2 * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3 * Copyright (c) 2013, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
15 #include "state_machine.h"
16 #include "l2_packet/l2_packet.h"
17 #include "common/eapol_common.h"
18 #include "crypto/aes_wrap.h"
19 #include "ieee802_1x_cp.h"
20 #include "ieee802_1x_key.h"
21 #include "ieee802_1x_kay.h"
22 #include "ieee802_1x_kay_i.h"
23 #include "ieee802_1x_secy_ops.h"
26 #define DEFAULT_SA_KEY_LEN 16
27 #define DEFAULT_ICV_LEN 16
28 #define MAX_ICV_LEN 32 /* 32 bytes, 256 bits */
30 #define PENDING_PN_EXHAUSTION 0xC0000000
32 #define MKA_ALIGN_LENGTH(len) (((len) + 0x3) & ~0x3)
34 /* IEEE Std 802.1X-2010, Table 9-1 - MKA Algorithm Agility */
35 #define MKA_ALGO_AGILITY_2009 { 0x00, 0x80, 0xC2, 0x01 }
36 static u8 mka_algo_agility[4] = MKA_ALGO_AGILITY_2009;
38 /* IEEE802.1AE-2006 Table 14-1 MACsec Cipher Suites */
39 static struct macsec_ciphersuite cipher_suite_tbl[] = {
42 .id = CS_ID_GCM_AES_128,
43 .name = CS_NAME_GCM_AES_128,
44 .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
45 .sak_len = DEFAULT_SA_KEY_LEN,
49 #define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
50 #define DEFAULT_CS_INDEX 0
52 static struct mka_alg mka_alg_tbl[] = {
54 .parameter = MKA_ALGO_AGILITY_2009,
56 /* 128-bit CAK, KEK, ICK, ICV */
57 .cak_len = DEFAULT_ICV_LEN,
58 .kek_len = DEFAULT_ICV_LEN,
59 .ick_len = DEFAULT_ICV_LEN,
60 .icv_len = DEFAULT_ICV_LEN,
62 .cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
63 .ckn_trfm = ieee802_1x_ckn_128bits_aes_cmac,
64 .kek_trfm = ieee802_1x_kek_128bits_aes_cmac,
65 .ick_trfm = ieee802_1x_ick_128bits_aes_cmac,
66 .icv_hash = ieee802_1x_icv_128bits_aes_cmac,
71 #define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
74 static int is_ki_equal(struct ieee802_1x_mka_ki *ki1,
75 struct ieee802_1x_mka_ki *ki2)
77 return os_memcmp(ki1->mi, ki2->mi, MI_LEN) == 0 &&
82 static void set_mka_param_body_len(void *body, unsigned int len)
84 struct ieee802_1x_mka_hdr *hdr = body;
85 hdr->length = (len >> 8) & 0x0f;
86 hdr->length1 = len & 0xff;
90 static unsigned int get_mka_param_body_len(const void *body)
92 const struct ieee802_1x_mka_hdr *hdr = body;
93 return (hdr->length << 8) | hdr->length1;
97 static u8 get_mka_param_body_type(const void *body)
99 const struct ieee802_1x_mka_hdr *hdr = body;
105 * ieee802_1x_mka_dump_basic_body -
108 ieee802_1x_mka_dump_basic_body(struct ieee802_1x_mka_basic_body *body)
115 body_len = get_mka_param_body_len(body);
116 wpa_printf(MSG_DEBUG, "*** MKA Basic Parameter set ***");
117 wpa_printf(MSG_DEBUG, "\tVersion.......: %d", body->version);
118 wpa_printf(MSG_DEBUG, "\tPriority......: %d", body->priority);
119 wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server);
120 wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired);
121 wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capability);
122 wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
123 wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR,
124 MAC2STR(body->actor_sci.addr));
125 wpa_printf(MSG_DEBUG, "\tSCI Port .....: %d",
126 be_to_host16(body->actor_sci.port));
127 wpa_hexdump(MSG_DEBUG, "\tMember Id.....:",
128 body->actor_mi, sizeof(body->actor_mi));
129 wpa_printf(MSG_DEBUG, "\tMessage Number: %d",
130 be_to_host32(body->actor_mn));
131 wpa_hexdump(MSG_DEBUG, "\tAlgo Agility..:",
132 body->algo_agility, sizeof(body->algo_agility));
133 wpa_hexdump_ascii(MSG_DEBUG, "\tCAK Name......:", body->ckn,
134 body_len + MKA_HDR_LEN - sizeof(*body));
139 * ieee802_1x_mka_dump_peer_body -
142 ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
152 body_len = get_mka_param_body_len(body);
153 if (body->type == MKA_LIVE_PEER_LIST) {
154 wpa_printf(MSG_DEBUG, "*** Live Peer List ***");
155 wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
156 } else if (body->type == MKA_POTENTIAL_PEER_LIST) {
157 wpa_printf(MSG_DEBUG, "*** Potential Live Peer List ***");
158 wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
161 for (i = 0; i < body_len; i += MI_LEN + sizeof(mn)) {
163 os_memcpy(&mn, mi + MI_LEN, sizeof(mn));
164 wpa_hexdump_ascii(MSG_DEBUG, "\tMember Id.....:", mi, MI_LEN);
165 wpa_printf(MSG_DEBUG, "\tMessage Number: %d", be_to_host32(mn));
171 * ieee802_1x_mka_dump_dist_sak_body -
174 ieee802_1x_mka_dump_dist_sak_body(struct ieee802_1x_mka_dist_sak_body *body)
181 body_len = get_mka_param_body_len(body);
182 wpa_printf(MSG_INFO, "*** Distributed SAK ***");
183 wpa_printf(MSG_INFO, "\tDistributed AN........: %d", body->dan);
184 wpa_printf(MSG_INFO, "\tConfidentiality Offset: %d",
185 body->confid_offset);
186 wpa_printf(MSG_INFO, "\tBody Length...........: %zu", body_len);
190 wpa_printf(MSG_INFO, "\tKey Number............: %d",
191 be_to_host32(body->kn));
192 wpa_hexdump(MSG_INFO, "\tAES Key Wrap of SAK...:", body->sak, 24);
196 static const char * yes_no(int val)
198 return val ? "Yes" : "No";
203 * ieee802_1x_mka_dump_sak_use_body -
206 ieee802_1x_mka_dump_sak_use_body(struct ieee802_1x_mka_sak_use_body *body)
213 body_len = get_mka_param_body_len(body);
214 wpa_printf(MSG_DEBUG, "*** MACsec SAK Use ***");
215 wpa_printf(MSG_DEBUG, "\tLatest Key AN....: %d", body->lan);
216 wpa_printf(MSG_DEBUG, "\tLatest Key Tx....: %s", yes_no(body->ltx));
217 wpa_printf(MSG_DEBUG, "\tLatest Key Rx....: %s", yes_no(body->lrx));
218 wpa_printf(MSG_DEBUG, "\tOld Key AN....: %d", body->oan);
219 wpa_printf(MSG_DEBUG, "\tOld Key Tx....: %s", yes_no(body->otx));
220 wpa_printf(MSG_DEBUG, "\tOld Key Rx....: %s", yes_no(body->orx));
221 wpa_printf(MSG_DEBUG, "\tPlain Key Tx....: %s", yes_no(body->ptx));
222 wpa_printf(MSG_DEBUG, "\tPlain Key Rx....: %s", yes_no(body->prx));
223 wpa_printf(MSG_DEBUG, "\tDelay Protect....: %s",
224 yes_no(body->delay_protect));
