aboutsummaryrefslogtreecommitdiffstats
path: root/src/drivers
diff options
context:
space:
mode:
authorHu Wang <huw@qti.qualcomm.com>2014-03-25 19:39:02 (GMT)
committerJouni Malinen <j@w1.fi>2014-05-09 17:42:44 (GMT)
commit8d0dd4eebc14857890b974ae5a0312830d87d8e3 (patch)
treef1d705c8fd30a6e209695a84bdb0c96c146ea243 /src/drivers
parentdd10abccc86d29ee828e7548ec1c3500aa813b9e (diff)
downloadhostap-8d0dd4eebc14857890b974ae5a0312830d87d8e3.zip
hostap-8d0dd4eebc14857890b974ae5a0312830d87d8e3.tar.gz
hostap-8d0dd4eebc14857890b974ae5a0312830d87d8e3.tar.bz2
Add macsec_qca driver wrapper
This is based on driver_wired.c and provides driver interface for the QCA MACsec driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/drivers')
-rw-r--r--src/drivers/driver_macsec_qca.c887
-rw-r--r--src/drivers/drivers.c7
-rw-r--r--src/drivers/drivers.mak5
3 files changed, 899 insertions, 0 deletions
diff --git a/src/drivers/driver_macsec_qca.c b/src/drivers/driver_macsec_qca.c
new file mode 100644
index 0000000..cf24799
--- /dev/null
+++ b/src/drivers/driver_macsec_qca.c
@@ -0,0 +1,887 @@
+/*
+ * Wired Ethernet driver interface for QCA MACsec driver
+ * Copyright (c) 2005-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004, Gunter Burchardt <tira@isx.de>
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+#include <net/if.h>
+#ifdef __linux__
+#include <netpacket/packet.h>
+#include <net/if_arp.h>
+#include <net/if.h>
+#endif /* __linux__ */
+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__)
+#include <net/if_dl.h>
+#include <net/if_media.h>
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__) */
+#ifdef __sun__
+#include <sys/sockio.h>
+#endif /* __sun__ */
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+#include "driver.h"
+
+#include "nss_macsec_secy.h"
+#include "nss_macsec_secy_rx.h"
+#include "nss_macsec_secy_tx.h"
+
+#define MAXSC 16
+
+/* TCI field definition */
+#define TCI_ES 0x40
+#define TCI_SC 0x20
+#define TCI_SCB 0x10
+#define TCI_E 0x08
+#define TCI_C 0x04
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+static const u8 pae_group_addr[ETH_ALEN] =
+{ 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 };
+
+struct macsec_qca_data {
+ char ifname[IFNAMSIZ + 1];
+ u32 secy_id;
+ void *ctx;
+
+ int sock; /* raw packet socket for driver access */
+ int pf_sock;
+ int membership, multi, iff_allmulti, iff_up;
+
+ /* shadow */
+ Boolean always_include_sci;
+ Boolean use_es;
+ Boolean use_scb;
+ Boolean protect_frames;
+ Boolean replay_protect;
+ u32 replay_window;
+};
+
+
+static int macsec_qca_multicast_membership(int sock, int ifindex,
+ const u8 *addr, int add)
+{
+#ifdef __linux__
+ struct packet_mreq mreq;
+
+ if (sock < 0)
+ return -1;
+
+ os_memset(&mreq, 0, sizeof(mreq));
+ mreq.mr_ifindex = ifindex;
+ mreq.mr_type = PACKET_MR_MULTICAST;
+ mreq.mr_alen = ETH_ALEN;
+ os_memcpy(mreq.mr_address, addr, ETH_ALEN);
+
+ if (setsockopt(sock, SOL_PACKET,
+ add ? PACKET_ADD_MEMBERSHIP : PACKET_DROP_MEMBERSHIP,
+ &mreq, sizeof(mreq)) < 0) {
+ perror("setsockopt");
+ return -1;
+ }
+ return 0;
+#else /* __linux__ */
+ return -1;
+#endif /* __linux__ */
+}
+
+
+static int macsec_qca_get_ssid(void *priv, u8 *ssid)
+{
+ ssid[0] = 0;
+ return 0;
+}
+
+
+static int macsec_qca_get_bssid(void *priv, u8 *bssid)
+{
+ /* Report PAE group address as the "BSSID" for macsec connection. */
