wpa_supplicant / hostapd  2.5
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
ieee802_1x_kay_i.h
Go to the documentation of this file.
1 
5 #ifndef IEEE802_1X_KAY_I_H
6 #define IEEE802_1X_KAY_I_H
7 
8 #include "utils/list.h"
9 #include "common/defs.h"
10 #include "common/ieee802_1x_defs.h"
11 
12 #define MKA_VERSION_ID 1
13 
14 /* IEEE Std 802.1X-2010, 11.11.1, Table 11-7 */
15 enum mka_packet_type {
16  MKA_BASIC_PARAMETER_SET = MKA_VERSION_ID,
17  MKA_LIVE_PEER_LIST = 1,
18  MKA_POTENTIAL_PEER_LIST = 2,
19  MKA_SAK_USE = 3,
20  MKA_DISTRIBUTED_SAK = 4,
21  MKA_DISTRIBUTED_CAK = 5,
22  MKA_KMD = 6,
23  MKA_ANNOUNCEMENT = 7,
24  MKA_ICV_INDICATOR = 255
25 };
26 
27 #define ICV_LEN 16 /* 16 bytes */
28 #define SAK_WRAPPED_LEN 24
29 /* KN + Wrapper SAK */
30 #define DEFAULT_DIS_SAK_BODY_LENGTH (SAK_WRAPPED_LEN + 4)
31 #define MAX_RETRY_CNT 5
32 
33 struct ieee802_1x_kay;
34 
35 struct ieee802_1x_mka_peer_id {
36  u8 mi[MI_LEN];
37  u32 mn;
38 };
39 
40 struct ieee802_1x_kay_peer {
41  struct ieee802_1x_mka_sci sci;
42  u8 mi[MI_LEN];
43  u32 mn;
44  time_t expire;
45  Boolean is_key_server;
46  u8 key_server_priority;
47  Boolean macsec_desired;
48  enum macsec_cap macsec_capbility;
49  Boolean sak_used;
50  struct dl_list list;
51 };
52 
53 struct key_conf {
54  u8 *key;
55  struct ieee802_1x_mka_ki ki;
56  enum confidentiality_offset offset;
57  u8 an;
58  Boolean tx;
59  Boolean rx;
60  int key_len; /* unit: byte */
61 };
62 
63 struct data_key {
64  u8 *key;
65  int key_len;
66  struct ieee802_1x_mka_ki key_identifier;
67  enum confidentiality_offset confidentiality_offset;
68  u8 an;
69  Boolean transmits;
70  Boolean receives;
71  struct os_time created_time;
72  u32 next_pn;
73 
74  /* not defined data */
75  Boolean rx_latest;
76  Boolean tx_latest;
77 
78  int user; /* FIXME: to indicate if it can be delete safely */
79 
80  struct dl_list list;
81 };
82 
83 /* TransmitSC in IEEE Std 802.1AE-2006, Figure 10-6 */
84 struct transmit_sc {
85  struct ieee802_1x_mka_sci sci; /* const SCI sci */
86  Boolean transmitting; /* bool transmitting (read only) */
87 
88  struct os_time created_time; /* Time createdTime */
89 
90  u8 encoding_sa; /* AN encodingSA (read only) */
91  u8 enciphering_sa; /* AN encipheringSA (read only) */
92 
93  /* not defined data */
94  unsigned int channel;
95 
96  struct dl_list list;
97  struct dl_list sa_list;
98 };
99 
100 /* TransmitSA in IEEE Std 802.1AE-2006, Figure 10-6 */
101 struct transmit_sa {
102  Boolean in_use; /* bool inUse (read only) */
103  u32 next_pn; /* PN nextPN (read only) */
104  struct os_time created_time; /* Time createdTime */
105 
106  Boolean enable_transmit; /* bool EnableTransmit */
107 
108  u8 an;
109  Boolean confidentiality;
110  struct data_key *pkey;
111 
112  struct transmit_sc *sc;