225 wpa_printf(MSG_DEBUG, "\tBody Length......: %d", body_len);
229 wpa_hexdump(MSG_DEBUG, "\tKey Server MI....:",
230 body->lsrv_mi, sizeof(body->lsrv_mi));
231 wpa_printf(MSG_DEBUG, "\tKey Number.......: %u",
232 be_to_host32(body->lkn));
233 wpa_printf(MSG_DEBUG, "\tLowest PN........: %u",
234 be_to_host32(body->llpn));
235 wpa_hexdump_ascii(MSG_DEBUG, "\tOld Key Server MI....:",
236 body->osrv_mi, sizeof(body->osrv_mi));
237 wpa_printf(MSG_DEBUG, "\tOld Key Number.......: %u",
238 be_to_host32(body->okn));
239 wpa_printf(MSG_DEBUG, "\tOld Lowest PN........: %u",
240 be_to_host32(body->olpn));
245 * ieee802_1x_kay_get_participant -
247 static struct ieee802_1x_mka_participant *
248 ieee802_1x_kay_get_participant(struct ieee802_1x_kay *kay, const u8 *ckn)
250 struct ieee802_1x_mka_participant *participant;
252 dl_list_for_each(participant, &kay->participant_list,
253 struct ieee802_1x_mka_participant, list) {
254 if (os_memcmp(participant->ckn.name, ckn,
255 participant->ckn.len) == 0)
259 wpa_printf(MSG_DEBUG, "KaY: participant is not found");
266 * ieee802_1x_kay_get_principal_participant -
268 static struct ieee802_1x_mka_participant *
269 ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay)
271 struct ieee802_1x_mka_participant *participant;
273 dl_list_for_each(participant, &kay->participant_list,
274 struct ieee802_1x_mka_participant, list) {
275 if (participant->principal)
279 wpa_printf(MSG_DEBUG, "KaY: principal participant is not found");
284 static struct ieee802_1x_kay_peer * get_peer_mi(struct dl_list *peers,
287 struct ieee802_1x_kay_peer *peer;
289 dl_list_for_each(peer, peers, struct ieee802_1x_kay_peer, list) {
290 if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
299 * ieee802_1x_kay_get_potential_peer
301 static struct ieee802_1x_kay_peer *
302 ieee802_1x_kay_get_potential_peer(
303 struct ieee802_1x_mka_participant *participant, const u8 *mi)
305 return get_peer_mi(&participant->potential_peers, mi);
310 * ieee802_1x_kay_get_live_peer
312 static struct ieee802_1x_kay_peer *
313 ieee802_1x_kay_get_live_peer(struct ieee802_1x_mka_participant *participant,
316 return get_peer_mi(&participant->live_peers, mi);
321 * ieee802_1x_kay_is_in_potential_peer
324 ieee802_1x_kay_is_in_potential_peer(
325 struct ieee802_1x_mka_participant *participant, const u8 *mi)
327 return ieee802_1x_kay_get_potential_peer(participant, mi) != NULL;
332 * ieee802_1x_kay_is_in_live_peer
335 ieee802_1x_kay_is_in_live_peer(
336 struct ieee802_1x_mka_participant *participant, const u8 *mi)
338 return ieee802_1x_kay_get_live_peer(participant, mi) != NULL;
343 * ieee802_1x_kay_get_peer
345 static struct ieee802_1x_kay_peer *
346 ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
349 struct ieee802_1x_kay_peer *peer;
351 peer = ieee802_1x_kay_get_live_peer(participant, mi);
355 return ieee802_1x_kay_get_potential_peer(participant, mi);
360 * ieee802_1x_kay_get_cipher_suite
362 static struct macsec_ciphersuite *
363 ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
368 for (i = 0; i < CS_TABLE_SIZE; i++) {
369 if (os_memcmp(cipher_suite_tbl[i].id, cs_id, CS_ID_LEN) == 0)
370 return &cipher_suite_tbl[i];
377 static Boolean sci_equal(const struct ieee802_1x_mka_sci *a,
378 const struct ieee802_1x_mka_sci *b)
380 return os_memcmp(a, b, sizeof(struct ieee802_1x_mka_sci)) == 0;
385 * ieee802_1x_kay_get_peer_sci
387 static struct ieee802_1x_kay_peer *
388 ieee802_1x_kay_get_peer_sci(struct ieee802_1x_mka_participant *participant,
389 const struct ieee802_1x_mka_sci *sci)
391 struct ieee802_1x_kay_peer *peer;
393 dl_list_for_each(peer, &participant->live_peers,
394 struct ieee802_1x_kay_peer, list) {
395 if (sci_equal(&peer->sci, sci))
399 dl_list_for_each(peer, &participant->potential_peers,
400 struct ieee802_1x_kay_peer, list) {
401 if (sci_equal(&peer->sci, sci))
410 * ieee802_1x_kay_init_receive_sa -
412 static struct receive_sa *
413 ieee802_1x_kay_init_receive_sa(struct receive_sc *psc, u8 an, u32 lowest_pn,
414 struct data_key *key)
416 struct receive_sa *psa;
421 psa = os_zalloc(sizeof(*psa));
423 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
428 psa->lowest_pn = lowest_pn;
429 psa->next_pn = lowest_pn;
433 os_get_time(&psa->created_time);
436 dl_list_add(&psc->sa_list, &psa->list);
437 wpa_printf(MSG_DEBUG,
438 "KaY: Create receive SA(AN: %hhu lowest_pn: %u of SC(channel: %d)",
439 an, lowest_pn, psc->channel);
446 * ieee802_1x_kay_deinit_receive_sa -
448 static void ieee802_1x_kay_deinit_receive_sa(struct receive_sa *psa)
451 wpa_printf(MSG_DEBUG,
452 "KaY: Delete receive SA(an: %hhu) of SC",
454 dl_list_del(&psa->list);
460 * ieee802_1x_kay_init_receive_sc -
462 static struct receive_sc *
463 ieee802_1x_kay_init_receive_sc(const struct ieee802_1x_mka_sci *psci,
466 struct receive_sc *psc;
471 psc = os_zalloc(sizeof(*psc));
473 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
477 os_memcpy(&psc->sci, psci, sizeof(psc->sci));
478 psc->channel = channel;
480 os_get_time(&psc->created_time);
481 psc->receiving = FALSE;
483 dl_list_init(&psc->sa_list);
484 wpa_printf(MSG_DEBUG, "KaY: Create receive SC(channel: %d)", channel);
485 wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)psci, sizeof(*psci));
492 * ieee802_1x_kay_deinit_receive_sc -
495 ieee802_1x_kay_deinit_receive_sc(
496 struct ieee802_1x_mka_participant *participant, struct receive_sc *psc)
498 struct receive_sa *psa, *pre_sa;
500 wpa_printf(MSG_DEBUG, "KaY: Delete receive SC(channel: %d)",
502 dl_list_for_each_safe(psa, pre_sa, &psc->sa_list, struct receive_sa,
504 secy_disable_receive_sa(participant->kay, psa);
505 ieee802_1x_kay_deinit_receive_sa(psa);
507 dl_list_del(&psc->list);
512 static void ieee802_1x_kay_dump_peer(struct ieee802_1x_kay_peer *peer)