+ os_memcpy(bssid, pae_group_addr, ETH_ALEN);
+ return 0;
+}
+
+
+static int macsec_qca_get_capa(void *priv, struct wpa_driver_capa *capa)
+{
+ os_memset(capa, 0, sizeof(*capa));
+ capa->flags = WPA_DRIVER_FLAGS_WIRED;
+ return 0;
+}
+
+
+static int macsec_qca_get_ifflags(const char *ifname, int *flags)
+{
+ struct ifreq ifr;
+ int s;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ if (ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOCGIFFLAGS]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ *flags = ifr.ifr_flags & 0xffff;
+ return 0;
+}
+
+
+static int macsec_qca_set_ifflags(const char *ifname, int flags)
+{
+ struct ifreq ifr;
+ int s;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ ifr.ifr_flags = flags & 0xffff;
+ if (ioctl(s, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOCSIFFLAGS]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ return 0;
+}
+
+
+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__)
+static int macsec_qca_get_ifstatus(const char *ifname, int *status)
+{
+ struct ifmediareq ifmr;
+ int s;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifmr, 0, sizeof(ifmr));
+ os_strlcpy(ifmr.ifm_name, ifname, IFNAMSIZ);
+ if (ioctl(s, SIOCGIFMEDIA, (caddr_t) &ifmr) < 0) {
+ perror("ioctl[SIOCGIFMEDIA]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ *status = (ifmr.ifm_status & (IFM_ACTIVE | IFM_AVALID)) ==
+ (IFM_ACTIVE | IFM_AVALID);
+
+ return 0;
+}
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(FreeBSD_kernel__) */
+
+
+static int macsec_qca_multi(const char *ifname, const u8 *addr, int add)
+{
+ struct ifreq ifr;
+ int s;
+
+#ifdef __sun__
+ return -1;
+#endif /* __sun__ */
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+#ifdef __linux__
+ ifr.ifr_hwaddr.sa_family = AF_UNSPEC;
+ os_memcpy(ifr.ifr_hwaddr.sa_data, addr, ETH_ALEN);
+#endif /* __linux__ */
+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__)
+ {
+ struct sockaddr_dl *dlp;
+ dlp = (struct sockaddr_dl *) &ifr.ifr_addr;
+ dlp->sdl_len = sizeof(struct sockaddr_dl);
+ dlp->sdl_family = AF_LINK;
+ dlp->sdl_index = 0;
+ dlp->sdl_nlen = 0;
+ dlp->sdl_alen = ETH_ALEN;
+ dlp->sdl_slen = 0;
+ os_memcpy(LLADDR(dlp), addr, ETH_ALEN);
+ }
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(FreeBSD_kernel__) */
+#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__)
+ {
+ struct sockaddr *sap;
+ sap = (struct sockaddr *) &ifr.ifr_addr;
+ sap->sa_len = sizeof(struct sockaddr);
+ sap->sa_family = AF_UNSPEC;
+ os_memcpy(sap->sa_data, addr, ETH_ALEN);
+ }
+#endif /* defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__) */
+
+ if (ioctl(s, add ? SIOCADDMULTI : SIOCDELMULTI, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOC{ADD/DEL}MULTI]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ return 0;
+}
+
+
+static void __macsec_drv_init(struct macsec_qca_data *drv)
+{
+ int ret = 0;
+ fal_rx_ctl_filt_t rx_ctl_filt;
+ fal_tx_ctl_filt_t tx_ctl_filt;
+
+ wpa_printf(MSG_INFO, "%s: secy_id=%d", __func__, drv->secy_id);
+
+ /* Enable Secy and Let EAPoL bypass */
+ ret = nss_macsec_secy_en_set(drv->secy_id, TRUE);
+ if (ret)
+ wpa_printf(MSG_ERROR, "nss_macsec_secy_en_set: FAIL");
+
+ ret = nss_macsec_secy_sc_sa_mapping_mode_set(drv->secy_id,
+ FAL_SC_SA_MAP_1_4);
+ if (ret)
+ wpa_printf(MSG_ERROR,
+ "nss_macsec_secy_sc_sa_mapping_mode_set: FAIL");
+