113  struct dl_list list; /* list entry in struct transmit_sc::sa_list */
114 };
115 
116 /* ReceiveSC in IEEE Std 802.1AE-2006, Figure 10-6 */
117 struct receive_sc {
118  struct ieee802_1x_mka_sci sci; /* const SCI sci */
119  Boolean receiving; /* bool receiving (read only) */
120 
121  struct os_time created_time; /* Time createdTime */
122 
123  unsigned int channel;
124 
125  struct dl_list list;
126  struct dl_list sa_list;
127 };
128 
129 /* ReceiveSA in IEEE Std 802.1AE-2006, Figure 10-6 */
130 struct receive_sa {
131  Boolean enable_receive; /* bool enableReceive */
132  Boolean in_use; /* bool inUse (read only) */
133 
134  u32 next_pn; /* PN nextPN (read only) */
135  u32 lowest_pn; /* PN lowestPN (read only) */
136  u8 an;
137  struct os_time created_time;
138 
139  struct data_key *pkey;
140  struct receive_sc *sc; /* list entry in struct receive_sc::sa_list */
141 
142  struct dl_list list;
143 };
144 
145 struct macsec_ciphersuite {
146  u8 id[CS_ID_LEN];
147  char name[32];
148  enum macsec_cap capable;
149  int sak_len; /* unit: byte */
150 
151  u32 index;
152 };
153 
154 struct mka_alg {
155  u8 parameter[4];
156  size_t cak_len;
157  size_t kek_len;
158  size_t ick_len;
159  size_t icv_len;
160 
161  int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);
162  int (*ckn_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2,
163  const u8 *sid, size_t sid_len, u8 *ckn);
164  int (*kek_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *kek);
165  int (*ick_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *ick);
166  int (*icv_hash)(const u8 *ick, const u8 *msg, size_t msg_len, u8 *icv);
167 
168  int index; /* index for configuring */
169 };
170 
171 #define DEFAULT_MKA_ALG_INDEX 0
172 
173 /* See IEEE Std 802.1X-2010, 9.16 MKA management */
174 struct ieee802_1x_mka_participant {
175  /* used for active and potential participant */
176  struct mka_key_name ckn;
177  struct mka_key cak;
178  Boolean cached;
179 
180  /* used by management to monitor and control activation */
181  Boolean active;
182  Boolean participant;
183  Boolean retain;
184 
185  enum { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;
186 
187  /* used for active participant */
188  Boolean principal;
189  struct dl_list live_peers;
190  struct dl_list potential_peers;
191 
192  /* not defined in IEEE 802.1X */
193  struct dl_list list;
194 
195  struct mka_key kek;
196  struct mka_key ick;
197 
198  struct ieee802_1x_mka_ki lki;
199  u8 lan;
200  Boolean ltx;
201  Boolean lrx;
202 
203  struct ieee802_1x_mka_ki oki;
204  u8 oan;
205  Boolean otx;
206  Boolean orx;
207 
208  Boolean is_key_server;
209  Boolean is_obliged_key_server;
210  Boolean can_be_key_server;
211  Boolean is_elected;
212 
213  struct dl_list sak_list;
214  struct dl_list rxsc_list;
215 
