2 * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3 * Copyright (c) 2013, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #ifndef IEEE802_1X_KAY_H
10 #define IEEE802_1X_KAY_H
12 #include "utils/list.h"
13 #include "common/defs.h"
14 #include "common/ieee802_1x_defs.h"
16 struct macsec_init_params
;
19 #define MAX_KEY_LEN 32 /* 32 bytes, 256 bits */
20 #define MAX_CKN_LEN 32 /* 32 bytes, 256 bits */
22 /* MKA timer, unit: millisecond */
23 #define MKA_HELLO_TIME 2000
24 #define MKA_LIFE_TIME 6000
25 #define MKA_SAK_RETIRE_TIME 3000
27 struct ieee802_1x_mka_ki
{
32 struct ieee802_1x_mka_sci
{
47 enum mka_created_mode
{
55 struct ieee802_1x_mka_ki key_identifier
;
56 enum confidentiality_offset confidentiality_offset
;
60 struct os_time created_time
;
63 /* not defined data */
67 int user
; /* FIXME: to indicate if it can be delete safely */
72 /* TransmitSC in IEEE Std 802.1AE-2006, Figure 10-6 */
74 struct ieee802_1x_mka_sci sci
; /* const SCI sci */
75 Boolean transmitting
; /* bool transmitting (read only) */
77 struct os_time created_time
; /* Time createdTime */
79 u8 encoding_sa
; /* AN encodingSA (read only) */
80 u8 enciphering_sa
; /* AN encipheringSA (read only) */
82 /* not defined data */
86 struct dl_list sa_list
;
89 /* TransmitSA in IEEE Std 802.1AE-2006, Figure 10-6 */
91 Boolean in_use
; /* bool inUse (read only) */
92 u32 next_pn
; /* PN nextPN (read only) */
93 struct os_time created_time
; /* Time createdTime */
95 Boolean enable_transmit
; /* bool EnableTransmit */
98 Boolean confidentiality
;
99 struct data_key
*pkey
;
101 struct transmit_sc
*sc
;
102 struct dl_list list
; /* list entry in struct transmit_sc::sa_list */
105 /* ReceiveSC in IEEE Std 802.1AE-2006, Figure 10-6 */
107 struct ieee802_1x_mka_sci sci
; /* const SCI sci */
108 Boolean receiving
; /* bool receiving (read only) */
110 struct os_time created_time
; /* Time createdTime */
112 unsigned int channel
;
115 struct dl_list sa_list
;
118 /* ReceiveSA in IEEE Std 802.1AE-2006, Figure 10-6 */
120 Boolean enable_receive
; /* bool enableReceive */
121 Boolean in_use
; /* bool inUse (read only) */
123 u32 next_pn
; /* PN nextPN (read only) */
124 u32 lowest_pn
; /* PN lowestPN (read only) */
126 struct os_time created_time
;
128 struct data_key
*pkey
;
129 struct receive_sc
*sc
; /* list entry in struct receive_sc::sa_list */
134 struct ieee802_1x_kay_ctx
{
135 /* pointer to arbitrary upper level context */
138 /* abstract wpa driver interface */
139 int (*macsec_init
)(void *ctx
, struct macsec_init_params
*params
);
140 int (*macsec_deinit
)(void *ctx
);
141 int (*macsec_get_capability
)(void *priv
, enum macsec_cap
*cap
);
142 int (*enable_protect_frames
)(void *ctx
, Boolean enabled
);
143 int (*set_replay_protect
)(void *ctx
, Boolean enabled
, u32 window
);
144 int (*set_current_cipher_suite
)(void *ctx
, u64 cs
);
145 int (*enable_controlled_port
)(void *ctx
, Boolean enabled
);
146 int (*get_receive_lowest_pn
)(void *ctx
, struct receive_sa
*sa
);
147 int (*get_transmit_next_pn
)(void *ctx
, struct transmit_sa
*sa
);
148 int (*set_transmit_next_pn
)(void *ctx
, struct transmit_sa
*sa
);
149 int (*get_available_receive_sc
)(void *ctx
, u32
*channel
);
150 int (*create_receive_sc
)(void *ctx
, struct receive_sc
*sc
,
151 enum validate_frames vf