+ os_memset(&rx_ctl_filt, 0, sizeof(rx_ctl_filt));
+ rx_ctl_filt.bypass = 1;
+ rx_ctl_filt.match_type = IG_CTL_COMPARE_ETHER_TYPE;
+ rx_ctl_filt.match_mask = 0xffff;
+ rx_ctl_filt.ether_type_da_range = 0x888e;
+ ret = nss_macsec_secy_rx_ctl_filt_set(drv->secy_id, 0, &rx_ctl_filt);
+ if (ret)
+ wpa_printf(MSG_ERROR, "nss_macsec_secy_rx_ctl_filt_set: FAIL");
+
+ os_memset(&tx_ctl_filt, 0, sizeof(tx_ctl_filt));
+ tx_ctl_filt.bypass = 1;
+ tx_ctl_filt.match_type = EG_CTL_COMPARE_ETHER_TYPE;
+ tx_ctl_filt.match_mask = 0xffff;
+ tx_ctl_filt.ether_type_da_range = 0x888e;
+ ret = nss_macsec_secy_tx_ctl_filt_set(drv->secy_id, 0, &tx_ctl_filt);
+ if (ret)
+ wpa_printf(MSG_ERROR, "nss_macsec_secy_tx_ctl_filt_set: FAIL");
+}
+
+
+static void __macsec_drv_deinit(struct macsec_qca_data *drv)
+{
+ nss_macsec_secy_en_set(drv->secy_id, FALSE);
+ nss_macsec_secy_rx_sc_del_all(drv->secy_id);
+ nss_macsec_secy_tx_sc_del_all(drv->secy_id);
+}
+
+
+static void * macsec_qca_init(void *ctx, const char *ifname)
+{
+ struct macsec_qca_data *drv;
+ int flags;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->ctx = ctx;
+
+ /* Board specific settings */
+ if (os_memcmp("eth2", drv->ifname, 4) == 0)
+ drv->secy_id = 1;
+ else if (os_memcmp("eth3", drv->ifname, 4) == 0)
+ drv->secy_id = 2;
+ else
+ drv->secy_id = -1;
+
+#ifdef __linux__
+ drv->pf_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
+ if (drv->pf_sock < 0)
+ perror("socket(PF_PACKET)");
+#else /* __linux__ */
+ drv->pf_sock = -1;
+#endif /* __linux__ */
+
+ if (macsec_qca_get_ifflags(ifname, &flags) == 0 &&
+ !(flags & IFF_UP) &&
+ macsec_qca_set_ifflags(ifname, flags | IFF_UP) == 0) {
+ drv->iff_up = 1;
+ }
+
+ if (macsec_qca_multicast_membership(drv->pf_sock,
+ if_nametoindex(drv->ifname),
+ pae_group_addr, 1) == 0) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Added multicast membership with packet socket",
+ __func__);
+ drv->membership = 1;
+ } else if (macsec_qca_multi(ifname, pae_group_addr, 1) == 0) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Added multicast membership with SIOCADDMULTI",
+ __func__);
+ drv->multi = 1;
+ } else if (macsec_qca_get_ifflags(ifname, &flags) < 0) {
+ wpa_printf(MSG_INFO, "%s: Could not get interface flags",
+ __func__);
+ os_free(drv);
+ return NULL;
+ } else if (flags & IFF_ALLMULTI) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Interface is already configured for multicast",
+ __func__);
+ } else if (macsec_qca_set_ifflags(ifname, flags | IFF_ALLMULTI) < 0) {
+ wpa_printf(MSG_INFO, "%s: Failed to enable allmulti",
+ __func__);
+ os_free(drv);
+ return NULL;
+ } else {
+ wpa_printf(MSG_DEBUG, "%s: Enabled allmulti mode", __func__);
+ drv->iff_allmulti = 1;
+ }
+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__)
+ {
+ int status;
+ wpa_printf(MSG_DEBUG, "%s: waiting for link to become active",
+ __func__);
+ while (macsec_qca_get_ifstatus(ifname, &status) == 0 &&
+ status == 0)
+ sleep(1);
+ }
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(FreeBSD_kernel__) */
+
+ return drv;
+}
+
+
+static void macsec_qca_deinit(void *priv)
+{
+ struct macsec_qca_data *drv = priv;
+ int flags;
+
+ if (drv->membership &&
+ macsec_qca_multicast_membership(drv->pf_sock,
+ if_nametoindex(drv->ifname),
+ pae_group_addr, 0) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Failed to remove PAE multicast group (PACKET)",
