wpa_supplicant / hostapd  2.5
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
ieee802_1x_kay.h
Go to the documentation of this file.
1 
5 #ifndef IEEE802_1X_KAY_H
6 #define IEEE802_1X_KAY_H
7 
8 #include "utils/list.h"
9 #include "common/defs.h"
10 #include "common/ieee802_1x_defs.h"
11 
12 struct macsec_init_params;
13 struct ieee802_1x_cp_conf;
14 
15 #define MI_LEN 12
16 #define MAX_KEY_LEN 32 /* 32 bytes, 256 bits */
17 #define MAX_CKN_LEN 32 /* 32 bytes, 256 bits */
18 
19 /* MKA timer, unit: millisecond */
20 #define MKA_HELLO_TIME 2000
21 #define MKA_LIFE_TIME 6000
22 #define MKA_SAK_RETIRE_TIME 3000
23 
24 struct ieee802_1x_mka_ki {
25  u8 mi[MI_LEN];
26  u32 kn;
27 };
28 
29 struct ieee802_1x_mka_sci {
30  u8 addr[ETH_ALEN];
31  u16 port;
32 };
33 
34 struct mka_key {
35  u8 key[MAX_KEY_LEN];
36  size_t len;
37 };
38 
39 struct mka_key_name {
40  u8 name[MAX_CKN_LEN];
41  size_t len;
42 };
43 
44 enum mka_created_mode {
45  PSK,
46  EAP_EXCHANGE,
47  DISTRIBUTED,
48  CACHED,
49 };
50 
51 struct ieee802_1x_kay_ctx {
52  /* pointer to arbitrary upper level context */
53  void *ctx;
54 
55  /* abstract wpa driver interface */
56  int (*macsec_init)(void *ctx, struct macsec_init_params *params);
57  int (*macsec_deinit)(void *ctx);
58  int (*enable_protect_frames)(void *ctx, Boolean enabled);
59  int (*set_replay_protect)(void *ctx, Boolean enabled, u32 window);
60  int (*set_current_cipher_suite)(void *ctx, const u8 *cs, size_t cs_len);
61  int (*enable_controlled_port)(void *ctx, Boolean enabled);
62  int (*get_receive_lowest_pn)(void *ctx, u32 channel, u8 an,
63  u32 *lowest_pn);
64  int (*get_transmit_next_pn)(void *ctx, u32 channel, u8 an,
65  u32 *next_pn);
66  int (*set_transmit_next_pn)(void *ctx, u32 channel, u8 an, u32 next_pn);
67  int (*get_available_receive_sc)(void *ctx, u32 *channel);
68  int (*create_receive_sc)(void *ctx, u32 channel,
69  struct ieee802_1x_mka_sci *sci,
70  enum validate_frames vf,
71  enum confidentiality_offset co);
72  int (*delete_receive_sc)(void *ctx, u32 channel);
73  int (*create_receive_sa)(void *ctx, u32 channel, u8 an, u32 lowest_pn,
74  const u8 *sak);
75  int (*enable_receive_sa)(void *ctx, u32 channel, u8 an);
76  int (*disable_receive_sa)(void *ctx, u32 channel, u8 an);
77  int (*get_available_transmit_sc)(void *ctx, u32 *channel);
78  int (*create_transmit_sc)(void *ctx, u32 channel,
79  const struct ieee802_1x_mka_sci *sci,
80  enum confidentiality_offset co);
81  int (*delete_transmit_sc)(void *ctx, u32 channel);
82  int (*create_transmit_sa)(void *ctx, u32 channel, u8 an, u32 next_pn,
83  Boolean confidentiality, const u8 *sak);
84  int (*enable_transmit_sa)(void *ctx, u32 channel, u8 an);
85  int (*disable_transmit_sa)(void *ctx, u32 channel, u8 an);
86 };
87 
88 struct ieee802_1x_kay {
89  Boolean enable;
90  Boolean active;
91 
92  Boolean authenticated;
93  Boolean secured;
94  Boolean failed;
95 
96  struct ieee802_1x_mka_sci actor_sci;
97  u8 actor_priority;
98  struct ieee802_1x_mka_sci key_server_sci;
99  u8 key_server_priority;
100 
101  enum macsec_cap macsec_capable;
102  Boolean macsec_desired;
103  Boolean macsec_protect;
104  Boolean macsec_replay_protect;
105  u32 macsec_replay_window;
106  enum validate_frames macsec_validate;
107  enum confidentiality_offset macsec_confidentiality;
108 
109  u32 ltx_kn;
110  u8 ltx_an;
111  u32 lrx_kn;
112  u8 lrx_an;
113 
114  u32 otx_kn;
115  u8 otx_an;
116  u32 orx_kn;
117  u8 orx_an;
118 
119  /* not defined in IEEE802.1X */
120  struct ieee802_1x_kay_ctx *ctx;
121  Boolean is_key_server;
122  Boolean is_obliged_key_server;
123  char if_name[IFNAMSIZ];
124 
125  int macsec_csindex; /* MACsec cipher suite table index */
126  int mka_algindex; /* MKA alg table index */
127 
128  u32 dist_kn;
129  u8 dist_an;
130  time_t dist_time;
131 
132  u8 mka_version;
133  u8 algo_agility[4];
134  u32 sc_ch;
135 
136  u32 pn_exhaustion;
137  Boolean port_enable;
138  Boolean rx_enable;
139  Boolean tx_enable;
140 
141  struct dl_list participant_list;
142  enum macsec_policy policy;
143 
144  struct ieee802_1x_cp_sm *cp;
145 
146  struct l2_packet_data *l2_mka;
147 
148  enum validate_frames vf;
149  enum confidentiality_offset co;
150 };
151 
152 
153 struct ieee802_1x_kay *
154 ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
155  const char *ifname, const u8 *addr);
156 void ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay);
157 
158 struct ieee802_1x_mka_participant *
159 ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
160  struct mka_key_name *ckn, struct mka_key *cak,
161  u32 life, enum mka_created_mode mode,
162  Boolean is_authenticator);
163 void ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay,
164  struct mka_key_name *ckn);
