2 * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3 * Copyright (c) 2013, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #ifndef IEEE802_1X_KAY_I_H
10 #define IEEE802_1X_KAY_I_H
12 #include "utils/list.h"
13 #include "common/defs.h"
14 #include "common/ieee802_1x_defs.h"
16 #define MKA_VERSION_ID 1
18 /* IEEE Std 802.1X-2010, 11.11.1, Table 11-7 */
19 enum mka_packet_type {
20 MKA_BASIC_PARAMETER_SET = MKA_VERSION_ID,
21 MKA_LIVE_PEER_LIST = 1,
22 MKA_POTENTIAL_PEER_LIST = 2,
24 MKA_DISTRIBUTED_SAK = 4,
25 MKA_DISTRIBUTED_CAK = 5,
28 MKA_ICV_INDICATOR = 255
31 #define ICV_LEN 16 /* 16 bytes */
32 #define SAK_WRAPPED_LEN 24
33 /* KN + Wrapper SAK */
34 #define DEFAULT_DIS_SAK_BODY_LENGTH (SAK_WRAPPED_LEN + 4)
35 #define MAX_RETRY_CNT 5
37 struct ieee802_1x_kay;
39 struct ieee802_1x_mka_peer_id {
44 struct ieee802_1x_kay_peer {
45 struct ieee802_1x_mka_sci sci;
49 Boolean is_key_server;
50 u8 key_server_priority;
51 Boolean macsec_desired;
52 enum macsec_cap macsec_capbility;
59 struct ieee802_1x_mka_ki ki;
60 enum confidentiality_offset offset;
64 int key_len; /* unit: byte */
70 struct ieee802_1x_mka_ki key_identifier;
71 enum confidentiality_offset confidentiality_offset;
75 struct os_time created_time;
78 /* not defined data */
82 int user; /* FIXME: to indicate if it can be delete safely */
87 /* TransmitSC in IEEE Std 802.1AE-2006, Figure 10-6 */
89 struct ieee802_1x_mka_sci sci; /* const SCI sci */
90 Boolean transmitting; /* bool transmitting (read only) */
92 struct os_time created_time; /* Time createdTime */
94 u8 encoding_sa; /* AN encodingSA (read only) */
95 u8 enciphering_sa; /* AN encipheringSA (read only) */
97 /* not defined data */
101 struct dl_list sa_list;
104 /* TransmitSA in IEEE Std 802.1AE-2006, Figure 10-6 */
106 Boolean in_use; /* bool inUse (read only) */
107 u32 next_pn; /* PN nextPN (read only) */
108 struct os_time created_time; /* Time createdTime */
110 Boolean enable_transmit; /* bool EnableTransmit */
113 Boolean confidentiality;
114 struct data_key *pkey;
116 struct transmit_sc *sc;
117 struct dl_list list; /* list entry in struct transmit_sc::sa_list */
120 /* ReceiveSC in IEEE Std 802.1AE-2006, Figure 10-6 */
122 struct ieee802_1x_mka_sci sci; /* const SCI sci */
123 Boolean receiving; /* bool receiving (read only) */
125 struct os_time created_time; /* Time createdTime */
127 unsigned int channel;
130 struct dl_list sa_list;
133 /* ReceiveSA in IEEE Std 802.1AE-2006, Figure 10-6 */
135 Boolean enable_receive; /* bool enableReceive */
136 Boolean in_use; /* bool inUse (read only) */
138 u32 next_pn; /* PN nextPN (read only) */
139 u32 lowest_pn; /* PN lowestPN (read only) */
141 struct os_time created_time;
143 struct data_key *pkey;
144 struct receive_sc *sc; /* list entry in struct receive_sc::sa_list */
149 struct macsec_ciphersuite {
152 enum macsec_cap capable;
153 int sak_len; /* unit: byte */
165 int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);
166 int (*ckn_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2,
167 const u8 *sid, size_t sid_len, u8 *ckn);
168 int (*kek_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *kek);
169 int (*ick_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *ick);
170 int (*icv_hash)(const u8 *ick, const u8 *msg, size_t msg_len, u8 *icv);
172 int index; /* index for configuring */
175 #define DEFAULT_MKA_ALG_INDEX 0
177 /* See IEEE Std 802.1X-2010, 9.16 MKA management */
178 struct ieee802_1x_mka_participant {
179 /* used for active and potential participant */
180 struct mka_key_name ckn;
184 /* used by management to monitor and control activation */
189 enum { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;
191 /* used for active participant */
193 struct dl_list live_peers;
194 struct dl_list potential_peers;
196 /* not defined in IEEE 802.1X */
202 struct ieee802_1x_mka_ki lki;
207 struct ieee802_1x_mka_ki oki;
212 Boolean is_key_server;
213 Boolean is_obliged_key_server;
214 Boolean can_be_key_server;
217 struct dl_list sak_list;
218 struct dl_list rxsc_list;
220 struct transmit_sc *txsc;
225 struct ieee802_1x_mka_peer_id current_peer_id;
226 struct ieee802_1x_mka_sci current_peer_sci;
233 Boolean advised_desired;
234 enum macsec_cap advised_capability;
236 struct data_key *new_key;
239 struct ieee802_1x_kay *kay;
242 struct ieee802_1x_mka_hdr {
248 #if __BYTE_ORDER == __LITTLE_ENDIAN
251 #elif __BYTE_ORDER == __BIG_ENDIAN
255 #error "Please fix <bits/endian.h>"
261 #define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr)
263 struct ieee802_1x_mka_basic_body {
269 #if __BYTE_ORDER == __LITTLE_ENDIAN
271 u32 macsec_capbility:2;
272 u32 macsec_desired:1;
274 #elif __BYTE_ORDER == __BIG_ENDIAN
276 u32 macsec_desired:1;
277 u32 macsec_capbility:2;
283 struct ieee802_1x_mka_sci actor_sci;
288 /* followed by CAK Name*/
292 struct ieee802_1x_mka_peer_body {
298 #if __BYTE_ORDER == __LITTLE_ENDIAN
301 #elif __BYTE_ORDER == __BIG_ENDIAN
309 /* followed by Peers */
312 struct ieee802_1x_mka_sak_use_body {
316 #if __BYTE_ORDER == __LITTLE_ENDIAN
323 #elif __BYTE_ORDER == __BIG_ENDIAN
333 #if __BYTE_ORDER == __LITTLE_ENDIAN
339 #elif __BYTE_ORDER == __BIG_ENDIAN
366 struct ieee802_1x_mka_dist_sak_body {
370 #if __BYTE_ORDER == __LITTLE_ENDIAN
374 #elif __BYTE_ORDER == __BIG_ENDIAN
380 #if __BYTE_ORDER == __LITTLE_ENDIAN
383 #elif __BYTE_ORDER == __BIG_ENDIAN
392 /* for GCM-AES-128: octet 9-32: SAK
393 * for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK
399 struct ieee802_1x_mka_icv_body {
405 #if __BYTE_ORDER == __LITTLE_ENDIAN
408 #elif __BYTE_ORDER == __BIG_ENDIAN
419 #endif /* IEEE802_1X_KAY_I_H */