+ __func__);
+ }
+
+ if (drv->multi &&
+ macsec_qca_multi(drv->ifname, pae_group_addr, 0) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Failed to remove PAE multicast group (SIOCDELMULTI)",
+ __func__);
+ }
+
+ if (drv->iff_allmulti &&
+ (macsec_qca_get_ifflags(drv->ifname, &flags) < 0 ||
+ macsec_qca_set_ifflags(drv->ifname, flags & ~IFF_ALLMULTI) < 0)) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to disable allmulti mode",
+ __func__);
+ }
+
+ if (drv->iff_up &&
+ macsec_qca_get_ifflags(drv->ifname, &flags) == 0 &&
+ (flags & IFF_UP) &&
+ macsec_qca_set_ifflags(drv->ifname, flags & ~IFF_UP) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to set the interface down",
+ __func__);
+ }
+
+ if (drv->pf_sock != -1)
+ close(drv->pf_sock);
+
+ os_free(drv);
+}
+
+
+static int macsec_qca_macsec_init(void *priv, struct macsec_init_params *params)
+{
+ struct macsec_qca_data *drv = priv;
+
+ drv->always_include_sci = params->always_include_sci;
+ drv->use_es = params->use_es;
+ drv->use_scb = params->use_scb;
+
+ wpa_printf(MSG_DEBUG, "%s: es=%d, scb=%d, sci=%d",
+ __func__, drv->use_es, drv->use_scb,
+ drv->always_include_sci);
+
+ __macsec_drv_init(drv);
+
+ return 0;
+}
+
+
+static int macsec_qca_macsec_deinit(void *priv)
+{
+ struct macsec_qca_data *drv = priv;
+
+ wpa_printf(MSG_DEBUG, "%s", __func__);
+
+ __macsec_drv_deinit(drv);
+
+ return 0;
+}
+
+
+static int macsec_qca_enable_protect_frames(void *priv, Boolean enabled)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+
+ drv->protect_frames = enabled;
+
+ return ret;
+}
+
+
+static int macsec_qca_set_replay_protect(void *priv, Boolean enabled,
+ unsigned int window)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d, win=%u",
+ __func__, enabled, window);
+
+ drv->replay_protect = enabled;
+ drv->replay_window = window;
+
+ return ret;
+}
+
+
+static int macsec_qca_set_current_cipher_suite(void *priv, const u8 *cs,
+ size_t cs_len)
+{
+ u8 default_cs_id[] = CS_ID_GCM_AES_128;
+
+ if (cs_len != CS_ID_LEN ||
+ os_memcmp(cs, default_cs_id, cs_len) != 0) {
+ wpa_hexdump(MSG_ERROR, "macsec: NOT supported CipherSuite",
+ cs, cs_len);
+ return -1;
+ }
+
+ /* Support default Cipher Suite 0080020001000001 (GCM-AES-128) */
+ wpa_printf(MSG_DEBUG, "%s: default support aes-gcm-128", __func__);
+
+ return 0;
+}
+
+
+static int macsec_qca_enable_controlled_port(void *priv, Boolean enabled)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: enable=%d", __func__, enabled);
+
+ ret += nss_macsec_secy_controlled_port_en_set(drv->secy_id, enabled);
+
+ return ret;
+}
+
+
+static int macsec_qca_get_receive_lowest_pn(void *priv, u32 channel, u8 an,
+ u32 *lowest_pn)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ u32 next_pn = 0;
+ bool enabled = FALSE;
+ u32 win;
+
+ ret += nss_macsec_secy_rx_sa_next_pn_get(drv->secy_id, channel, an,
+ &next_pn);
+ ret += nss_macsec_secy_rx_sc_replay_protect_get(drv->secy_id, channel,
+ &enabled);
+ ret += nss_macsec_secy_rx_sc_anti_replay_window_get(drv->secy_id,
+ channel, &win);
+
+ if (enabled)
+ *lowest_pn = (next_pn > win) ? (next_pn - win) : 1;
+ else
+ *lowest_pn = next_pn;
+
+ wpa_printf(MSG_DEBUG, "%s: lpn=0x%x", __func__, *lowest_pn);
+
+ return ret;
+}
+
+
+static int macsec_qca_get_transmit_next_pn(void *priv, u32 channel, u8 an,