514 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
515 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
516 wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
517 wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
521 static struct ieee802_1x_kay_peer *
522 ieee802_1x_kay_create_peer(const u8 *mi, u32 mn)
524 struct ieee802_1x_kay_peer *peer;
526 peer = os_zalloc(sizeof(*peer));
528 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
532 os_memcpy(peer->mi, mi, MI_LEN);
534 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
535 peer->sak_used = FALSE;
542 * ieee802_1x_kay_create_live_peer
544 static struct ieee802_1x_kay_peer *
545 ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant,
546 const u8 *mi, u32 mn)
548 struct ieee802_1x_kay_peer *peer;
549 struct receive_sc *rxsc;
552 peer = ieee802_1x_kay_create_peer(mi, mn);
556 os_memcpy(&peer->sci, &participant->current_peer_sci,
559 secy_get_available_receive_sc(participant->kay, &sc_ch);
561 rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
567 dl_list_add(&participant->live_peers, &peer->list);
568 dl_list_add(&participant->rxsc_list, &rxsc->list);
569 secy_create_receive_sc(participant->kay, rxsc);
571 wpa_printf(MSG_DEBUG, "KaY: Live peer created");
572 ieee802_1x_kay_dump_peer(peer);
579 * ieee802_1x_kay_create_potential_peer
581 static struct ieee802_1x_kay_peer *
582 ieee802_1x_kay_create_potential_peer(
583 struct ieee802_1x_mka_participant *participant, const u8 *mi, u32 mn)
585 struct ieee802_1x_kay_peer *peer;
587 peer = ieee802_1x_kay_create_peer(mi, mn);
591 dl_list_add(&participant->potential_peers, &peer->list);
593 wpa_printf(MSG_DEBUG, "KaY: potential peer created");
594 ieee802_1x_kay_dump_peer(peer);
601 * ieee802_1x_kay_move_live_peer
603 static struct ieee802_1x_kay_peer *
604 ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
607 struct ieee802_1x_kay_peer *peer;
608 struct receive_sc *rxsc;
611 peer = ieee802_1x_kay_get_potential_peer(participant, mi);
613 rxsc = ieee802_1x_kay_init_receive_sc(&participant->current_peer_sci,
618 os_memcpy(&peer->sci, &participant->current_peer_sci,
621 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
623 wpa_printf(MSG_DEBUG, "KaY: move potential peer to live peer");
624 ieee802_1x_kay_dump_peer(peer);
626 dl_list_del(&peer->list);
627 dl_list_add_tail(&participant->live_peers, &peer->list);
629 secy_get_available_receive_sc(participant->kay, &sc_ch);
631 dl_list_add(&participant->rxsc_list, &rxsc->list);
632 secy_create_receive_sc(participant->kay, rxsc);
640 * ieee802_1x_mka_basic_body_present -
643 ieee802_1x_mka_basic_body_present(
644 struct ieee802_1x_mka_participant *participant)
651 * ieee802_1x_mka_basic_body_length -
654 ieee802_1x_mka_basic_body_length(struct ieee802_1x_mka_participant *participant)
658 length = sizeof(struct ieee802_1x_mka_basic_body);
659 length += participant->ckn.len;
660 return MKA_ALIGN_LENGTH(length);
665 * ieee802_1x_mka_encode_basic_body
668 ieee802_1x_mka_encode_basic_body(
669 struct ieee802_1x_mka_participant *participant,
672 struct ieee802_1x_mka_basic_body *body;
673 struct ieee802_1x_kay *kay = participant->kay;
674 unsigned int length = ieee802_1x_mka_basic_body_length(participant);
676 body = wpabuf_put(buf, length);
678 body->version = kay->mka_version;
679 body->priority = kay->actor_priority;
680 if (participant->is_elected)
681 body->key_server = participant->is_key_server;
683 body->key_server = participant->can_be_key_server;
685 body->macsec_desired = kay->macsec_desired;
686 body->macsec_capability = kay->macsec_capable;
687 set_mka_param_body_len(body, length - MKA_HDR_LEN);
689 os_memcpy(body->actor_sci.addr, kay->actor_sci.addr,
690 sizeof(kay->actor_sci.addr));
691 body->actor_sci.port = kay->actor_sci.port;
693 os_memcpy(body->actor_mi, participant->mi, sizeof(body->actor_mi));
694 participant->mn = participant->mn + 1;
695 body->actor_mn = host_to_be32(participant->mn);
696 os_memcpy(body->algo_agility, kay->algo_agility,
697 sizeof(body->algo_agility));
699 os_memcpy(body->ckn, participant->ckn.name, participant->ckn.len);
701 ieee802_1x_mka_dump_basic_body(body);
708 reset_participant_mi(struct ieee802_1x_mka_participant *participant)
710 if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
719 * ieee802_1x_mka_decode_basic_body -
721 static struct ieee802_1x_mka_participant *
722 ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
725 struct ieee802_1x_mka_participant *participant;
726 const struct ieee802_1x_mka_basic_body *body;
727 struct ieee802_1x_kay_peer *peer;
729 body = (const struct ieee802_1x_mka_basic_body *) mka_msg;
731 if (body->version > MKA_VERSION_ID) {
732 wpa_printf(MSG_DEBUG,
733 "KaY: peer's version(%d) greater than mka current version(%d)",
734 body->version, MKA_VERSION_ID);
736 if (kay->is_obliged_key_server && body->key_server) {
737 wpa_printf(MSG_DEBUG, "I must be as key server");
741 participant = ieee802_1x_kay_get_participant(kay, body->ckn);
743 wpa_printf(MSG_DEBUG, "Peer is not included in my CA");
747 /* If the peer's MI is my MI, I will choose new MI */
748 if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
749 if (!reset_participant_mi(participant))
753 os_memcpy(participant->current_peer_id.mi, body->actor_mi, MI_LEN);
754 participant->current_peer_id.mn = body->actor_mn;
755 os_memcpy(participant->current_peer_sci.addr, body->actor_sci.addr,
756 sizeof(participant->current_peer_sci.addr));
757 participant->current_peer_sci.port = body->actor_sci.port;
760 peer = ieee802_1x_kay_get_peer(participant, body->actor_mi);
762 /* Check duplicated SCI */
763 /* TODO: What policy should be applied to detect duplicated SCI
764 * is active attacker or a valid peer whose MI is be changed?
