2861 | return 0; | |
2862 | } | |
2863 | ||
2864 | ||
2865 | /** | |
2866 | * ieee802_1x_kay_enable_rx_sas - | |
2867 | */ | |
2868 | int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay, | |
2869 | struct ieee802_1x_mka_ki *lki) | |
2870 | { | |
2871 | struct ieee802_1x_mka_participant *principal; | |
2872 | struct receive_sa *rxsa; | |
2873 | struct receive_sc *rxsc; | |
2874 | ||
2875 | principal = ieee802_1x_kay_get_principal_participant(kay); | |
2876 | if (!principal) | |
2877 | return -1; | |
2878 | ||
2879 | dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) { | |
2880 | dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list) | |
2881 | { | |
2882 | if (is_ki_equal(&rxsa->pkey->key_identifier, lki)) { | |
2883 | rxsa->in_use = TRUE; | |
2884 | secy_enable_receive_sa(kay, rxsa); | |
2885 | ieee802_1x_cp_set_usingreceivesas( | |
2886 | principal->kay->cp, TRUE); | |
2887 | ieee802_1x_cp_sm_step(principal->kay->cp); | |
2888 | } | |
2889 | } | |
2890 | } | |
2891 | ||
2892 | return 0; | |
2893 | } | |
2894 | ||
2895 | ||
2896 | /** | |
2897 | * ieee802_1x_kay_enable_new_info - | |
2898 | */ | |
2899 | int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay) | |
2900 | { | |
2901 | struct ieee802_1x_mka_participant *principal; | |
2902 | ||
2903 | principal = ieee802_1x_kay_get_principal_participant(kay); | |
2904 | if (!principal) | |
2905 | return -1; | |
2906 | ||
37e9f511 | 2907 | if (principal->retry_count < MAX_RETRY_CNT || principal->mode == PSK) { |
887d9d01 HW |
2908 | ieee802_1x_participant_send_mkpdu(principal); |
2909 | principal->retry_count++; | |
2910 | } | |
2911 | ||
2912 | return 0; | |
2913 | } | |
2914 | ||
2915 | ||
887d9d01 HW |
2916 | /** |
2917 | * ieee802_1x_kay_mkpdu_sanity_check - | |
2918 | * sanity check specified in clause 11.11.2 of IEEE802.1X-2010 | |
2919 | */ | |
2920 | static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay, | |
2921 | const u8 *buf, size_t len) | |
2922 | { | |
2923 | struct ieee8023_hdr *eth_hdr; | |
2924 | struct ieee802_1x_hdr *eapol_hdr; | |
2925 | struct ieee802_1x_mka_hdr *mka_hdr; | |
2926 | struct ieee802_1x_mka_basic_body *body; | |
2927 | size_t mka_msg_len; | |
2928 | struct ieee802_1x_mka_participant *participant; | |
2929 | size_t body_len; | |
b54b53e6 | 2930 | size_t ckn_len; |
887d9d01 HW |
2931 | u8 icv[MAX_ICV_LEN]; |
2932 | u8 *msg_icv; | |
2933 | ||
2934 | eth_hdr = (struct ieee8023_hdr *) buf; | |
2935 | eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1); | |
2936 | mka_hdr = (struct ieee802_1x_mka_hdr *) (eapol_hdr + 1); | |
2937 | ||
2938 | /* destination address should be not individual address */ | |
2939 | if (os_memcmp(eth_hdr->dest, pae_group_addr, ETH_ALEN) != 0) { | |
2940 | wpa_printf(MSG_MSGDUMP, | |
2941 | "KaY: ethernet destination address is not PAE group address"); | |
2942 | return -1; | |
2943 | } | |
2944 | ||
f9ea083b | 2945 | /* MKPDU should not be less than 32 octets */ |
887d9d01 HW |
2946 | mka_msg_len = be_to_host16(eapol_hdr->length); |
2947 | if (mka_msg_len < 32) { | |
2948 | wpa_printf(MSG_MSGDUMP, "KaY: MKPDU is less than 32 octets"); | |
2949 | return -1; | |
2950 | } | |
f9ea083b | 2951 | /* MKPDU should be a multiple of 4 octets */ |
887d9d01 HW |
2952 | if ((mka_msg_len % 4) != 0) { |
2953 | wpa_printf(MSG_MSGDUMP, | |
2954 | "KaY: MKPDU is not multiple of 4 octets"); | |
2955 | return -1; | |
2956 | } | |
2957 | ||
2958 | body = (struct ieee802_1x_mka_basic_body *) mka_hdr; | |
2959 | ieee802_1x_mka_dump_basic_body(body); | |
2960 | body_len = get_mka_param_body_len(body); | |
2961 | /* EAPOL-MKA body should comprise basic parameter set and ICV */ | |
2962 | if (mka_msg_len < MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN) { | |
2963 | wpa_printf(MSG_ERROR, | |
3ceb4582 SD |
2964 | "KaY: Received EAPOL-MKA Packet Body Length (%zu bytes) is less than the Basic Parameter Set Header Length (%zu bytes) + the Basic Parameter Set Body Length (%zu bytes) + %d bytes of ICV", |
2965 | mka_msg_len, MKA_HDR_LEN, | |
2966 | body_len, DEFAULT_ICV_LEN); | |
887d9d01 HW |
2967 | return -1; |
2968 | } | |
2969 | ||
b54b53e6 MS |
2970 | if (body_len < sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN) { |