+ u32 *next_pn)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ ret += nss_macsec_secy_tx_sa_next_pn_get(drv->secy_id, channel, an,
+ next_pn);
+
+ wpa_printf(MSG_DEBUG, "%s: npn=0x%x", __func__, *next_pn);
+
+ return ret;
+}
+
+
+int macsec_qca_set_transmit_next_pn(void *priv, u32 channel, u8 an, u32 next_pn)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ ret += nss_macsec_secy_tx_sa_next_pn_set(drv->secy_id, channel, an,
+ next_pn);
+
+ wpa_printf(MSG_INFO, "%s: npn=0x%x", __func__, next_pn);
+
+ return ret;
+}
+
+
+static int macsec_qca_get_available_receive_sc(void *priv, u32 *channel)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ u32 sc_ch = 0;
+ bool in_use = FALSE;
+
+ for (sc_ch = 0; sc_ch < MAXSC; sc_ch++) {
+ ret = nss_macsec_secy_rx_sc_in_used_get(drv->secy_id, sc_ch,
+ &in_use);
+ if (ret)
+ continue;
+
+ if (!in_use) {
+ *channel = sc_ch;
+ wpa_printf(MSG_DEBUG, "%s: channel=%d",
+ __func__, *channel);
+ return 0;
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: no available channel", __func__);
+
+ return -1;
+}
+
+
+static int macsec_qca_create_receive_sc(void *priv, u32 channel,
+ const u8 *sci_addr, u16 sci_port,
+ unsigned int conf_offset,
+ int validation)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_rx_prc_lut_t entry;
+ fal_rx_sc_validate_frame_e vf;
+ enum validate_frames validate_frames = validation;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel);
+
+ /* rx prc lut */
+ os_memset(&entry, 0, sizeof(entry));
+
+ os_memcpy(entry.sci, sci_addr, ETH_ALEN);
+ entry.sci[6] = (sci_port >> 8) & 0xf;
+ entry.sci[7] = sci_port & 0xf;
+ entry.sci_mask = 0xf;
+
+ entry.valid = 1;
+ entry.channel = channel;
+ entry.action = FAL_RX_PRC_ACTION_PROCESS;
+ entry.offset = conf_offset;
+
+ /* rx validate frame */
+ if (validate_frames == Strict)
+ vf = FAL_RX_SC_VALIDATE_FRAME_STRICT;
+ else if (validate_frames == Checked)
+ vf = FAL_RX_SC_VALIDATE_FRAME_CHECK;
+ else
+ vf = FAL_RX_SC_VALIDATE_FRAME_DISABLED;
+
+ ret += nss_macsec_secy_rx_prc_lut_set(drv->secy_id, channel, &entry);
+ ret += nss_macsec_secy_rx_sc_create(drv->secy_id, channel);
+ ret += nss_macsec_secy_rx_sc_validate_frame_set(drv->secy_id, channel,
+ vf);
+ ret += nss_macsec_secy_rx_sc_replay_protect_set(drv->secy_id, channel,
+ drv->replay_protect);
+ ret += nss_macsec_secy_rx_sc_anti_replay_window_set(drv->secy_id,
+ channel,
+ drv->replay_window);
+
+ return ret;
+}
+
+
+static int macsec_qca_delete_receive_sc(void *priv, u32 channel)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_rx_prc_lut_t entry;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel);
+
+ /* rx prc lut */
+ os_memset(&entry, 0, sizeof(entry));
+
+ ret += nss_macsec_secy_rx_sc_del(drv->secy_id, channel);
+ ret += nss_macsec_secy_rx_prc_lut_set(drv->secy_id, channel, &entry);
+
+ return ret;
+}
+
+
+static int macsec_qca_create_receive_sa(void *priv, u32 channel, u8 an,
+ u32 lowest_pn, const u8 *sak)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_rx_sak_t rx_sak;
+ int i = 0;
+
+ wpa_printf(MSG_DEBUG, "%s, channel=%d, an=%d, lpn=0x%x",
+ __func__, channel, an, lowest_pn);
+
+ os_memset(&rx_sak, 0, sizeof(rx_sak));
+ for (i = 0; i < 16; i++)
+ rx_sak.sak[i] = sak[15 - i];
+
+ ret += nss_macsec_secy_rx_sa_create(drv->secy_id, channel, an);
+ ret += nss_macsec_secy_rx_sak_set(drv->secy_id, channel, an, &rx_sak);
+
+ return ret;
+}
+
+
