2 * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3 * Copyright (c) 2013, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #ifndef IEEE802_1X_KAY_H
10 #define IEEE802_1X_KAY_H
12 #include "utils/list.h"
13 #include "common/defs.h"
14 #include "common/ieee802_1x_defs.h"
16 struct macsec_init_params
;
19 #define MAX_KEY_LEN 32 /* 32 bytes, 256 bits */
20 #define MAX_CKN_LEN 32 /* 32 bytes, 256 bits */
22 /* MKA timer, unit: millisecond */
23 #define MKA_HELLO_TIME 2000
24 #define MKA_LIFE_TIME 6000
25 #define MKA_SAK_RETIRE_TIME 3000
27 struct ieee802_1x_mka_ki
{
32 struct ieee802_1x_mka_sci
{
47 enum mka_created_mode
{
55 struct ieee802_1x_mka_ki key_identifier
;
56 enum confidentiality_offset confidentiality_offset
;
60 struct os_time created_time
;
63 /* not defined data */
67 int user
; /* FIXME: to indicate if it can be delete safely */
72 /* TransmitSC in IEEE Std 802.1AE-2006, Figure 10-6 */
74 struct ieee802_1x_mka_sci sci
; /* const SCI sci */
75 Boolean transmitting
; /* bool transmitting (read only) */
77 struct os_time created_time
; /* Time createdTime */
79 u8 encoding_sa
; /* AN encodingSA (read only) */
80 u8 enciphering_sa
; /* AN encipheringSA (read only) */
82 /* not defined data */
86 struct dl_list sa_list
;
89 /* TransmitSA in IEEE Std 802.1AE-2006, Figure 10-6 */
91 Boolean in_use
; /* bool inUse (read only) */
92 u32 next_pn
; /* PN nextPN (read only) */
93 struct os_time created_time
; /* Time createdTime */
95 Boolean enable_transmit
; /* bool EnableTransmit */
98 Boolean confidentiality
;
99 struct data_key
*pkey
;
101 struct transmit_sc
*sc
;
102 struct dl_list list
; /* list entry in struct transmit_sc::sa_list */
105 /* ReceiveSC in IEEE Std 802.1AE-2006, Figure 10-6 */
107 struct ieee802_1x_mka_sci sci
; /* const SCI sci */
108 Boolean receiving
; /* bool receiving (read only) */
110 struct os_time created_time
; /* Time createdTime */
112 unsigned int channel
;
115 struct dl_list sa_list
;
118 /* ReceiveSA in IEEE Std 802.1AE-2006, Figure 10-6 */
120 Boolean enable_receive
; /* bool enableReceive */
121 Boolean in_use
; /* bool inUse (read only) */
123 u32 next_pn
; /* PN nextPN (read only) */
124 u32 lowest_pn
; /* PN lowestPN (read only) */
126 struct os_time created_time
;
128 struct data_key
*pkey
;
129 struct receive_sc
*sc
; /* list entry in struct receive_sc::sa_list */
134 struct ieee802_1x_kay_ctx
{
135 /* pointer to arbitrary upper level context */
138 /* abstract wpa driver interface */
139 int (*macsec_init
)(void *ctx
, struct macsec_init_params
*params
);
140 int (*macsec_deinit
)(void *ctx
);
141 int (*enable_protect_frames
)(void *ctx
, Boolean enabled
);
142 int (*set_replay_protect
)(void *ctx
, Boolean enabled
, u32 window
);
143 int (*set_current_cipher_suite
)(void *ctx
, u64 cs
);
144 int (*enable_controlled_port
)(void *ctx
, Boolean enabled
);
145 int (*get_receive_lowest_pn
)(void *ctx
, struct receive_sa
*sa
);
146 int (*get_transmit_next_pn
)(void *ctx
, struct transmit_sa
*sa
);
147 int (*set_transmit_next_pn
)(void *ctx
, struct transmit_sa
*sa
);
148 int (*get_available_receive_sc
)(void *ctx
, u32
*channel
);
149 int (*create_receive_sc
)(void *ctx
, struct receive_sc
*sc
,
150 enum validate_frames vf
,
151 enum confidentiality_offset co