2971 | wpa_printf(MSG_DEBUG, "KaY: Too small body length %zu", | |
2972 | body_len); | |
2973 | return -1; | |
2974 | } | |
2975 | ckn_len = body_len - | |
2976 | (sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN); | |
2977 | if (ckn_len < 1 || ckn_len > MAX_CKN_LEN) { | |
2978 | wpa_printf(MSG_ERROR, | |
2979 | "KaY: Received EAPOL-MKA CKN Length (%zu bytes) is out of range (<= %u bytes)", | |
2980 | ckn_len, MAX_CKN_LEN); | |
2981 | return -1; | |
2982 | } | |
2983 | ||
887d9d01 | 2984 | /* CKN should be owned by I */ |
b54b53e6 | 2985 | participant = ieee802_1x_kay_get_participant(kay, body->ckn, ckn_len); |
887d9d01 HW |
2986 | if (!participant) { |
2987 | wpa_printf(MSG_DEBUG, "CKN is not included in my CA"); | |
2988 | return -1; | |
2989 | } | |
2990 | ||
2991 | /* algorithm agility check */ | |
2992 | if (os_memcmp(body->algo_agility, mka_algo_agility, | |
2993 | sizeof(body->algo_agility)) != 0) { | |
2994 | wpa_printf(MSG_ERROR, | |
2995 | "KaY: peer's algorithm agility not supported for me"); | |
2996 | return -1; | |
2997 | } | |
2998 | ||
2999 | /* ICV check */ | |
3000 | /* | |
3001 | * The ICV will comprise the final octets of the packet body, whatever | |
3002 | * its size, not the fixed length 16 octets, indicated by the EAPOL | |
3003 | * packet body length. | |
3004 | */ | |
3005 | if (mka_alg_tbl[kay->mka_algindex].icv_hash( | |
3006 | participant->ick.key, | |
3007 | buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) { | |
3008 | wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed"); | |
3009 | return -1; | |
3010 | } | |
53080f77 | 3011 | |
887d9d01 HW |
3012 | msg_icv = ieee802_1x_mka_decode_icv_body(participant, (u8 *) mka_hdr, |
3013 | mka_msg_len); | |
53080f77 | 3014 | if (!msg_icv) { |
887d9d01 HW |
3015 | wpa_printf(MSG_ERROR, "KaY: No ICV"); |
3016 | return -1; | |
3017 | } | |
53080f77 SD |
3018 | if (os_memcmp_const(msg_icv, icv, |
3019 | mka_alg_tbl[kay->mka_algindex].icv_len) != 0) { | |
3020 | wpa_printf(MSG_ERROR, | |
3021 | "KaY: Computed ICV is not equal to Received ICV"); | |
3022 | return -1; | |
3023 | } | |
887d9d01 HW |
3024 | |
3025 | return 0; | |
3026 | } | |
3027 | ||
3028 | ||
3029 | /** | |
3030 | * ieee802_1x_kay_decode_mkpdu - | |
3031 | */ | |
3032 | static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay, | |
3033 | const u8 *buf, size_t len) | |
3034 | { | |
3035 | struct ieee802_1x_mka_participant *participant; | |
3036 | struct ieee802_1x_mka_hdr *hdr; | |
db9ca18b | 3037 | struct ieee802_1x_kay_peer *peer; |
887d9d01 HW |
3038 | size_t body_len; |
3039 | size_t left_len; | |
65b47738 | 3040 | u8 body_type; |
887d9d01 HW |
3041 | int i; |
3042 | const u8 *pos; | |
887d9d01 | 3043 | Boolean handled[256]; |
db9ca18b MS |
3044 | Boolean bad_sak_use = FALSE; /* Error detected while processing SAK Use |
3045 | * parameter set */ | |
887d9d01 HW |
3046 | |
3047 | if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len)) | |
3048 | return -1; | |
3049 | ||
3050 | /* handle basic parameter set */ | |
3051 | pos = buf + sizeof(struct ieee8023_hdr) + sizeof(struct ieee802_1x_hdr); | |
3052 | left_len = len - sizeof(struct ieee8023_hdr) - | |
3053 | sizeof(struct ieee802_1x_hdr); | |
3054 | participant = ieee802_1x_mka_decode_basic_body(kay, pos, left_len); | |
3055 | if (!participant) | |
3056 | return -1; | |
3057 | ||
3058 | /* to skip basic parameter set */ | |
3059 | hdr = (struct ieee802_1x_mka_hdr *) pos; | |
61127f16 | 3060 | body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr)); |
887d9d01 HW |
3061 | pos += body_len + MKA_HDR_LEN; |
3062 | left_len -= body_len + MKA_HDR_LEN; | |
3063 | ||
3064 | /* check i am in the peer's peer list */ | |
343eb3b0 SD |
3065 | if (ieee802_1x_mka_i_in_peerlist(participant, pos, left_len) && |
3066 | !ieee802_1x_kay_is_in_live_peer(participant, | |
3067 | participant->current_peer_id.mi)) { | |
887d9d01 | 3068 | /* accept the peer as live peer */ |
887d9d01 HW |
3069 | if (ieee802_1x_kay_is_in_potential_peer( |
3070 | participant, participant->current_peer_id.mi)) { | |
ac285c00 SD |
3071 | if (!ieee802_1x_kay_move_live_peer( |
3072 | participant, | |
3073 | participant->current_peer_id.mi, | |
3074 | be_to_host32(participant-> | |