,
152 enum confidentiality_offset co
);
153 int (*delete_receive_sc
)(void *ctx
, struct receive_sc
*sc
);
154 int (*create_receive_sa
)(void *ctx
, struct receive_sa
*sa
);
155 int (*enable_receive_sa
)(void *ctx
, struct receive_sa
*sa
);
156 int (*disable_receive_sa
)(void *ctx
, struct receive_sa
*sa
);
157 int (*get_available_transmit_sc
)(void *ctx
, u32
*channel
);
158 int (*create_transmit_sc
)(void *ctx
, struct transmit_sc
*sc
,
159 enum confidentiality_offset co
);
160 int (*delete_transmit_sc
)(void *ctx
, struct transmit_sc
*sc
);
161 int (*create_transmit_sa
)(void *ctx
, struct transmit_sa
*sa
);
162 int (*enable_transmit_sa
)(void *ctx
, struct transmit_sa
*sa
);
163 int (*disable_transmit_sa
)(void *ctx
, struct transmit_sa
*sa
);
166 struct ieee802_1x_kay
{
170 Boolean authenticated
;
174 struct ieee802_1x_mka_sci actor_sci
;
176 struct ieee802_1x_mka_sci key_server_sci
;
177 u8 key_server_priority
;
179 enum macsec_cap macsec_capable
;
180 Boolean macsec_desired
;
181 Boolean macsec_protect
;
182 Boolean macsec_replay_protect
;
183 u32 macsec_replay_window
;
184 enum validate_frames macsec_validate
;
185 enum confidentiality_offset macsec_confidentiality
;
197 /* not defined in IEEE802.1X */
198 struct ieee802_1x_kay_ctx
*ctx
;
199 Boolean is_key_server
;
200 Boolean is_obliged_key_server
;
201 char if_name
[IFNAMSIZ
];
203 unsigned int macsec_csindex
; /* MACsec cipher suite table index */
204 int mka_algindex
; /* MKA alg table index */
219 struct dl_list participant_list
;
220 enum macsec_policy policy
;
222 struct ieee802_1x_cp_sm
*cp
;
224 struct l2_packet_data
*l2_mka
;
226 enum validate_frames vf
;
227 enum confidentiality_offset co
;
231 struct ieee802_1x_kay
*
232 ieee802_1x_kay_init(struct ieee802_1x_kay_ctx
*ctx
, enum macsec_policy policy
,
233 const char *ifname
, const u8
*addr
);
234 void ieee802_1x_kay_deinit(struct ieee802_1x_kay
*kay
);
236 struct ieee802_1x_mka_participant
*
237 ieee802_1x_kay_create_mka(struct ieee802_1x_kay
*kay
,
238 struct mka_key_name
*ckn
, struct mka_key
*cak
,
239 u32 life
, enum mka_created_mode mode
,
240 Boolean is_authenticator
);
241 void ieee802_1x_kay_delete_mka(struct ieee802_1x_kay
*kay
,
242 struct mka_key_name
*ckn
);
243 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay
*kay
,
244 struct mka_key_name
*ckn
,
246 int ieee802_1x_kay_new_sak(struct ieee802_1x_kay
*kay
);
247 int ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay
*kay
,
248 unsigned int cs_index
);
250 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay
*kay
,
251 struct ieee802_1x_mka_ki
*lki
, u8 lan
,
252 Boolean ltx
, Boolean lrx
);
253 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay
*kay
,
254 struct ieee802_1x_mka_ki
*oki
,
255 u8 oan
, Boolean otx
, Boolean orx
);
256 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay
*kay
,
257 struct ieee802_1x_mka_ki
*lki
);
258 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay
*kay
,
259 struct ieee802_1x_mka_ki
*ki
);
260 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay
*kay
,
261 struct ieee802_1x_mka_ki
*lki
);
262 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay
*kay
,
263 struct ieee802_1x_mka_ki
*lki
);
264 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay
*kay
);
266 #endif /* IEEE802_1X_KAY_H */