766 peer = ieee802_1x_kay_get_peer_sci(participant,
769 wpa_printf(MSG_WARNING,
770 "KaY: duplicated SCI detected, Maybe active attacker");
771 dl_list_del(&peer->list);
775 peer = ieee802_1x_kay_create_potential_peer(
776 participant, body->actor_mi,
777 be_to_host32(body->actor_mn));
781 peer->macsec_desired = body->macsec_desired;
782 peer->macsec_capability = body->macsec_capability;
783 peer->is_key_server = (Boolean) body->key_server;
784 peer->key_server_priority = body->priority;
785 } else if (peer->mn < be_to_host32(body->actor_mn)) {
786 peer->mn = be_to_host32(body->actor_mn);
787 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
788 peer->macsec_desired = body->macsec_desired;
789 peer->macsec_capability = body->macsec_capability;
790 peer->is_key_server = (Boolean) body->key_server;
791 peer->key_server_priority = body->priority;
793 wpa_printf(MSG_WARNING, "KaY: The peer MN have received");
802 * ieee802_1x_mka_live_peer_body_present
805 ieee802_1x_mka_live_peer_body_present(
806 struct ieee802_1x_mka_participant *participant)
808 return !dl_list_empty(&participant->live_peers);
813 * ieee802_1x_kay_get_live_peer_length
816 ieee802_1x_mka_get_live_peer_length(
817 struct ieee802_1x_mka_participant *participant)
819 int len = MKA_HDR_LEN;
820 struct ieee802_1x_kay_peer *peer;
822 dl_list_for_each(peer, &participant->live_peers,
823 struct ieee802_1x_kay_peer, list)
824 len += sizeof(struct ieee802_1x_mka_peer_id);
826 return MKA_ALIGN_LENGTH(len);
831 * ieee802_1x_mka_encode_live_peer_body -
834 ieee802_1x_mka_encode_live_peer_body(
835 struct ieee802_1x_mka_participant *participant,
838 struct ieee802_1x_mka_peer_body *body;
839 struct ieee802_1x_kay_peer *peer;
841 struct ieee802_1x_mka_peer_id *body_peer;
843 length = ieee802_1x_mka_get_live_peer_length(participant);
844 body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
846 body->type = MKA_LIVE_PEER_LIST;
847 set_mka_param_body_len(body, length - MKA_HDR_LEN);
849 dl_list_for_each(peer, &participant->live_peers,
850 struct ieee802_1x_kay_peer, list) {
851 body_peer = wpabuf_put(buf,
852 sizeof(struct ieee802_1x_mka_peer_id));
853 os_memcpy(body_peer->mi, peer->mi, MI_LEN);
854 body_peer->mn = host_to_be32(peer->mn);
857 ieee802_1x_mka_dump_peer_body(body);
862 * ieee802_1x_mka_potential_peer_body_present
865 ieee802_1x_mka_potential_peer_body_present(
866 struct ieee802_1x_mka_participant *participant)
868 return !dl_list_empty(&participant->potential_peers);
873 * ieee802_1x_kay_get_potential_peer_length
876 ieee802_1x_mka_get_potential_peer_length(
877 struct ieee802_1x_mka_participant *participant)
879 int len = MKA_HDR_LEN;
880 struct ieee802_1x_kay_peer *peer;
882 dl_list_for_each(peer, &participant->potential_peers,
883 struct ieee802_1x_kay_peer, list)
884 len += sizeof(struct ieee802_1x_mka_peer_id);
886 return MKA_ALIGN_LENGTH(len);
891 * ieee802_1x_mka_encode_potential_peer_body -
894 ieee802_1x_mka_encode_potential_peer_body(
895 struct ieee802_1x_mka_participant *participant,
898 struct ieee802_1x_mka_peer_body *body;
899 struct ieee802_1x_kay_peer *peer;
901 struct ieee802_1x_mka_peer_id *body_peer;
903 length = ieee802_1x_mka_get_potential_peer_length(participant);
904 body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
906 body->type = MKA_POTENTIAL_PEER_LIST;
907 set_mka_param_body_len(body, length - MKA_HDR_LEN);
909 dl_list_for_each(peer, &participant->potential_peers,
910 struct ieee802_1x_kay_peer, list) {
911 body_peer = wpabuf_put(buf,
912 sizeof(struct ieee802_1x_mka_peer_id));
913 os_memcpy(body_peer->mi, peer->mi, MI_LEN);
914 body_peer->mn = host_to_be32(peer->mn);
917 ieee802_1x_mka_dump_peer_body(body);
923 * ieee802_1x_mka_i_in_peerlist -
926 ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
927 const u8 *mka_msg, size_t msg_len)
929 struct ieee802_1x_mka_hdr *hdr;
936 for (pos = mka_msg, left_len = msg_len;
937 left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
938 left_len -= body_len + MKA_HDR_LEN,
939 pos += body_len + MKA_HDR_LEN) {
940 hdr = (struct ieee802_1x_mka_hdr *) pos;
941 body_len = get_mka_param_body_len(hdr);
942 body_type = get_mka_param_body_type(hdr);
944 if (body_type != MKA_LIVE_PEER_LIST &&
945 body_type != MKA_POTENTIAL_PEER_LIST)
948 ieee802_1x_mka_dump_peer_body(
949 (struct ieee802_1x_mka_peer_body *)pos);
951 if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
952 wpa_printf(MSG_ERROR,
953 "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
954 left_len, MKA_HDR_LEN,
955 body_len, DEFAULT_ICV_LEN);
959 if ((body_len % 16) != 0) {
960 wpa_printf(MSG_ERROR,
961 "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
966 for (i = 0; i < body_len;
967 i += sizeof(struct ieee802_1x_mka_peer_id)) {
968 const struct ieee802_1x_mka_peer_id *peer_mi;
970 peer_mi = (const struct ieee802_1x_mka_peer_id *)
971 (pos + MKA_HDR_LEN + i);
972 if (os_memcmp(peer_mi->mi, participant->mi,
974 be_to_host32(peer_mi->mn) == participant->mn)
984 * ieee802_1x_mka_decode_live_peer_body -
986 static int ieee802_1x_mka_decode_live_peer_body(
987 struct ieee802_1x_mka_participant *participant,
988 const u8 *peer_msg, size_t msg_len)
990 const struct ieee802_1x_mka_hdr *hdr;
991 struct ieee802_1x_kay_peer *peer;
996 is_included = ieee802_1x_kay_is_in_live_peer(
997 participant, participant->current_peer_id.mi);
999 hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
1000 body_len = get_mka_param_body_len(hdr);
1001 if (body_len % 16 != 0) {
1002 wpa_printf(MSG_ERROR,
1003 "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
1008 for (i = 0; i < body_len; i += sizeof(struct ieee802_1x_mka_peer_id)) {
1009 const struct ieee802_1x_mka_peer_id *peer_mi;
1012 peer_mi = (const struct ieee802_1x_mka_peer_id *)
1013 (peer_msg + MKA_HDR_LEN + i);
1014 peer_mn = be_to_host32(peer_mi->mn);
1017 if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
1018 /* My message id is used by other participant */
1019 if (peer_mn > participant->mn &&
1020 !reset_participant_mi(participant))
1021 wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
1028 peer = ieee802_1x_kay_get_peer(participant, peer_mi->mi);
1031 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
1032 } else if (!ieee802_1x_kay_create_potential_peer(
1033 participant, peer_mi->mi, peer_mn)) {
1043 * ieee802_1x_mka_decode_potential_peer_body -
1046 ieee802_1x_mka_decode_potential_peer_body(
1047 struct ieee802_1x_mka_participant *participant,
1048 const u8 *peer_msg, size_t msg_len)
1050 const struct ieee802_1x_mka_hdr *hdr;
1054 hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
1055 body_len = get_mka_param_body_len(hdr);
1056 if (body_len % 16 != 0) {
1057 wpa_printf(MSG_ERROR,
1058 "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
1063 for (i = 0; i < body_len; i += sizeof(struct ieee802_1x_mka_peer_id)) {
1064 const struct ieee802_1x_mka_peer_id *peer_mi;
1067 peer_mi = (struct ieee802_1x_mka_peer_id *)
1068 (peer_msg + MKA_HDR_LEN + i);
1069 peer_mn = be_to_host32(peer_mi->mn);
1072 if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
1073 /* My message id is used by other participant */
1074 if (peer_mn > participant->mn &&
1075 !reset_participant_mi(participant))
1076 wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
1086 * ieee802_1x_mka_sak_use_body_present
1089 ieee802_1x_mka_sak_use_body_present(
1090 struct ieee802_1x_mka_participant *participant)
1092 return participant->to_use_sak;
1097 * ieee802_1x_mka_get_sak_use_length
1100 ieee802_1x_mka_get_sak_use_length(
1101 struct ieee802_1x_mka_participant *participant)
1103 int length = MKA_HDR_LEN;
1105 if (participant->kay->macsec_desired && participant->advised_desired)
1106 length = sizeof(struct ieee802_1x_mka_sak_use_body);
1108 return MKA_ALIGN_LENGTH(length);
1116 ieee802_1x_mka_get_lpn(struct ieee802_1x_mka_participant *principal,
1117 struct ieee802_1x_mka_ki *ki)
1119 struct receive_sa *rxsa;
1120 struct receive_sc *rxsc;
1123 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
1124 dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
1126 if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
1127 secy_get_receive_lowest_pn(principal->kay,
1130 lpn = lpn > rxsa->lowest_pn ?