216  struct transmit_sc *txsc;
217 
218  u8 mi[MI_LEN];
219  u32 mn;
220 
221  struct ieee802_1x_mka_peer_id current_peer_id;
222  struct ieee802_1x_mka_sci current_peer_sci;
223  time_t cak_life;
224  time_t mka_life;
225  Boolean to_dist_sak;
226  Boolean to_use_sak;
227  Boolean new_sak;
228 
229  Boolean advised_desired;
230  enum macsec_cap advised_capability;
231 
232  struct data_key *new_key;
233  u32 retry_count;
234 
235  struct ieee802_1x_kay *kay;
236 };
237 
238 struct ieee802_1x_mka_hdr {
239  /* octet 1 */
240  u32 type:8;
241  /* octet 2 */
242  u32 reserve:8;
243  /* octet 3 */
244 #if __BYTE_ORDER == __LITTLE_ENDIAN
245  u32 length:4;
246  u32 reserve1:4;
247 #elif __BYTE_ORDER == __BIG_ENDIAN
248  u32 reserve1:4;
249  u32 length:4;
250 #else
251 #error "Please fix <bits/endian.h>"
252 #endif
253  /* octet 4 */
254  u32 length1:8;
255 };
256 
257 #define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr)
258 
259 struct ieee802_1x_mka_basic_body {
260  /* octet 1 */
261  u32 version:8;
262  /* octet 2 */
263  u32 priority:8;
264  /* octet 3 */
265 #if __BYTE_ORDER == __LITTLE_ENDIAN
266  u32 length:4;
267  u32 macsec_capbility:2;
268  u32 macsec_desired:1;
269  u32 key_server:1;
270 #elif __BYTE_ORDER == __BIG_ENDIAN
271  u32 key_server:1;
272  u32 macsec_desired:1;
273  u32 macsec_capbility:2;
274  u32 length:4;
275 #endif
276  /* octet 4 */
277  u32 length1:8;
278 
279  struct ieee802_1x_mka_sci actor_sci;
280  u8 actor_mi[MI_LEN];
281  u32 actor_mn;
282  u8 algo_agility[4];
283 
284  /* followed by CAK Name*/
285  u8 ckn[0];
286 };
287 
288 struct ieee802_1x_mka_peer_body {
289  /* octet 1 */
290  u32 type:8;
291  /* octet 2 */
292  u32 reserve:8;
293  /* octet 3 */
294 #if __BYTE_ORDER == __LITTLE_ENDIAN
295  u32 length:4;
296  u32 reserve1:4;
297 #elif __BYTE_ORDER == __BIG_ENDIAN
298  u32 reserve1:4;
299  u32 length:4;
300 #endif
301  /* octet 4 */
302  u32 length1:8;
303 
304  u8 peer[0];
305  /* followed by Peers */
306 };
307 
308 struct ieee802_1x_mka_sak_use_body {
309  /* octet 1 */
310  u32 type:8;
311  /* octet 2 */
312 #if __BYTE_ORDER == __LITTLE_ENDIAN
313  u32 orx:1;
314  u32 otx:1;
315  u32 oan:2;
316  u32 lrx:1;
317  u32 ltx:1;
318  u32 lan:2;
319 #elif __BYTE_ORDER == __BIG_ENDIAN
320  u32 lan:2;
321  u32 ltx:1;
322  u32 lrx:1;
323  u32 oan:2;
324  u32 otx:1;
325  u32 orx:1;
326 #endif
327 
328  /* octet 3 */
329 #if __BYTE_ORDER == __LITTLE_ENDIAN
330  u32 length:4;
331  u32 delay_protect:1;
332  u32 reserve:1;
333  u32 prx:1;
334  u32 ptx:1;
335 #elif __BYTE_ORDER == __BIG_ENDIAN
336  u32 ptx:1;
337  u32 prx:1;
338  u32 reserve:1;
339  u32 delay_protect:1;
340  u32 length:4;
341 #endif
342 
343  /* octet 4 */
344  u32 length1:8;
345 
346  /* octet 5 - 16 */
347  u8 lsrv_mi[MI_LEN];
348  /* octet 17 - 20 */
349  u32 lkn;