3075 | current_peer_id.mn))) | |
3076 | return -1; | |
343eb3b0 SD |
3077 | } else if (!ieee802_1x_kay_create_live_peer( |
3078 | participant, participant->current_peer_id.mi, | |
3079 | be_to_host32(participant-> | |
3080 | current_peer_id.mn))) { | |
3081 | return -1; | |
887d9d01 | 3082 | } |
343eb3b0 SD |
3083 | |
3084 | ieee802_1x_kay_elect_key_server(participant); | |
3085 | ieee802_1x_kay_decide_macsec_use(participant); | |
887d9d01 HW |
3086 | } |
3087 | ||
3088 | /* | |
3089 | * Handle other parameter set than basic parameter set. | |
3090 | * Each parameter set should be present only once. | |
3091 | */ | |
3092 | for (i = 0; i < 256; i++) | |
3093 | handled[i] = FALSE; | |
3094 | ||
3095 | handled[0] = TRUE; | |
b3df7836 SD |
3096 | for (; left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN; |
3097 | pos += body_len + MKA_HDR_LEN, | |
3098 | left_len -= body_len + MKA_HDR_LEN) { | |
887d9d01 | 3099 | hdr = (struct ieee802_1x_mka_hdr *) pos; |
61127f16 | 3100 | body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr)); |
887d9d01 HW |
3101 | body_type = get_mka_param_body_type(hdr); |
3102 | ||
3103 | if (body_type == MKA_ICV_INDICATOR) | |
3104 | return 0; | |
3105 | ||
3106 | if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) { | |
3107 | wpa_printf(MSG_ERROR, | |
3ceb4582 SD |
3108 | "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV", |
3109 | left_len, MKA_HDR_LEN, | |
3110 | body_len, DEFAULT_ICV_LEN); | |
0ad5893a | 3111 | return -1; |
887d9d01 HW |
3112 | } |
3113 | ||
3114 | if (handled[body_type]) | |
b3df7836 | 3115 | continue; |
887d9d01 HW |
3116 | |
3117 | handled[body_type] = TRUE; | |
515bc1ae SD |
3118 | if (body_type < ARRAY_SIZE(mka_body_handler) && |
3119 | mka_body_handler[body_type].body_rx) { | |
db9ca18b MS |
3120 | if (mka_body_handler[body_type].body_rx |
3121 | (participant, pos, left_len) != 0) { | |
3122 | /* Handle parameter set failure */ | |
3123 | if (body_type != MKA_SAK_USE) { | |
3124 | wpa_printf(MSG_INFO, | |
3125 | "KaY: Discarding Rx MKPDU: decode of parameter set type (%d) failed", | |
3126 | body_type); | |
3127 | return -1; | |
3128 | } | |
3129 | ||
3130 | /* Ideally DIST-SAK should be processed before | |
3131 | * SAK-USE. Unfortunately IEEE Std 802.1X-2010, | |
3132 | * 11.11.3 (Encoding MKPDUs) states SAK-USE(3) | |
3133 | * must always be encoded before DIST-SAK(4). | |
3134 | * Rather than redesigning mka_body_handler so | |
3135 | * that it somehow processes DIST-SAK before | |
3136 | * SAK-USE, just ignore SAK-USE failures if | |
3137 | * DIST-SAK is also present in this MKPDU. */ | |
3138 | bad_sak_use = TRUE; | |
3139 | } | |
887d9d01 HW |
3140 | } else { |
3141 | wpa_printf(MSG_ERROR, | |
3ceb4582 | 3142 | "The type %d is not supported in this MKA version %d", |
887d9d01 HW |
3143 | body_type, MKA_VERSION_ID); |
3144 | } | |
887d9d01 HW |
3145 | } |
3146 | ||
db9ca18b MS |
3147 | if (bad_sak_use && !handled[MKA_DISTRIBUTED_SAK]) { |
3148 | wpa_printf(MSG_INFO, | |
3149 | "KaY: Discarding Rx MKPDU: decode of parameter set type (%d) failed", | |
3150 | MKA_SAK_USE); | |
3151 | return -1; | |
3152 | } | |
3153 | ||
e4ae284b MS |
3154 | /* Detect missing parameter sets */ |
3155 | peer = ieee802_1x_kay_get_live_peer(participant, | |
3156 | participant->current_peer_id.mi); | |
3157 | if (peer) { | |
3158 | /* MKPDU is from live peer */ | |
3159 | if (!handled[MKA_SAK_USE]) { | |
3160 | /* Once a live peer starts sending SAK-USE, it should be | |
3161 | * sent every time. */ | |
3162 | if (peer->sak_used) { | |
3163 | wpa_printf(MSG_INFO, | |
3164 | "KaY: Discarding Rx MKPDU: Live Peer stopped sending SAK-USE"); | |
3165 | return -1; | |
3166 | } | |
3167 | ||
3168 | /* Live peer is probably hung if it hasn't sent SAK-USE | |
3169 | * after a reasonable number of MKPDUs. Drop the MKPDU, | |
3170 | * which will eventually force an timeout. */ | |
3171 | if (++peer->missing_sak_use_count > | |
3172 | MAX_MISSING_SAK_USE) { | |
3173 | wpa_printf(MSG_INFO, | |
3174 | "KaY: Discarding Rx MKPDU: Live Peer not sending SAK-USE"); | |
3175 | return -1; | |
3176 | } | |
3177 | } else { | |
3178 | peer->missing_sak_use_count = 0; | |
302bbad5 MS |
3179 | |
3180 | /* Only update live peer watchdog after successful | |