+static int macsec_qca_enable_receive_sa(void *priv, u32 channel, u8 an)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an);
+
+ ret += nss_macsec_secy_rx_sa_en_set(drv->secy_id, channel, an, TRUE);
+
+ return ret;
+}
+
+
+static int macsec_qca_disable_receive_sa(void *priv, u32 channel, u8 an)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an);
+
+ ret += nss_macsec_secy_rx_sa_en_set(drv->secy_id, channel, an, FALSE);
+
+ return ret;
+}
+
+
+static int macsec_qca_get_available_transmit_sc(void *priv, u32 *channel)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ u32 sc_ch = 0;
+ bool in_use = FALSE;
+
+ for (sc_ch = 0; sc_ch < MAXSC; sc_ch++) {
+ ret = nss_macsec_secy_tx_sc_in_used_get(drv->secy_id, sc_ch,
+ &in_use);
+ if (ret)
+ continue;
+
+ if (!in_use) {
+ *channel = sc_ch;
+ wpa_printf(MSG_DEBUG, "%s: channel=%d",
+ __func__, *channel);
+ return 0;
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: no avaiable channel", __func__);
+
+ return -1;
+}
+
+
+static int macsec_qca_create_transmit_sc(void *priv, u32 channel,
+ const u8 *sci_addr, u16 sci_port,
+ unsigned int conf_offset)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_tx_class_lut_t entry;
+ u8 psci[ETH_ALEN + 2];
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel);
+
+ /* class lut */
+ os_memset(&entry, 0, sizeof(entry));
+
+ entry.valid = 1;
+ entry.action = FAL_TX_CLASS_ACTION_FORWARD;
+ entry.channel = channel;
+
+ os_memcpy(psci, sci_addr, ETH_ALEN);
+ psci[6] = (sci_port >> 8) & 0xf;
+ psci[7] = sci_port & 0xf;
+
+ ret += nss_macsec_secy_tx_class_lut_set(drv->secy_id, channel, &entry);
+ ret += nss_macsec_secy_tx_sc_create(drv->secy_id, channel, psci, 8);
+ ret += nss_macsec_secy_tx_sc_protect_set(drv->secy_id, channel,
+ drv->protect_frames);
+ ret += nss_macsec_secy_tx_sc_confidentiality_offset_set(drv->secy_id,
+ channel,
+ conf_offset);
+
+ return ret;
+}
+
+
+static int macsec_qca_delete_transmit_sc(void *priv, u32 channel)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_tx_class_lut_t entry;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel);
+
+ /* class lut */
+ os_memset(&entry, 0, sizeof(entry));
+
+ ret += nss_macsec_secy_tx_class_lut_set(drv->secy_id, channel, &entry);
+ ret += nss_macsec_secy_tx_sc_del(drv->secy_id, channel);
+
+ return ret;
+}
+
+
+static int macsec_qca_create_transmit_sa(void *priv, u32 channel, u8 an,
+ u32 next_pn, Boolean confidentiality,
+ const u8 *sak)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ u8 tci = 0;
+ fal_tx_sak_t tx_sak;
+ int i;
+
+ wpa_printf(MSG_DEBUG,
+ "%s: channel=%d, an=%d, next_pn=0x%x, confidentiality=%d",
+ __func__, channel, an, next_pn, confidentiality);
+
+ if (drv->always_include_sci)
+ tci |= TCI_SC;
+ else if (drv->use_es)
+ tci |= TCI_ES;
+ else if (drv->use_scb)
+ tci |= TCI_SCB;
+
+ if (confidentiality)
+ tci |= TCI_E | TCI_C;
+
+ os_memset(&tx_sak, 0, sizeof(tx_sak));
+ for (i = 0; i < 16; i++)
+ tx_sak.sak[i] = sak[15 - i];
+
+ ret += nss_macsec_secy_tx_sa_next_pn_set(drv->secy_id, channel, an,
+ next_pn);
+ ret += nss_macsec_secy_tx_sak_set(drv->secy_id, channel, an, &tx_sak);
+ ret += nss_macsec_secy_tx_sc_tci_7_2_set(drv->secy_id, channel,
+ (tci >> 2));
+ ret += nss_macsec_secy_tx_sc_an_set(drv->secy_id, channel, an);
+
+ return ret;
+}
+
+
+static int macsec_qca_enable_transmit_sa(void *priv, u32 channel, u8 an)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an);
