]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/pae/ieee802_1x_kay.h
projects / thirdparty / hostap.git / blob
? search:


144ee90540db21ed24bff844daade06a22e33077
[thirdparty/hostap.git] / src / pae / ieee802_1x_kay.h
1 /*
2 * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3 * Copyright (c) 2013, Qualcomm Atheros, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #ifndef IEEE802_1X_KAY_H
10 #define IEEE802_1X_KAY_H
11
12 #include "utils/list.h"
13 #include "common/defs.h"
14 #include "common/ieee802_1x_defs.h"
15
16 struct macsec_init_params;
17
18 #define MI_LEN 12
19 #define MAX_KEY_LEN 32 /* 32 bytes, 256 bits */
20 #define MAX_CKN_LEN 32 /* 32 bytes, 256 bits */
21
22 /* MKA timer, unit: millisecond */
23 #define MKA_HELLO_TIME 2000
24 #define MKA_LIFE_TIME 6000
25 #define MKA_SAK_RETIRE_TIME 3000
26
27 struct ieee802_1x_mka_ki {
28 u8 mi[MI_LEN];
29 u32 kn;
30 };
31
32 struct ieee802_1x_mka_sci {
33 u8 addr[ETH_ALEN];
34 be16 port;
35 };
36
37 struct mka_key {
38 u8 key[MAX_KEY_LEN];
39 size_t len;
40 };
41
42 struct mka_key_name {
43 u8 name[MAX_CKN_LEN];
44 size_t len;
45 };
46
47 enum mka_created_mode {
48 PSK,
49 EAP_EXCHANGE,
50 };
51
52 struct data_key {
53 u8 *key;
54 int key_len;
55 struct ieee802_1x_mka_ki key_identifier;
56 enum confidentiality_offset confidentiality_offset;
57 u8 an;
58 Boolean transmits;
59 Boolean receives;
60 struct os_time created_time;
61 u32 next_pn;
62
63 /* not defined data */
64 Boolean rx_latest;
65 Boolean tx_latest;
66
67 int user; /* FIXME: to indicate if it can be delete safely */
68
69 struct dl_list list;
70 };
71
72 /* TransmitSC in IEEE Std 802.1AE-2006, Figure 10-6 */
73 struct transmit_sc {
74 struct ieee802_1x_mka_sci sci; /* const SCI sci */
75 Boolean transmitting; /* bool transmitting (read only) */
76
77 struct os_time created_time; /* Time createdTime */
78
79 u8 encoding_sa; /* AN encodingSA (read only) */
80 u8 enciphering_sa; /* AN encipheringSA (read only) */
81
82 /* not defined data */
83 unsigned int channel;
84
85 struct dl_list list;
86 struct dl_list sa_list;
87 };
88
89 /* TransmitSA in IEEE Std 802.1AE-2006, Figure 10-6 */
90 struct transmit_sa {
91 Boolean in_use; /* bool inUse (read only) */
92 u32 next_pn; /* PN nextPN (read only) */
93 struct os_time created_time; /* Time createdTime */
94
95 Boolean enable_transmit; /* bool EnableTransmit */
96
97 u8 an;
98 Boolean confidentiality;
99 struct data_key *pkey;
100
101 struct transmit_sc *sc;
102 struct dl_list list; /* list entry in struct transmit_sc::sa_list */
103 };
104
105 /* ReceiveSC in IEEE Std 802.1AE-2006, Figure 10-6 */
106 struct receive_sc {
107 struct ieee802_1x_mka_sci sci; /* const SCI sci */
108 Boolean receiving; /* bool receiving (read only) */
109
110 struct os_time created_time; /* Time createdTime */
111
112 unsigned int channel;
113
114 struct dl_list list;
115 struct dl_list sa_list;
116 };
117
118 /* ReceiveSA in IEEE Std 802.1AE-2006, Figure 10-6 */
119 struct receive_sa {
120 Boolean enable_receive; /* bool enableReceive */
121 Boolean in_use; /* bool inUse (read only) */
122
123 u32 next_pn; /* PN nextPN (read only) */
124 u32 lowest_pn; /* PN lowestPN (read only) */
125 u8 an;
126 struct os_time created_time;
127
128 struct data_key *pkey;
129 struct receive_sc *sc; /* list entry in struct receive_sc::sa_list */
130
131 struct dl_list list;
132 };
133
134 struct ieee802_1x_kay_ctx {
135 /* pointer to arbitrary upper level context */
136 void *ctx;
137
138 /* abstract wpa driver interface */
139 int (*macsec_init)(void *ctx, struct macsec_init_params *params);
140 int (*macsec_deinit)(void *ctx);
141 int (*enable_protect_frames)(void *ctx, Boolean enabled);
142 int (*set_replay_protect)(void *ctx, Boolean enabled, u32 window);
143 int (*set_current_cipher_suite)(void *ctx, u64 cs);
144 int (*enable_controlled_port)(void *ctx, Boolean enabled);
145 int (*get_receive_lowest_pn)(void *ctx, struct receive_sa *sa);
146 int (*get_transmit_next_pn)(void *ctx, struct transmit_sa *sa);