3181 | * decode of all parameter sets */ | |
3182 | peer->expire = time(NULL) + MKA_LIFE_TIME / 1000; | |
e4ae284b MS |
3183 | } |
3184 | } else { | |
3185 | /* MKPDU is from new or potential peer */ | |
3186 | peer = ieee802_1x_kay_get_peer(participant, | |
3187 | participant->current_peer_id.mi); | |
302bbad5 MS |
3188 | if (!peer) |
3189 | return -1; | |
e4ae284b | 3190 | |
302bbad5 MS |
3191 | /* Do not update potential peer watchdog. Per IEEE Std |
3192 | * 802.1X-2010, 9.4.3, potential peers need to show liveness by | |
3193 | * including our MI/MN in their transmitted MKPDU (within | |
3194 | * potential or live parameter sets). Whena potential peer does | |
3195 | * include our MI/MN in an MKPDU, we respond by moving the peer | |
3196 | * from 'potential_peers' to 'live_peers'. */ | |
3197 | } | |
db9ca18b | 3198 | |
887d9d01 HW |
3199 | kay->active = TRUE; |
3200 | participant->retry_count = 0; | |
3201 | participant->active = TRUE; | |
3202 | ||
3203 | return 0; | |
3204 | } | |
3205 | ||
3206 | ||
3207 | ||
3208 | static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf, | |
3209 | size_t len) | |
3210 | { | |
3211 | struct ieee802_1x_kay *kay = ctx; | |
3212 | struct ieee8023_hdr *eth_hdr; | |
3213 | struct ieee802_1x_hdr *eapol_hdr; | |
3214 | ||
3215 | /* must contain at least ieee8023_hdr + ieee802_1x_hdr */ | |
3216 | if (len < sizeof(*eth_hdr) + sizeof(*eapol_hdr)) { | |
3217 | wpa_printf(MSG_MSGDUMP, "KaY: EAPOL frame too short (%lu)", | |
3218 | (unsigned long) len); | |
3219 | return; | |
3220 | } | |
3221 | ||
3222 | eth_hdr = (struct ieee8023_hdr *) buf; | |
3223 | eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1); | |
3224 | if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) + | |
4e7f5a4a | 3225 | be_to_host16(eapol_hdr->length)) { |
887d9d01 HW |
3226 | wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)", |
3227 | (unsigned long) len, | |
4e7f5a4a | 3228 | (unsigned long) be_to_host16(eapol_hdr->length)); |
887d9d01 HW |
3229 | return; |
3230 | } | |
3231 | ||
3232 | if (eapol_hdr->version < EAPOL_VERSION) { | |
3233 | wpa_printf(MSG_MSGDUMP, "KaY: version %d does not support MKA", | |
3234 | eapol_hdr->version); | |
3235 | return; | |
3236 | } | |
4e7f5a4a | 3237 | if (be_to_host16(eth_hdr->ethertype) != ETH_P_PAE || |
887d9d01 HW |
3238 | eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA) |
3239 | return; | |
3240 | ||
3241 | wpa_hexdump(MSG_DEBUG, "RX EAPOL-MKA: ", buf, len); | |
3242 | if (dl_list_empty(&kay->participant_list)) { | |
3243 | wpa_printf(MSG_ERROR, "KaY: no MKA participant instance"); | |
3244 | return; | |
3245 | } | |
3246 | ||
3247 | ieee802_1x_kay_decode_mkpdu(kay, buf, len); | |
3248 | } | |
3249 | ||
3250 | ||
3251 | /** | |
3252 | * ieee802_1x_kay_init - | |
3253 | */ | |
3254 | struct ieee802_1x_kay * | |
3255 | ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy, | |
e49b78c0 | 3256 | Boolean macsec_replay_protect, u32 macsec_replay_window, |
65dfa872 | 3257 | u16 port, u8 priority, const char *ifname, const u8 *addr) |
887d9d01 HW |
3258 | { |
3259 | struct ieee802_1x_kay *kay; | |
3260 | ||
3261 | kay = os_zalloc(sizeof(*kay)); | |
3262 | if (!kay) { | |
3263 | wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__); | |
7612e65b | 3264 | os_free(ctx); |
887d9d01 HW |
3265 | return NULL; |
3266 | } | |
3267 | ||
3268 | kay->ctx = ctx; | |
3269 | ||
3270 | kay->enable = TRUE; | |
3271 | kay->active = FALSE; | |
3272 | ||
3273 | kay->authenticated = FALSE; | |
3274 | kay->secured = FALSE; | |
3275 | kay->failed = FALSE; | |
3276 | kay->policy = policy; | |
3277 | ||
3278 | os_strlcpy(kay->if_name, ifname, IFNAMSIZ); | |
3279 | os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN); | |
e0d9fd34 | 3280 | kay->actor_sci.port = host_to_be16(port ? port : 0x0001); |
65dfa872 | 3281 | kay->actor_priority = priority; |
887d9d01 HW |
3282 | |
3283 | /* While actor acts as a key server, shall distribute sakey */ | |
3284 | kay->dist_kn = 1; | |
3285 | kay->dist_an = 0; | |
3286 | kay->dist_time = 0; | |
3287 | ||
3288 | kay->pn_exhaustion = PENDING_PN_EXHAUSTION; | |
3289 | kay->macsec_csindex = DEFAULT_CS_INDEX; | |
3290 | kay->mka_algindex = DEFAULT_MKA_ALG_INDEX; | |