1131 lpn : rxsa->lowest_pn;
1145 * ieee802_1x_mka_encode_sak_use_body -
1148 ieee802_1x_mka_encode_sak_use_body(
1149 struct ieee802_1x_mka_participant *participant,
1152 struct ieee802_1x_mka_sak_use_body *body;
1153 struct ieee802_1x_kay *kay = participant->kay;
1154 unsigned int length;
1157 length = ieee802_1x_mka_get_sak_use_length(participant);
1158 body = wpabuf_put(buf, length);
1160 body->type = MKA_SAK_USE;
1161 set_mka_param_body_len(body, length - MKA_HDR_LEN);
1163 if (length == MKA_HDR_LEN) {
1169 body->delay_protect = FALSE;
1173 /* data protect, lowest accept packet number */
1174 body->delay_protect = kay->macsec_replay_protect;
1175 pn = ieee802_1x_mka_get_lpn(participant, &participant->lki);
1176 if (pn > kay->pn_exhaustion) {
1177 wpa_printf(MSG_WARNING, "KaY: My LPN exhaustion");
1178 if (participant->is_key_server)
1179 participant->new_sak = TRUE;
1182 body->llpn = host_to_be32(pn);
1183 pn = ieee802_1x_mka_get_lpn(participant, &participant->oki);
1184 body->olpn = host_to_be32(pn);
1186 /* plain tx, plain rx */
1187 body->ptx = !kay->macsec_protect;
1188 body->prx = kay->macsec_validate != Strict;
1190 /* latest key: rx, tx, key server member identifier key number */
1191 body->lan = participant->lan;
1192 os_memcpy(body->lsrv_mi, participant->lki.mi, sizeof(body->lsrv_mi));
1193 body->lkn = host_to_be32(participant->lki.kn);
1194 body->lrx = participant->lrx;
1195 body->ltx = participant->ltx;
1197 /* old key: rx, tx, key server member identifier key number */
1198 body->oan = participant->oan;
1199 if (participant->oki.kn != participant->lki.kn &&
1200 participant->oki.kn != 0) {
1203 os_memcpy(body->osrv_mi, participant->oki.mi,
1204 sizeof(body->osrv_mi));
1205 body->okn = host_to_be32(participant->oki.kn);
1211 /* set CP's variable */
1213 kay->tx_enable = TRUE;
1214 kay->port_enable = TRUE;
1217 kay->rx_enable = TRUE;
1219 ieee802_1x_mka_dump_sak_use_body(body);
1225 * ieee802_1x_mka_decode_sak_use_body -
1228 ieee802_1x_mka_decode_sak_use_body(
1229 struct ieee802_1x_mka_participant *participant,
1230 const u8 *mka_msg, size_t msg_len)
1232 struct ieee802_1x_mka_hdr *hdr;
1233 struct ieee802_1x_mka_sak_use_body *body;
1234 struct ieee802_1x_kay_peer *peer;
1235 struct transmit_sa *txsa;
1236 struct data_key *sa_key = NULL;
1238 struct ieee802_1x_mka_ki ki;
1240 Boolean all_receiving;
1242 struct ieee802_1x_kay *kay = participant->kay;
1244 if (!participant->principal) {
1245 wpa_printf(MSG_WARNING, "KaY: Participant is not principal");
1248 peer = ieee802_1x_kay_get_live_peer(participant,
1249 participant->current_peer_id.mi);
1251 wpa_printf(MSG_WARNING, "KaY: the peer is not my live peer");
1255 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1256 body_len = get_mka_param_body_len(hdr);
1257 body = (struct ieee802_1x_mka_sak_use_body *) mka_msg;
1258 ieee802_1x_mka_dump_sak_use_body(body);
1260 if ((body_len != 0) && (body_len < 40)) {
1261 wpa_printf(MSG_ERROR,
1262 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 40, or more octets",
1267 /* TODO: what action should I take when peer does not support MACsec */
1268 if (body_len == 0) {
1269 wpa_printf(MSG_WARNING, "KaY: Peer does not support MACsec");
1273 /* TODO: when the plain tx or rx of peer is true, should I change
1274 * the attribute of controlled port
1277 wpa_printf(MSG_WARNING, "KaY: peer's plain rx are TRUE");
1280 wpa_printf(MSG_WARNING, "KaY: peer's plain tx are TRUE");
1282 /* check latest key is valid */
1283 if (body->ltx || body->lrx) {
1285 os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi));
1286 ki.kn = be_to_host32(body->lkn);
1287 dl_list_for_each(sa_key, &participant->sak_list,
1288 struct data_key, list) {
1289 if (is_ki_equal(&sa_key->key_identifier, &ki)) {
1295 wpa_printf(MSG_WARNING, "KaY: Latest key is invalid");
1298 if (os_memcmp(participant->lki.mi, body->lsrv_mi,
1299 sizeof(participant->lki.mi)) == 0 &&
1300 be_to_host32(body->lkn) == participant->lki.kn &&
1301 body->lan == participant->lan) {
1302 peer->sak_used = TRUE;
1304 if (body->ltx && peer->is_key_server) {
1305 ieee802_1x_cp_set_servertransmitting(kay->cp, TRUE);
1306 ieee802_1x_cp_sm_step(kay->cp);
1310 /* check old key is valid */
1311 if (body->otx || body->orx) {
1312 if (os_memcmp(participant->oki.mi, body->osrv_mi,
1313 sizeof(participant->oki.mi)) != 0 ||
1314 be_to_host32(body->okn) != participant->oki.kn ||
1315 body->oan != participant->oan) {
1316 wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
1321 /* TODO: how to set the MACsec hardware when delay_protect is true */
1322 if (body->delay_protect &&
1323 (!be_to_host32(body->llpn) || !be_to_host32(body->olpn))) {
1324 wpa_printf(MSG_WARNING,
1325 "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
1329 /* check all live peer have used the sak for receiving sa */
1330 all_receiving = TRUE;
1331 dl_list_for_each(peer, &participant->live_peers,
1332 struct ieee802_1x_kay_peer, list) {
1333 if (!peer->sak_used) {
1334 all_receiving = FALSE;
1338 if (all_receiving) {
1339 participant->to_dist_sak = FALSE;
1340 ieee802_1x_cp_set_allreceiving(kay->cp, TRUE);
1341 ieee802_1x_cp_sm_step(kay->cp);
1344 /* if i'm key server, and detects peer member pn exhaustion, rekey.*/
1345 lpn = be_to_host32(body->llpn);
1346 if (lpn > kay->pn_exhaustion) {
1347 if (participant->is_key_server) {
1348 participant->new_sak = TRUE;
1349 wpa_printf(MSG_WARNING, "KaY: Peer LPN exhaustion");
1354 dl_list_for_each(txsa, &participant->txsc->sa_list,
1355 struct transmit_sa, list) {
1356 if (sa_key != NULL && txsa->pkey == sa_key) {
1362 wpa_printf(MSG_WARNING, "KaY: Can't find txsa");
1366 /* FIXME: Secy creates txsa with default npn. If MKA detected Latest Key
1367 * npn is larger than txsa's npn, set it to txsa.