350  /* octet 21 - 24 */
351  u32 llpn;
352 
353  /* octet 25 - 36 */
354  u8 osrv_mi[MI_LEN];
355  /* octet 37 - 40 */
356  u32 okn;
357  /* octet 41 - 44 */
358  u32 olpn;
359 };
360 
361 
362 struct ieee802_1x_mka_dist_sak_body {
363  /* octet 1 */
364  u32 type:8;
365  /* octet 2 */
366 #if __BYTE_ORDER == __LITTLE_ENDIAN
367  u32 reserve:4;
368  u32 confid_offset:2;
369  u32 dan:2;
370 #elif __BYTE_ORDER == __BIG_ENDIAN
371  u32 dan:2;
372  u32 confid_offset:2;
373  u32 reserve:4;
374 #endif
375  /* octet 3 */
376 #if __BYTE_ORDER == __LITTLE_ENDIAN
377  u32 length:4;
378  u32 reserve1:4;
379 #elif __BYTE_ORDER == __BIG_ENDIAN
380  u32 reserve1:4;
381  u32 length:4;
382 #endif
383  /* octet 4 */
384  u32 length1:8;
385  /* octet 5 - 8 */
386  u32 kn;
387 
388  /* for GCM-AES-128: octet 9-32: SAK
389  * for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK
390  */
391  u8 sak[0];
392 };
393 
394 
395 struct ieee802_1x_mka_icv_body {
396  /* octet 1 */
397  u32 type:8;
398  /* octet 2 */
399  u32 reserve:8;
400  /* octet 3 */
401 #if __BYTE_ORDER == __LITTLE_ENDIAN
402  u32 length:4;
403  u32 reserve1:4;
404 #elif __BYTE_ORDER == __BIG_ENDIAN
405  u32 reserve1:4;
406  u32 length:4;
407 #endif
408  /* octet 4 */
409  u32 length1:8;
410 
411  /* octet 5 - */
412  u8 icv[0];
413 };
414 
415 #endif /* IEEE802_1X_KAY_I_H */
ieee802_1x_mka_icv_body
Definition: ieee802_1x_kay_i.h:395
mka_key_name
Definition: ieee802_1x_kay.h:39
transmit_sa
Definition: ieee802_1x_kay_i.h:101
os_time
Definition: os.h:17
ieee802_1x_kay_peer
Definition: ieee802_1x_kay_i.h:40
mka_alg
Definition: ieee802_1x_kay_i.h:154
receive_sa
Definition: ieee802_1x_kay_i.h:130
macsec_ciphersuite
Definition: ieee802_1x_kay_i.h:145
mka_key
Definition: ieee802_1x_kay.h:34
defs.h
WPA Supplicant - Common definitions.
ieee802_1x_mka_basic_body
Definition: ieee802_1x_kay_i.h:259
ieee802_1x_mka_hdr
Definition: ieee802_1x_kay_i.h:238
data_key
Definition: ieee802_1x_kay_i.h:63
receive_sc
Definition: ieee802_1x_kay_i.h:117
ieee802_1x_defs.h
IEEE Std 802.1X-2010 definitions.
macsec_cap
macsec_cap
Definition: ieee802_1x_defs.h:28
ieee802_1x_kay
Definition: ieee802_1x_kay.h:88
ieee802_1x_mka_participant
Definition: ieee802_1x_kay_i.h:174
list.h
Doubly-linked list.
ieee802_1x_mka_sci
Definition: ieee802_1x_kay.h:29
dl_list
Doubly-linked list.
Definition: list.h:12
ieee802_1x_mka_dist_sak_body
Definition: ieee802_1x_kay_i.h:362
ieee802_1x_mka_peer_body
Definition: ieee802_1x_kay_i.h:288
transmit_sc
Definition: ieee802_1x_kay_i.h:84
ieee802_1x_mka_ki
Definition: ieee802_1x_kay.h:24
key_conf
Definition: ieee802_1x_kay_i.h:53
ieee802_1x_mka_sak_use_body
Definition: ieee802_1x_kay_i.h:308
ieee802_1x_mka_peer_id
Definition: ieee802_1x_kay_i.h:35
Generated on Sun Sep 27 2015 22:08:07 for wpa_supplicant / hostapd by   doxygen 1.8.6