3291 | kay->mka_version = MKA_VERSION_ID; | |
3292 | ||
3293 | os_memcpy(kay->algo_agility, mka_algo_agility, | |
3294 | sizeof(kay->algo_agility)); | |
3295 | ||
3296 | dl_list_init(&kay->participant_list); | |
3297 | ||
088d53dd | 3298 | if (policy != DO_NOT_SECURE && |
7612e65b SD |
3299 | secy_get_capability(kay, &kay->macsec_capable) < 0) |
3300 | goto error; | |
088d53dd SD |
3301 | |
3302 | if (policy == DO_NOT_SECURE || | |
3303 | kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) { | |
887d9d01 HW |
3304 | kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED; |
3305 | kay->macsec_desired = FALSE; | |
3306 | kay->macsec_protect = FALSE; | |
58645454 | 3307 | kay->macsec_encrypt = FALSE; |
43d85927 | 3308 | kay->macsec_validate = Disabled; |
887d9d01 HW |
3309 | kay->macsec_replay_protect = FALSE; |
3310 | kay->macsec_replay_window = 0; | |
3311 | kay->macsec_confidentiality = CONFIDENTIALITY_NONE; | |
d9a0a722 | 3312 | kay->mka_hello_time = MKA_HELLO_TIME; |
887d9d01 | 3313 | } else { |
887d9d01 HW |
3314 | kay->macsec_desired = TRUE; |
3315 | kay->macsec_protect = TRUE; | |
58645454 MS |
3316 | if (kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF && |
3317 | policy == SHOULD_ENCRYPT) { | |
3318 | kay->macsec_encrypt = TRUE; | |
3319 | kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0; | |
3320 | } else { /* SHOULD_SECURE */ | |
3321 | kay->macsec_encrypt = FALSE; | |
3322 | kay->macsec_confidentiality = CONFIDENTIALITY_NONE; | |
3323 | } | |
43d85927 | 3324 | kay->macsec_validate = Strict; |
e49b78c0 AK |
3325 | kay->macsec_replay_protect = macsec_replay_protect; |
3326 | kay->macsec_replay_window = macsec_replay_window; | |
d9a0a722 | 3327 | kay->mka_hello_time = MKA_HELLO_TIME; |
887d9d01 HW |
3328 | } |
3329 | ||
3330 | wpa_printf(MSG_DEBUG, "KaY: state machine created"); | |
3331 | ||
3332 | /* Initialize the SecY must be prio to CP, as CP will control SecY */ | |
7612e65b SD |
3333 | if (secy_init_macsec(kay) < 0) { |
3334 | wpa_printf(MSG_DEBUG, "KaY: Could not initialize MACsec"); | |
3335 | goto error; | |
3336 | } | |
887d9d01 HW |
3337 | |
3338 | wpa_printf(MSG_DEBUG, "KaY: secy init macsec done"); | |
3339 | ||
3340 | /* init CP */ | |
95e9460d | 3341 | kay->cp = ieee802_1x_cp_sm_init(kay); |
7612e65b SD |
3342 | if (kay->cp == NULL) |
3343 | goto error; | |
887d9d01 HW |
3344 | |
3345 | if (policy == DO_NOT_SECURE) { | |
3346 | ieee802_1x_cp_connect_authenticated(kay->cp); | |
3347 | ieee802_1x_cp_sm_step(kay->cp); | |
3348 | } else { | |
3349 | kay->l2_mka = l2_packet_init(kay->if_name, NULL, ETH_P_PAE, | |
3350 | kay_l2_receive, kay, 1); | |
3351 | if (kay->l2_mka == NULL) { | |
3352 | wpa_printf(MSG_WARNING, | |
3353 | "KaY: Failed to initialize L2 packet processing for MKA packet"); | |
7612e65b | 3354 | goto error; |
887d9d01 HW |
3355 | } |
3356 | } | |
3357 | ||
3358 | return kay; | |
7612e65b SD |
3359 | |
3360 | error: | |
3361 | ieee802_1x_kay_deinit(kay); | |
3362 | return NULL; | |
887d9d01 HW |
3363 | } |
3364 | ||
3365 | ||
3366 | /** | |
3367 | * ieee802_1x_kay_deinit - | |
3368 | */ | |
3369 | void | |
3370 | ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay) | |
3371 | { | |
3372 | struct ieee802_1x_mka_participant *participant; | |
3373 | ||
3374 | if (!kay) | |
3375 | return; | |
3376 | ||
3377 | wpa_printf(MSG_DEBUG, "KaY: state machine removed"); | |
3378 | ||
3379 | while (!dl_list_empty(&kay->participant_list)) { | |
3380 | participant = dl_list_entry(kay->participant_list.next, | |
3381 | struct ieee802_1x_mka_participant, | |
3382 | list); | |
3383 | ieee802_1x_kay_delete_mka(kay, &participant->ckn); | |
3384 | } | |
3385 | ||
3386 | ieee802_1x_cp_sm_deinit(kay->cp); | |
3387 | secy_deinit_macsec(kay); | |
3388 | ||
3389 | if (kay->l2_mka) { | |
3390 | l2_packet_deinit(kay->l2_mka); | |
3391 | kay->l2_mka = NULL; | |
3392 | } | |
3393 | ||
3394 | os_free(kay->ctx); | |
3395 | os_free(kay); | |
3396 | } | |
3397 | ||
3398 | ||
3399 | /** | |
3400 | * ieee802_1x_kay_create_mka - | |
3401 | */ | |
3402 | struct ieee802_1x_mka_participant * | |
cce16e43 JM |
3403 | ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, |
3404 | const struct mka_key_name *ckn, | |