+
+ ret += nss_macsec_secy_tx_sa_en_set(drv->secy_id, channel, an, TRUE);
+
+ return ret;
+}
+
+
+static int macsec_qca_disable_transmit_sa(void *priv, u32 channel, u8 an)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an);
+
+ ret += nss_macsec_secy_tx_sa_en_set(drv->secy_id, channel, an, FALSE);
+
+ return ret;
+}
+
+
+const struct wpa_driver_ops wpa_driver_macsec_qca_ops = {
+ .name = "macsec_qca",
+ .desc = "QCA MACsec Ethernet driver",
+ .get_ssid = macsec_qca_get_ssid,
+ .get_bssid = macsec_qca_get_bssid,
+ .get_capa = macsec_qca_get_capa,
+ .init = macsec_qca_init,
+ .deinit = macsec_qca_deinit,
+
+ .macsec_init = macsec_qca_macsec_init,
+ .macsec_deinit = macsec_qca_macsec_deinit,
+ .enable_protect_frames = macsec_qca_enable_protect_frames,
+ .set_replay_protect = macsec_qca_set_replay_protect,
+ .set_current_cipher_suite = macsec_qca_set_current_cipher_suite,
+ .enable_controlled_port = macsec_qca_enable_controlled_port,
+ .get_receive_lowest_pn = macsec_qca_get_receive_lowest_pn,
+ .get_transmit_next_pn = macsec_qca_get_transmit_next_pn,
+ .set_transmit_next_pn = macsec_qca_set_transmit_next_pn,
+ .get_available_receive_sc = macsec_qca_get_available_receive_sc,
+ .create_receive_sc = macsec_qca_create_receive_sc,
+ .delete_receive_sc = macsec_qca_delete_receive_sc,
+ .create_receive_sa = macsec_qca_create_receive_sa,
+ .enable_receive_sa = macsec_qca_enable_receive_sa,
+ .disable_receive_sa = macsec_qca_disable_receive_sa,
+ .get_available_transmit_sc = macsec_qca_get_available_transmit_sc,
+ .create_transmit_sc = macsec_qca_create_transmit_sc,
+ .delete_transmit_sc = macsec_qca_delete_transmit_sc,
+ .create_transmit_sa = macsec_qca_create_transmit_sa,
+ .enable_transmit_sa = macsec_qca_enable_transmit_sa,
+ .disable_transmit_sa = macsec_qca_disable_transmit_sa,
+};
diff --git a/src/drivers/drivers.c b/src/drivers/drivers.c
index 446ab63..d0e42ec 100644
--- a/src/drivers/drivers.c
+++ b/src/drivers/drivers.c
@@ -34,6 +34,10 @@ extern struct wpa_driver_ops wpa_driver_ndis_ops; /* driver_ndis.c */
#ifdef CONFIG_DRIVER_WIRED
extern struct wpa_driver_ops wpa_driver_wired_ops; /* driver_wired.c */
#endif /* CONFIG_DRIVER_WIRED */
+#ifdef CONFIG_DRIVER_MACSEC_QCA
+ /* driver_macsec_qca.c */
+extern struct wpa_driver_ops wpa_driver_macsec_qca_ops;
+#endif /* CONFIG_DRIVER_MACSEC_QCA */
#ifdef CONFIG_DRIVER_TEST
extern struct wpa_driver_ops wpa_driver_test_ops; /* driver_test.c */
#endif /* CONFIG_DRIVER_TEST */
@@ -75,6 +79,9 @@ struct wpa_driver_ops *wpa_drivers[] =
#ifdef CONFIG_DRIVER_WIRED
&wpa_driver_wired_ops,
#endif /* CONFIG_DRIVER_WIRED */
+#ifdef CONFIG_DRIVER_MACSEC_QCA
+ &wpa_driver_macsec_qca_ops,
+#endif /* CONFIG_DRIVER_MACSEC_QCA */
#ifdef CONFIG_DRIVER_TEST
&wpa_driver_test_ops,
#endif /* CONFIG_DRIVER_TEST */
diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak
index 68ff910..7e175f4 100644
--- a/src/drivers/drivers.mak
+++ b/src/drivers/drivers.mak
@@ -17,6 +17,11 @@ DRV_CFLAGS += -DCONFIG_DRIVER_WIRED
DRV_OBJS += ../src/drivers/driver_wired.o
endif
+ifdef CONFIG_DRIVER_MACSEC_QCA
+DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_QCA
+DRV_OBJS += ../src/drivers/driver_macsec_qca.o
+endif
+
ifdef CONFIG_DRIVER_NL80211
DRV_CFLAGS += -DCONFIG_DRIVER_NL80211
DRV_OBJS += ../src/drivers/driver_nl80211.o