147 int (*set_transmit_next_pn)(void *ctx, struct transmit_sa *sa);
148 int (*get_available_receive_sc)(void *ctx, u32 *channel);
149 int (*create_receive_sc)(void *ctx, struct receive_sc *sc,
150 enum validate_frames vf,
151 enum confidentiality_offset co);
152 int (*delete_receive_sc)(void *ctx, struct receive_sc *sc);
153 int (*create_receive_sa)(void *ctx, struct receive_sa *sa);
154 int (*enable_receive_sa)(void *ctx, struct receive_sa *sa);
155 int (*disable_receive_sa)(void *ctx, struct receive_sa *sa);
156 int (*get_available_transmit_sc)(void *ctx, u32 *channel);
157 int (*create_transmit_sc)(void *ctx, struct transmit_sc *sc,
158 enum confidentiality_offset co);
159 int (*delete_transmit_sc)(void *ctx, struct transmit_sc *sc);
160 int (*create_transmit_sa)(void *ctx, struct transmit_sa *sa);
161 int (*enable_transmit_sa)(void *ctx, struct transmit_sa *sa);
162 int (*disable_transmit_sa)(void *ctx, struct transmit_sa *sa);
163 };
164
165 struct ieee802_1x_kay {
166 Boolean enable;
167 Boolean active;
168
169 Boolean authenticated;
170 Boolean secured;
171 Boolean failed;
172
173 struct ieee802_1x_mka_sci actor_sci;
174 u8 actor_priority;
175 struct ieee802_1x_mka_sci key_server_sci;
176 u8 key_server_priority;
177
178 enum macsec_cap macsec_capable;
179 Boolean macsec_desired;
180 Boolean macsec_protect;
181 Boolean macsec_replay_protect;
182 u32 macsec_replay_window;
183 enum validate_frames macsec_validate;
184 enum confidentiality_offset macsec_confidentiality;
185
186 u32 ltx_kn;
187 u8 ltx_an;
188 u32 lrx_kn;
189 u8 lrx_an;
190
191 u32 otx_kn;
192 u8 otx_an;
193 u32 orx_kn;
194 u8 orx_an;
195
196 /* not defined in IEEE802.1X */
197 struct ieee802_1x_kay_ctx *ctx;
198 Boolean is_key_server;
199 Boolean is_obliged_key_server;
200 char if_name[IFNAMSIZ];
201
202 unsigned int macsec_csindex; /* MACsec cipher suite table index */
203 int mka_algindex; /* MKA alg table index */
204
205 u32 dist_kn;
206 u8 dist_an;
207 time_t dist_time;
208
209 u8 mka_version;
210 u8 algo_agility[4];
211 u32 sc_ch;
212
213 u32 pn_exhaustion;
214 Boolean port_enable;
215 Boolean rx_enable;
216 Boolean tx_enable;
217
218 struct dl_list participant_list;
219 enum macsec_policy policy;
220
221 struct ieee802_1x_cp_sm *cp;
222
223 struct l2_packet_data *l2_mka;
224
225 enum validate_frames vf;
226 enum confidentiality_offset co;
227 };
228
229
230 struct ieee802_1x_kay *
231 ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
232 const char *ifname, const u8 *addr);
233 void ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay);
234
235 struct ieee802_1x_mka_participant *
236 ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
237 struct mka_key_name *ckn, struct mka_key *cak,
238 u32 life, enum mka_created_mode mode,
239 Boolean is_authenticator);
240 void ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay,
241 struct mka_key_name *ckn);
242 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
243 struct mka_key_name *ckn,
244 Boolean status);
245 int ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay);
246 int ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,
247 unsigned int cs_index);
248
249 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
250 struct ieee802_1x_mka_ki *lki, u8 lan,
251 Boolean ltx, Boolean lrx);
252 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
253 struct ieee802_1x_mka_ki *oki,
254 u8 oan, Boolean otx, Boolean orx);
255 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
256 struct ieee802_1x_mka_ki *lki);
257 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
258 struct ieee802_1x_mka_ki *ki);
259 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
260 struct ieee802_1x_mka_ki *lki);
261 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
262 struct ieee802_1x_mka_ki *lki);
263 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay);
264
265 #endif /* IEEE802_1X_KAY_H */
Unnamed repository; edit this file 'description' to name the repository.