1369 secy_get_transmit_next_pn(kay, txsa);
1370 if (lpn > txsa->next_pn) {
1371 secy_set_transmit_next_pn(kay, txsa);
1372 wpa_printf(MSG_INFO, "KaY: update lpn =0x%x", lpn);
1380 * ieee802_1x_mka_dist_sak_body_present
1383 ieee802_1x_mka_dist_sak_body_present(
1384 struct ieee802_1x_mka_participant *participant)
1386 return participant->to_dist_sak && participant->new_key;
1391 * ieee802_1x_kay_get_dist_sak_length
1394 ieee802_1x_mka_get_dist_sak_length(
1395 struct ieee802_1x_mka_participant *participant)
1397 int length = MKA_HDR_LEN;
1398 int cs_index = participant->kay->macsec_csindex;
1400 if (participant->advised_desired) {
1401 length = sizeof(struct ieee802_1x_mka_dist_sak_body);
1402 if (cs_index != DEFAULT_CS_INDEX)
1403 length += CS_ID_LEN;
1405 length += cipher_suite_tbl[cs_index].sak_len + 8;
1408 return MKA_ALIGN_LENGTH(length);
1413 * ieee802_1x_mka_encode_dist_sak_body -
1416 ieee802_1x_mka_encode_dist_sak_body(
1417 struct ieee802_1x_mka_participant *participant,
1420 struct ieee802_1x_mka_dist_sak_body *body;
1421 struct data_key *sak;
1422 unsigned int length;
1426 length = ieee802_1x_mka_get_dist_sak_length(participant);
1427 body = wpabuf_put(buf, length);
1428 body->type = MKA_DISTRIBUTED_SAK;
1429 set_mka_param_body_len(body, length - MKA_HDR_LEN);
1430 if (length == MKA_HDR_LEN) {
1431 body->confid_offset = 0;
1436 sak = participant->new_key;
1437 body->confid_offset = sak->confidentiality_offset;
1438 body->dan = sak->an;
1439 body->kn = host_to_be32(sak->key_identifier.kn);
1440 cs_index = participant->kay->macsec_csindex;
1442 if (cs_index != DEFAULT_CS_INDEX) {
1443 os_memcpy(body->sak, cipher_suite_tbl[cs_index].id, CS_ID_LEN);
1444 sak_pos = CS_ID_LEN;
1446 if (aes_wrap(participant->kek.key, 16,
1447 cipher_suite_tbl[cs_index].sak_len / 8,
1448 sak->key, body->sak + sak_pos)) {
1449 wpa_printf(MSG_ERROR, "KaY: AES wrap failed");
1453 ieee802_1x_mka_dump_dist_sak_body(body);
1460 * ieee802_1x_kay_init_data_key -
1462 static struct data_key *
1463 ieee802_1x_kay_init_data_key(const struct key_conf *conf)
1465 struct data_key *pkey;
1470 pkey = os_zalloc(sizeof(*pkey));
1472 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
1476 pkey->key = os_zalloc(conf->key_len);
1477 if (pkey->key == NULL) {
1478 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
1483 os_memcpy(pkey->key, conf->key, conf->key_len);
1484 os_memcpy(&pkey->key_identifier, &conf->ki,
1485 sizeof(pkey->key_identifier));
1486 pkey->confidentiality_offset = conf->offset;
1487 pkey->an = conf->an;
1488 pkey->transmits = conf->tx;
1489 pkey->receives = conf->rx;
1490 os_get_time(&pkey->created_time);
1499 * ieee802_1x_kay_decode_dist_sak_body -
1502 ieee802_1x_mka_decode_dist_sak_body(
1503 struct ieee802_1x_mka_participant *participant,
1504 const u8 *mka_msg, size_t msg_len)
1506 struct ieee802_1x_mka_hdr *hdr;
1507 struct ieee802_1x_mka_dist_sak_body *body;
1508 struct ieee802_1x_kay_peer *peer;
1509 struct macsec_ciphersuite *cs;
1511 struct key_conf *conf;
1512 struct data_key *sa_key = NULL;
1513 struct ieee802_1x_mka_ki sak_ki;
1517 struct ieee802_1x_kay *kay = participant->kay;
1519 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1520 body_len = get_mka_param_body_len(hdr);
1521 if ((body_len != 0) && (body_len != 28) && (body_len < 36)) {
1522 wpa_printf(MSG_ERROR,
1523 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 28, 36, or more octets",
1528 if (!participant->principal) {
1529 wpa_printf(MSG_ERROR,
1530 "KaY: I can't accept the distributed SAK as I am not principal");
1533 if (participant->is_key_server) {
1534 wpa_printf(MSG_ERROR,
1535 "KaY: I can't accept the distributed SAK as myself is key server ");
1538 if (!kay->macsec_desired ||
1539 kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
1540 wpa_printf(MSG_ERROR,
1541 "KaY: I am not MACsec-desired or without MACsec capable");
1545 peer = ieee802_1x_kay_get_live_peer(participant,
1546 participant->current_peer_id.mi);
1548 wpa_printf(MSG_ERROR,
1549 "KaY: The key server is not in my live peers list");
1552 if (!sci_equal(&kay->key_server_sci, &peer->sci)) {
1553 wpa_printf(MSG_ERROR, "KaY: The key server is not elected");
1557 if (body_len == 0) {
1558 kay->authenticated = TRUE;
1559 kay->secured = FALSE;
1560 kay->failed = FALSE;
1561 participant->advised_desired = FALSE;
1562 ieee802_1x_cp_connect_authenticated(kay->cp);
1563 ieee802_1x_cp_sm_step(kay->cp);
1564 wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
1565 participant->to_use_sak = TRUE;
1569 participant->advised_desired = TRUE;
1570 kay->authenticated = FALSE;
1571 kay->secured = TRUE;
1572 kay->failed = FALSE;
1573 ieee802_1x_cp_connect_secure(kay->cp);
1574 ieee802_1x_cp_sm_step(kay->cp);
1576 body = (struct ieee802_1x_mka_dist_sak_body *)mka_msg;
1577 ieee802_1x_mka_dump_dist_sak_body(body);
1578 dl_list_for_each(sa_key, &participant->sak_list, struct data_key, list)
1580 if (os_memcmp(sa_key->key_identifier.mi,
1581 participant->current_peer_id.mi, MI_LEN) == 0 &&
1582 sa_key->key_identifier.kn == be_to_host32(body->kn)) {
1583 wpa_printf(MSG_WARNING, "KaY:The Key has installed");
1588 if (body_len == 28) {
1589 sak_len = DEFAULT_SA_KEY_LEN;
1590 wrap_sak = body->sak;
1591 kay->macsec_csindex = DEFAULT_CS_INDEX;
1593 cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
1595 wpa_printf(MSG_ERROR,
1596 "KaY: I can't support the Cipher Suite advised by key server");
1599 sak_len = cs->sak_len;
1600 wrap_sak = body->sak + CS_ID_LEN;
1601 kay->macsec_csindex = cs->index;
1604 unwrap_sak = os_zalloc(sak_len);
1606 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1609 if (aes_unwrap(participant->kek.key, 16, sak_len >> 3, wrap_sak,