3405 | const struct mka_key *cak, u32 life, | |
887d9d01 HW |
3406 | enum mka_created_mode mode, Boolean is_authenticator) |
3407 | { | |
3408 | struct ieee802_1x_mka_participant *participant; | |
3409 | unsigned int usecs; | |
3410 | ||
3411 | if (!kay || !ckn || !cak) { | |
3412 | wpa_printf(MSG_ERROR, "KaY: ckn or cak is null"); | |
3413 | return NULL; | |
3414 | } | |
3415 | ||
3416 | if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) { | |
3417 | wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema"); | |
3418 | return NULL; | |
3419 | } | |
3420 | if (ckn->len > MAX_CKN_LEN) { | |
3421 | wpa_printf(MSG_ERROR, "KaY: CKN is out of range(<=32 bytes)"); | |
3422 | return NULL; | |
3423 | } | |
3424 | if (!kay->enable) { | |
3425 | wpa_printf(MSG_ERROR, "KaY: Now is at disable state"); | |
3426 | return NULL; | |
3427 | } | |
3428 | ||
3429 | participant = os_zalloc(sizeof(*participant)); | |
3430 | if (!participant) { | |
3431 | wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__); | |
3432 | return NULL; | |
3433 | } | |
3434 | ||
3435 | participant->ckn.len = ckn->len; | |
3436 | os_memcpy(participant->ckn.name, ckn->name, ckn->len); | |
3437 | participant->cak.len = cak->len; | |
3438 | os_memcpy(participant->cak.key, cak->key, cak->len); | |
3439 | if (life) | |
3440 | participant->cak_life = life + time(NULL); | |
3441 | ||
3442 | switch (mode) { | |
3443 | case EAP_EXCHANGE: | |
3444 | if (is_authenticator) { | |
3445 | participant->is_obliged_key_server = TRUE; | |
3446 | participant->can_be_key_server = TRUE; | |
3447 | participant->is_key_server = TRUE; | |
3448 | participant->principal = TRUE; | |
3449 | ||
3450 | os_memcpy(&kay->key_server_sci, &kay->actor_sci, | |
3451 | sizeof(kay->key_server_sci)); | |
3452 | kay->key_server_priority = kay->actor_priority; | |
3453 | participant->is_elected = TRUE; | |
3454 | } else { | |
3455 | participant->is_obliged_key_server = FALSE; | |
3456 | participant->can_be_key_server = FALSE; | |
3457 | participant->is_key_server = FALSE; | |
3458 | participant->is_elected = TRUE; | |
3459 | } | |
3460 | break; | |
3461 | ||
3462 | default: | |
3463 | participant->is_obliged_key_server = FALSE; | |
3464 | participant->can_be_key_server = TRUE; | |
099613e4 | 3465 | participant->is_key_server = TRUE; |
887d9d01 HW |
3466 | participant->is_elected = FALSE; |
3467 | break; | |
3468 | } | |
3469 | ||
3470 | participant->cached = FALSE; | |
3471 | ||
3472 | participant->active = FALSE; | |
3473 | participant->participant = FALSE; | |
3474 | participant->retain = FALSE; | |
3475 | participant->activate = DEFAULT; | |
3476 | ||
3477 | if (participant->is_key_server) | |
3478 | participant->principal = TRUE; | |
3479 | ||
3480 | dl_list_init(&participant->live_peers); | |
3481 | dl_list_init(&participant->potential_peers); | |
3482 | ||
3483 | participant->retry_count = 0; | |
3484 | participant->kay = kay; | |
3485 | ||
2b13bcad | 3486 | if (!reset_participant_mi(participant)) |
533d7fb7 | 3487 | goto fail; |
887d9d01 HW |
3488 | |
3489 | participant->lrx = FALSE; | |
3490 | participant->ltx = FALSE; | |
3491 | participant->orx = FALSE; | |
3492 | participant->otx = FALSE; | |
3493 | participant->to_dist_sak = FALSE; | |
3494 | participant->to_use_sak = FALSE; | |
3495 | participant->new_sak = FALSE; | |
3496 | dl_list_init(&participant->sak_list); | |
3497 | participant->new_key = NULL; | |
3498 | dl_list_init(&participant->rxsc_list); | |
6f551abd | 3499 | participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci); |
f68e86a4 XS |
3500 | secy_cp_control_protect_frames(kay, kay->macsec_protect); |
3501 | secy_cp_control_replay(kay, kay->macsec_replay_protect, | |
3502 | kay->macsec_replay_window); | |
887d9d01 HW |
3503 | secy_create_transmit_sc(kay, participant->txsc); |
3504 | ||
3505 | /* to derive KEK from CAK and CKN */ | |
3506 | participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len; | |
3507 | if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key, | |
3508 | participant->ckn.name, | |
3509 | participant->ckn.len, | |
3510 | participant->kek.key)) { | |
3511 | wpa_printf(MSG_ERROR, "KaY: Derived KEK failed"); | |
3512 | goto fail; | |
3513 | } | |
3514 | wpa_hexdump_key(MSG_DEBUG, "KaY: Derived KEK", | |