165 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
166  struct mka_key_name *ckn,
167  Boolean status);
168 int ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay);
169 int ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,
170  int cs_index);
171 
172 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
173  struct ieee802_1x_mka_ki *lki, u8 lan,
174  Boolean ltx, Boolean lrx);
175 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
176  struct ieee802_1x_mka_ki *oki,
177  u8 oan, Boolean otx, Boolean orx);
178 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
179  struct ieee802_1x_mka_ki *lki);
180 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
181  struct ieee802_1x_mka_ki *ki);
182 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
183  struct ieee802_1x_mka_ki *lki);
184 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
185  struct ieee802_1x_mka_ki *lki);
186 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay);
187 int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay,
188  struct ieee802_1x_cp_conf *pconf);
189 
190 #endif /* IEEE802_1X_KAY_H */
ieee802_1x_kay_enable_rx_sas
int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay, struct ieee802_1x_mka_ki *lki)
ieee802_1x_kay_enable_rx_sas -
Definition: ieee802_1x_kay.c:2746
mka_key_name
Definition: ieee802_1x_kay.h:39
ieee802_1x_cp_conf
Definition: ieee802_1x_cp.h:15
ieee802_1x_kay_set_latest_sa_attr
int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay, struct ieee802_1x_mka_ki *lki, u8 lan, Boolean ltx, Boolean lrx)
ieee802_1x_kay_set_latest_sa_attr -
Definition: ieee802_1x_kay.c:2540
mka_key
Definition: ieee802_1x_kay.h:34
defs.h
WPA Supplicant - Common definitions.
ieee802_1x_defs.h
IEEE Std 802.1X-2010 definitions.
ieee802_1x_kay_enable_tx_sas
int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay, struct ieee802_1x_mka_ki *lki)
ieee802_1x_kay_enable_tx_sas -
Definition: ieee802_1x_kay.c:2718
ieee802_1x_kay_change_cipher_suite
int ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay, int cs_index)
ieee802_1x_kay_change_cipher_suite -
Definition: ieee802_1x_kay.c:3468
ieee802_1x_kay_delete_sas
int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay, struct ieee802_1x_mka_ki *ki)
ieee802_1x_kay_delete_sas -
Definition: ieee802_1x_kay.c:2666
l2_packet_data
Definition: l2_packet_freebsd.c:32
macsec_cap
macsec_cap
Definition: ieee802_1x_defs.h:28
ieee802_1x_kay
Definition: ieee802_1x_kay.h:88
ieee802_1x_kay_cp_conf
int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay, struct ieee802_1x_cp_conf *pconf)
ieee802_1x_kay_cp_conf -
Definition: ieee802_1x_kay.c:2797
ieee802_1x_kay_create_sas
int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay, struct ieee802_1x_mka_ki *lki)
ieee802_1x_kay_create_sas -
Definition: ieee802_1x_kay.c:2611
ieee802_1x_kay_set_old_sa_attr
int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay, struct ieee802_1x_mka_ki *oki, u8 oan, Boolean otx, Boolean orx)
ieee802_1x_kay_set_old_sa_attr -
Definition: ieee802_1x_kay.c:2575
ieee802_1x_mka_participant
Definition: ieee802_1x_kay_i.h:174
list.h
Doubly-linked list.
ieee802_1x_mka_sci
Definition: ieee802_1x_kay.h:29
dl_list
Doubly-linked list.
Definition: list.h:12
ieee802_1x_kay_mka_participate
void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay, struct mka_key_name *ckn, Boolean status)
ieee802_1x_kay_mka_participate -
Definition: ieee802_1x_kay.c:3425
ieee802_1x_kay_create_mka
struct ieee802_1x_mka_participant * ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn, struct mka_key *cak, u32 life, enum mka_created_mode mode, Boolean is_authenticator)
ieee802_1x_kay_create_mka -
Definition: ieee802_1x_kay.c:3211
macsec_policy
macsec_policy
Definition: ieee802_1x_defs.h:12
ieee802_1x_kay_init
struct ieee802_1x_kay * ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy, const char *ifname, const u8 *addr)
ieee802_1x_kay_init -
Definition: ieee802_1x_kay.c:3082
ieee802_1x_cp_sm
Definition: ieee802_1x_cp.c:24
ieee802_1x_kay_ctx
Definition: ieee802_1x_kay.h:51
ieee802_1x_mka_ki
Definition: ieee802_1x_kay.h:24
ieee802_1x_kay_new_sak
int ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay)
ieee802_1x_kay_new_sak -
Definition: ieee802_1x_kay.c:3446
ieee802_1x_kay_deinit
void ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay)
ieee802_1x_kay_deinit -
Definition: ieee802_1x_kay.c:3178
ieee802_1x_kay_enable_new_info
int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
ieee802_1x_kay_enable_new_info -
Definition: ieee802_1x_kay.c:2777
ieee802_1x_kay_delete_mka
void ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
ieee802_1x_kay_delete_mka -
Definition: ieee802_1x_kay.c:3360
Generated on Sun Sep 27 2015 22:08:07 for wpa_supplicant / hostapd by   doxygen 1.8.6