1611 wpa_printf(MSG_ERROR, "KaY: AES unwrap failed");
1612 os_free(unwrap_sak);
1615 wpa_hexdump(MSG_DEBUG, "\tAES Key Unwrap of SAK:", unwrap_sak, sak_len);
1617 conf = os_zalloc(sizeof(*conf));
1619 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1620 os_free(unwrap_sak);
1623 conf->key_len = sak_len;
1625 conf->key = os_zalloc(conf->key_len);
1627 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1628 os_free(unwrap_sak);
1633 os_memcpy(conf->key, unwrap_sak, conf->key_len);
1635 os_memcpy(&sak_ki.mi, &participant->current_peer_id.mi,
1637 sak_ki.kn = be_to_host32(body->kn);
1639 os_memcpy(conf->ki.mi, sak_ki.mi, MI_LEN);
1640 conf->ki.kn = sak_ki.kn;
1641 conf->an = body->dan;
1642 conf->offset = body->confid_offset;
1646 sa_key = ieee802_1x_kay_init_data_key(conf);
1648 os_free(unwrap_sak);
1654 dl_list_add(&participant->sak_list, &sa_key->list);
1656 ieee802_1x_cp_set_ciphersuite(kay->cp,
1657 cipher_suite_tbl[kay->macsec_csindex].id);
1658 ieee802_1x_cp_sm_step(kay->cp);
1659 ieee802_1x_cp_set_offset(kay->cp, body->confid_offset);
1660 ieee802_1x_cp_sm_step(kay->cp);
1661 ieee802_1x_cp_set_distributedki(kay->cp, &sak_ki);
1662 ieee802_1x_cp_set_distributedan(kay->cp, body->dan);
1663 ieee802_1x_cp_signal_newsak(kay->cp);
1664 ieee802_1x_cp_sm_step(kay->cp);
1666 participant->to_use_sak = TRUE;
1668 os_free(unwrap_sak);
1677 * ieee802_1x_mka_icv_body_present
1680 ieee802_1x_mka_icv_body_present(struct ieee802_1x_mka_participant *participant)
1687 * ieee802_1x_kay_get_icv_length
1690 ieee802_1x_mka_get_icv_length(struct ieee802_1x_mka_participant *participant)
1694 length = sizeof(struct ieee802_1x_mka_icv_body);
1695 length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
1697 return MKA_ALIGN_LENGTH(length);
1702 * ieee802_1x_mka_encode_icv_body -
1705 ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
1708 struct ieee802_1x_mka_icv_body *body;
1709 unsigned int length;
1710 u8 cmac[MAX_ICV_LEN];
1712 length = ieee802_1x_mka_get_icv_length(participant);
1713 if (length != DEFAULT_ICV_LEN) {
1714 body = wpabuf_put(buf, MKA_HDR_LEN);
1715 body->type = MKA_ICV_INDICATOR;
1716 set_mka_param_body_len(body, length - MKA_HDR_LEN);
1719 if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
1720 participant->ick.key, wpabuf_head(buf), buf->used, cmac)) {
1721 wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
1725 if (length != DEFAULT_ICV_LEN)
1726 length -= MKA_HDR_LEN;
1727 os_memcpy(wpabuf_put(buf, length), cmac, length);
1733 * ieee802_1x_mka_decode_icv_body -
1736 ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
1737 const u8 *mka_msg, size_t msg_len)
1739 struct ieee802_1x_mka_hdr *hdr;
1740 struct ieee802_1x_mka_icv_body *body;
1748 while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
1749 hdr = (struct ieee802_1x_mka_hdr *) pos;
1750 body_len = get_mka_param_body_len(hdr);
1751 body_type = get_mka_param_body_type(hdr);
1753 if (left_len < (body_len + MKA_HDR_LEN))
1756 if (body_type != MKA_ICV_INDICATOR) {
1757 left_len -= MKA_HDR_LEN + body_len;
1758 pos += MKA_HDR_LEN + body_len;
1762 body = (struct ieee802_1x_mka_icv_body *)pos;
1764 < mka_alg_tbl[participant->kay->mka_algindex].icv_len) {
1771 return (u8 *) (mka_msg + msg_len - DEFAULT_ICV_LEN);
1776 * ieee802_1x_mka_decode_dist_cak_body-
1779 ieee802_1x_mka_decode_dist_cak_body(
1780 struct ieee802_1x_mka_participant *participant,
1781 const u8 *mka_msg, size_t msg_len)
1783 struct ieee802_1x_mka_hdr *hdr;
1786 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1787 body_len = get_mka_param_body_len(hdr);
1788 if (body_len < 28) {
1789 wpa_printf(MSG_ERROR,
1790 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 28 or more octets",
1800 * ieee802_1x_mka_decode_kmd_body -
1803 ieee802_1x_mka_decode_kmd_body(
1804 struct ieee802_1x_mka_participant *participant,
1805 const u8 *mka_msg, size_t msg_len)
1807 struct ieee802_1x_mka_hdr *hdr;
1810 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1811 body_len = get_mka_param_body_len(hdr);
1813 wpa_printf(MSG_ERROR,
1814 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 5 or more octets",
1824 * ieee802_1x_mka_decode_announce_body -
1826 static int ieee802_1x_mka_decode_announce_body(
1827 struct ieee802_1x_mka_participant *participant,
1828 const u8 *mka_msg, size_t msg_len)
1834 struct mka_param_body_handler {
1835 int (*body_tx)(struct ieee802_1x_mka_participant *participant,
1836 struct wpabuf *buf);
1837 int (*body_rx)(struct ieee802_1x_mka_participant *participant,
1838 const u8 *mka_msg, size_t msg_len);
1839 int (*body_length)(struct ieee802_1x_mka_participant *participant);
1840 Boolean (*body_present)(struct ieee802_1x_mka_participant *participant);
1844 static struct mka_param_body_handler mka_body_handler[] = {
1845 /* basic parameter set */
1847 .body_tx = ieee802_1x_mka_encode_basic_body,
1849 .body_length = ieee802_1x_mka_basic_body_length,
1850 .body_present = ieee802_1x_mka_basic_body_present
1853 /* live peer list parameter set */
1855 .body_tx = ieee802_1x_mka_encode_live_peer_body,
1856 .body_rx = ieee802_1x_mka_decode_live_peer_body,
1857 .body_length = ieee802_1x_mka_get_live_peer_length,
1858 .body_present = ieee802_1x_mka_live_peer_body_present
1861 /* potential peer list parameter set */
1863 .body_tx = ieee802_1x_mka_encode_potential_peer_body,
1864 .body_rx = ieee802_1x_mka_decode_potential_peer_body,
1865 .body_length = ieee802_1x_mka_get_potential_peer_length,
1866 .body_present = ieee802_1x_mka_potential_peer_body_present
1869 /* sak use parameter set */
1871 .body_tx = ieee802_1x_mka_encode_sak_use_body,