3515 | participant->kek.key, participant->kek.len); | |
3516 | ||
3517 | /* to derive ICK from CAK and CKN */ | |
3518 | participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len; | |
3519 | if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key, | |
3520 | participant->ckn.name, | |
3521 | participant->ckn.len, | |
3522 | participant->ick.key)) { | |
3523 | wpa_printf(MSG_ERROR, "KaY: Derived ICK failed"); | |
3524 | goto fail; | |
3525 | } | |
3526 | wpa_hexdump_key(MSG_DEBUG, "KaY: Derived ICK", | |
3527 | participant->ick.key, participant->ick.len); | |
3528 | ||
3529 | dl_list_add(&kay->participant_list, &participant->list); | |
3530 | wpa_hexdump(MSG_DEBUG, "KaY: Participant created:", | |
3531 | ckn->name, ckn->len); | |
3532 | ||
d9a0a722 | 3533 | usecs = os_random() % (kay->mka_hello_time * 1000); |
887d9d01 HW |
3534 | eloop_register_timeout(0, usecs, ieee802_1x_participant_timer, |
3535 | participant, NULL); | |
008e224d SD |
3536 | |
3537 | /* Disable MKA lifetime for PSK mode. | |
3538 | * The peer(s) can take a long time to come up, because we | |
3539 | * create a "standby" MKA, and we need it to remain live until | |
3540 | * some peer appears. | |
3541 | */ | |
3542 | if (mode != PSK) { | |
3543 | participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) + | |
3544 | usecs / 1000000; | |
3545 | } | |
37e9f511 | 3546 | participant->mode = mode; |
887d9d01 HW |
3547 | |
3548 | return participant; | |
3549 | ||
3550 | fail: | |
3551 | os_free(participant); | |
3552 | return NULL; | |
3553 | } | |
3554 | ||
3555 | ||
3556 | /** | |
3557 | * ieee802_1x_kay_delete_mka - | |
3558 | */ | |
3559 | void | |
3560 | ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn) | |
3561 | { | |
3562 | struct ieee802_1x_mka_participant *participant; | |
3563 | struct ieee802_1x_kay_peer *peer; | |
3564 | struct data_key *sak; | |
3565 | struct receive_sc *rxsc; | |
3566 | ||
3567 | if (!kay || !ckn) | |
3568 | return; | |
3569 | ||
3570 | wpa_printf(MSG_DEBUG, "KaY: participant removed"); | |
3571 | ||
3572 | /* get the participant */ | |
b54b53e6 | 3573 | participant = ieee802_1x_kay_get_participant(kay, ckn->name, ckn->len); |
887d9d01 HW |
3574 | if (!participant) { |
3575 | wpa_hexdump(MSG_DEBUG, "KaY: participant is not found", | |
3576 | ckn->name, ckn->len); | |
3577 | return; | |
3578 | } | |
3579 | ||
cfe0a019 | 3580 | eloop_cancel_timeout(ieee802_1x_participant_timer, participant, NULL); |
887d9d01 HW |
3581 | dl_list_del(&participant->list); |
3582 | ||
3583 | /* remove live peer */ | |
3584 | while (!dl_list_empty(&participant->live_peers)) { | |
3585 | peer = dl_list_entry(participant->live_peers.next, | |
3586 | struct ieee802_1x_kay_peer, list); | |
3587 | dl_list_del(&peer->list); | |
3588 | os_free(peer); | |
3589 | } | |
3590 | ||
3591 | /* remove potential peer */ | |
3592 | while (!dl_list_empty(&participant->potential_peers)) { | |
3593 | peer = dl_list_entry(participant->potential_peers.next, | |
3594 | struct ieee802_1x_kay_peer, list); | |
3595 | dl_list_del(&peer->list); | |
3596 | os_free(peer); | |
3597 | } | |
3598 | ||
3599 | /* remove sak */ | |
3600 | while (!dl_list_empty(&participant->sak_list)) { | |
3601 | sak = dl_list_entry(participant->sak_list.next, | |
3602 | struct data_key, list); | |
3603 | dl_list_del(&sak->list); | |
99b82bf5 | 3604 | ieee802_1x_kay_deinit_data_key(sak); |
887d9d01 HW |
3605 | } |
3606 | while (!dl_list_empty(&participant->rxsc_list)) { | |
3607 | rxsc = dl_list_entry(participant->rxsc_list.next, | |
3608 | struct receive_sc, list); | |
887d9d01 HW |
3609 | ieee802_1x_kay_deinit_receive_sc(participant, rxsc); |
3610 | } | |
887d9d01 HW |
3611 | ieee802_1x_kay_deinit_transmit_sc(participant, participant->txsc); |
3612 | ||
3613 | os_memset(&participant->cak, 0, sizeof(participant->cak)); | |
3614 | os_memset(&participant->kek, 0, sizeof(participant->kek)); | |
3615 | os_memset(&participant->ick, 0, sizeof(participant->ick)); | |
3616 | os_free(participant); | |
3617 | } | |
3618 | ||
3619 | ||
3620 | /** | |
3621 | * ieee802_1x_kay_mka_participate - | |
3622 | */ | |
3623 | void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay, | |
3624 | struct mka_key_name *ckn, | |