);
152 int (*delete_receive_sc
)(void *ctx
, struct receive_sc
*sc
);
153 int (*create_receive_sa
)(void *ctx
, struct receive_sa
*sa
);
154 int (*enable_receive_sa
)(void *ctx
, struct receive_sa
*sa
);
155 int (*disable_receive_sa
)(void *ctx
, struct receive_sa
*sa
);
156 int (*get_available_transmit_sc
)(void *ctx
, u32
*channel
);
157 int (*create_transmit_sc
)(void *ctx
, struct transmit_sc
*sc
,
158 enum confidentiality_offset co
);
159 int (*delete_transmit_sc
)(void *ctx
, struct transmit_sc
*sc
);
160 int (*create_transmit_sa
)(void *ctx
, struct transmit_sa
*sa
);
161 int (*enable_transmit_sa
)(void *ctx
, struct transmit_sa
*sa
);
162 int (*disable_transmit_sa
)(void *ctx
, struct transmit_sa
*sa
);
165 struct ieee802_1x_kay
{
169 Boolean authenticated
;
173 struct ieee802_1x_mka_sci actor_sci
;
175 struct ieee802_1x_mka_sci key_server_sci
;
176 u8 key_server_priority
;
178 enum macsec_cap macsec_capable
;
179 Boolean macsec_desired
;
180 Boolean macsec_protect
;
181 Boolean macsec_replay_protect
;
182 u32 macsec_replay_window
;
183 enum validate_frames macsec_validate
;
184 enum confidentiality_offset macsec_confidentiality
;
196 /* not defined in IEEE802.1X */
197 struct ieee802_1x_kay_ctx
*ctx
;
198 Boolean is_key_server
;
199 Boolean is_obliged_key_server
;
200 char if_name
[IFNAMSIZ
];
202 unsigned int macsec_csindex
; /* MACsec cipher suite table index */
203 int mka_algindex
; /* MKA alg table index */
218 struct dl_list participant_list
;
219 enum macsec_policy policy
;
221 struct ieee802_1x_cp_sm
*cp
;
223 struct l2_packet_data
*l2_mka
;
225 enum validate_frames vf
;
226 enum confidentiality_offset co
;
230 struct ieee802_1x_kay
*
231 ieee802_1x_kay_init(struct ieee802_1x_kay_ctx
*ctx
, enum macsec_policy policy
,
232 const char *ifname
, const u8
*addr
);
233 void ieee802_1x_kay_deinit(struct ieee802_1x_kay
*kay
);
235 struct ieee802_1x_mka_participant
*
236 ieee802_1x_kay_create_mka(struct ieee802_1x_kay
*kay
,
237 struct mka_key_name
*ckn
, struct mka_key
*cak
,
238 u32 life
, enum mka_created_mode mode
,
239 Boolean is_authenticator
);
240 void ieee802_1x_kay_delete_mka(struct ieee802_1x_kay
*kay
,
241 struct mka_key_name
*ckn
);
242 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay
*kay
,
243 struct mka_key_name
*ckn
,
245 int ieee802_1x_kay_new_sak(struct ieee802_1x_kay
*kay
);
246 int ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay
*kay
,
247 unsigned int cs_index
);
249 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay
*kay
,
250 struct ieee802_1x_mka_ki
*lki
, u8 lan
,
251 Boolean ltx
, Boolean lrx
);
252 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay
*kay
,
253 struct ieee802_1x_mka_ki
*oki
,
254 u8 oan
, Boolean otx
, Boolean orx
);
255 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay
*kay
,
256 struct ieee802_1x_mka_ki
*lki
);
257 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay
*kay
,
258 struct ieee802_1x_mka_ki
*ki
);
259 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay
*kay
,
260 struct ieee802_1x_mka_ki
*lki
);
261 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay
*kay
,
262 struct ieee802_1x_mka_ki
*lki
);
263 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay
*kay
);
265 #endif /* IEEE802_1X_KAY_H */