3625 | Boolean status) | |
3626 | { | |
3627 | struct ieee802_1x_mka_participant *participant; | |
3628 | ||
3629 | if (!kay || !ckn) | |
3630 | return; | |
3631 | ||
b54b53e6 | 3632 | participant = ieee802_1x_kay_get_participant(kay, ckn->name, ckn->len); |
887d9d01 HW |
3633 | if (!participant) |
3634 | return; | |
3635 | ||
3636 | participant->active = status; | |
3637 | } | |
3638 | ||
3639 | ||
3640 | /** | |
3641 | * ieee802_1x_kay_new_sak - | |
3642 | */ | |
3643 | int | |
3644 | ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay) | |
3645 | { | |
3646 | struct ieee802_1x_mka_participant *participant; | |
3647 | ||
3648 | if (!kay) | |
3649 | return -1; | |
3650 | ||
3651 | participant = ieee802_1x_kay_get_principal_participant(kay); | |
3652 | if (!participant) | |
3653 | return -1; | |
3654 | ||
3655 | participant->new_sak = TRUE; | |
3656 | wpa_printf(MSG_DEBUG, "KaY: new SAK signal"); | |
3657 | ||
3658 | return 0; | |
3659 | } | |
3660 | ||
3661 | ||
3662 | /** | |
3663 | * ieee802_1x_kay_change_cipher_suite - | |
3664 | */ | |
3665 | int | |
535a8b87 JM |
3666 | ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay, |
3667 | unsigned int cs_index) | |
887d9d01 HW |
3668 | { |
3669 | struct ieee802_1x_mka_participant *participant; | |
a25e4efc | 3670 | enum macsec_cap secy_cap; |
887d9d01 HW |
3671 | |
3672 | if (!kay) | |
3673 | return -1; | |
3674 | ||
535a8b87 | 3675 | if (cs_index >= CS_TABLE_SIZE) { |
887d9d01 HW |
3676 | wpa_printf(MSG_ERROR, |
3677 | "KaY: Configured cipher suite index is out of range"); | |
3678 | return -1; | |
3679 | } | |
3680 | if (kay->macsec_csindex == cs_index) | |
3681 | return -2; | |
3682 | ||
3683 | if (cs_index == 0) | |
3684 | kay->macsec_desired = FALSE; | |
3685 | ||
3686 | kay->macsec_csindex = cs_index; | |
3687 | kay->macsec_capable = cipher_suite_tbl[kay->macsec_csindex].capable; | |
3688 | ||
a25e4efc SD |
3689 | if (secy_get_capability(kay, &secy_cap) < 0) |
3690 | return -3; | |
3691 | ||
3692 | if (kay->macsec_capable > secy_cap) | |
3693 | kay->macsec_capable = secy_cap; | |
3694 | ||
887d9d01 HW |
3695 | participant = ieee802_1x_kay_get_principal_participant(kay); |
3696 | if (participant) { | |
3697 | wpa_printf(MSG_INFO, "KaY: Cipher Suite changed"); | |
3698 | participant->new_sak = TRUE; | |
3699 | } | |
3700 | ||
3701 | return 0; | |
3702 | } | |
7508c2ad BA |
3703 | |
3704 | ||
3705 | #ifdef CONFIG_CTRL_IFACE | |
3706 | /** | |
3707 | * ieee802_1x_kay_get_status - Get IEEE 802.1X KaY status details | |
3708 | * @sm: Pointer to KaY allocated with ieee802_1x_kay_init() | |
3709 | * @buf: Buffer for status information | |
3710 | * @buflen: Maximum buffer length | |
3711 | * @verbose: Whether to include verbose status information | |
3712 | * Returns: Number of bytes written to buf. | |
3713 | * | |
3714 | * Query KAY status information. This function fills in a text area with current | |
3715 | * status information. If the buffer (buf) is not large enough, status | |
3716 | * information will be truncated to fit the buffer. | |
3717 | */ | |
3718 | int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf, | |
3719 | size_t buflen) | |
3720 | { | |
3721 | int len; | |
3722 | ||
3723 | if (!kay) | |
3724 | return 0; | |
3725 | ||
3726 | len = os_snprintf(buf, buflen, | |
3727 | "PAE KaY status=%s\n" | |
3728 | "Authenticated=%s\n" | |
3729 | "Secured=%s\n" | |
3730 | "Failed=%s\n" | |
3731 | "Actor Priority=%u\n" | |
3732 | "Key Server Priority=%u\n" | |
3733 | "Is Key Server=%s\n" | |
3734 | "Number of Keys Distributed=%u\n" | |
d9a0a722 MS |
3735 | "Number of Keys Received=%u\n" |
3736 | "MKA Hello Time=%u\n", | |
7508c2ad BA |
3737 | kay->active ? "Active" : "Not-Active", |
3738 | kay->authenticated ? "Yes" : "No", | |
3739 | kay->secured ? "Yes" : "No", | |
3740 | kay->failed ? "Yes" : "No", | |
3741 | kay->actor_priority, | |
3742 | kay->key_server_priority, | |
3743 | kay->is_key_server ? "Yes" : "No", | |
3744 | kay->dist_kn - 1, | |
d9a0a722 MS |
3745 | kay->rcvd_keys, |
3746 | kay->mka_hello_time); | |
7508c2ad BA |
3747 | if (os_snprintf_error(buflen, len)) |
3748 | return 0; | |
3749 | ||
3750 | return len; | |
3751 | } | |
3752 | #endif /* CONFIG_CTRL_IFACE */ |