1872 .body_rx = ieee802_1x_mka_decode_sak_use_body,
1873 .body_length = ieee802_1x_mka_get_sak_use_length,
1874 .body_present = ieee802_1x_mka_sak_use_body_present
1877 /* distribute sak parameter set */
1879 .body_tx = ieee802_1x_mka_encode_dist_sak_body,
1880 .body_rx = ieee802_1x_mka_decode_dist_sak_body,
1881 .body_length = ieee802_1x_mka_get_dist_sak_length,
1882 .body_present = ieee802_1x_mka_dist_sak_body_present
1885 /* distribute cak parameter set */
1888 .body_rx = ieee802_1x_mka_decode_dist_cak_body,
1889 .body_length = NULL,
1890 .body_present = NULL
1893 /* kmd parameter set */
1896 .body_rx = ieee802_1x_mka_decode_kmd_body,
1897 .body_length = NULL,
1898 .body_present = NULL
1901 /* announce parameter set */
1904 .body_rx = ieee802_1x_mka_decode_announce_body,
1905 .body_length = NULL,
1906 .body_present = NULL
1909 /* icv parameter set */
1911 .body_tx = ieee802_1x_mka_encode_icv_body,
1913 .body_length = ieee802_1x_mka_get_icv_length,
1914 .body_present = ieee802_1x_mka_icv_body_present
1920 * ieee802_1x_kay_deinit_data_key -
1922 static void ieee802_1x_kay_deinit_data_key(struct data_key *pkey)
1931 dl_list_del(&pkey->list);
1938 * ieee802_1x_kay_generate_new_sak -
1941 ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
1943 struct data_key *sa_key = NULL;
1944 struct key_conf *conf;
1945 struct ieee802_1x_kay_peer *peer;
1946 struct ieee802_1x_kay *kay = participant->kay;
1947 int ctx_len, ctx_offset;
1950 /* check condition for generating a fresh SAK:
1951 * must have one live peer
1952 * and MKA life time elapse since last distribution
1953 * or potential peer is empty
1955 if (dl_list_empty(&participant->live_peers)) {
1956 wpa_printf(MSG_ERROR,
1957 "KaY: Live peers list must not empty when generating fresh SAK");
1961 /* FIXME: A fresh SAK not generated until
1962 * the live peer list contains at least one peer and
1963 * MKA life time has elapsed since the prior SAK was first distributed,
1964 * or the Key server's potential peer is empty
1965 * but I can't understand the second item, so
1966 * here only check first item and ingore
1967 * && (!dl_list_empty(&participant->potential_peers))) {
1969 if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
1970 wpa_printf(MSG_ERROR,
1971 "KaY: Life time have not elapsed since prior SAK distributed");
1975 conf = os_zalloc(sizeof(*conf));
1977 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1980 conf->key_len = cipher_suite_tbl[kay->macsec_csindex].sak_len;
1982 conf->key = os_zalloc(conf->key_len);
1985 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1989 ctx_len = conf->key_len + sizeof(kay->dist_kn);
1990 dl_list_for_each(peer, &participant->live_peers,
1991 struct ieee802_1x_kay_peer, list)
1992 ctx_len += sizeof(peer->mi);
1993 ctx_len += sizeof(participant->mi);
1995 context = os_zalloc(ctx_len);
2002 if (os_get_random(context + ctx_offset, conf->key_len) < 0) {
2008 ctx_offset += conf->key_len;
2009 dl_list_for_each(peer, &participant->live_peers,
2010 struct ieee802_1x_kay_peer, list) {
2011 os_memcpy(context + ctx_offset, peer->mi, sizeof(peer->mi));
2012 ctx_offset += sizeof(peer->mi);
2014 os_memcpy(context + ctx_offset, participant->mi,
2015 sizeof(participant->mi));
2016 ctx_offset += sizeof(participant->mi);
2017 os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
2019 if (conf->key_len == 16) {
2020 ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
2021 context, ctx_len, conf->key);
2022 } else if (conf->key_len == 32) {
2023 ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
2024 context, ctx_len, conf->key);
2026 wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
2032 wpa_hexdump(MSG_DEBUG, "KaY: generated new SAK",
2033 conf->key, conf->key_len);
2035 os_memcpy(conf->ki.mi, participant->mi, MI_LEN);
2036 conf->ki.kn = kay->dist_kn;
2037 conf->an = kay->dist_an;
2038 conf->offset = kay->macsec_confidentiality;
2042 sa_key = ieee802_1x_kay_init_data_key(conf);
2049 participant->new_key = sa_key;
2051 dl_list_add(&participant->sak_list, &sa_key->list);
2052 ieee802_1x_cp_set_ciphersuite(kay->cp,
2053 cipher_suite_tbl[kay->macsec_csindex].id);
2054 ieee802_1x_cp_sm_step(kay->cp);
2055 ieee802_1x_cp_set_offset(kay->cp, conf->offset);
2056 ieee802_1x_cp_sm_step(kay->cp);
2057 ieee802_1x_cp_set_distributedki(kay->cp, &conf->ki);
2058 ieee802_1x_cp_set_distributedan(kay->cp, conf->an);
2059 ieee802_1x_cp_signal_newsak(kay->cp);
2060 ieee802_1x_cp_sm_step(kay->cp);
2062 dl_list_for_each(peer, &participant->live_peers,
2063 struct ieee802_1x_kay_peer, list)
2064 peer->sak_used = FALSE;
2068 if (kay->dist_an > 3)
2071 kay->dist_time = time(NULL);
2080 static int compare_priorities(const struct ieee802_1x_kay_peer *peer,
2081 const struct ieee802_1x_kay_peer *other)
2083 if (peer->key_server_priority < other->key_server_priority)
2085 if (other->key_server_priority < peer->key_server_priority)
2088 return os_memcmp(peer->sci.addr, other->sci.addr, ETH_ALEN);
2093 * ieee802_1x_kay_elect_key_server - elect the key server
2094 * when to elect: whenever the live peers list changes
2097 ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
2099 struct ieee802_1x_kay_peer *peer;
2100 struct ieee802_1x_kay_peer *key_server = NULL;
2101 struct ieee802_1x_kay *kay = participant->kay;
2102 Boolean i_is_key_server;
2104 if (participant->is_obliged_key_server) {
2105 participant->new_sak = TRUE;
2106 participant->to_dist_sak = FALSE;
2107 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2111 /* elect the key server among the peers */
2112 dl_list_for_each(peer, &participant->live_peers,
2113 struct ieee802_1x_kay_peer, list) {
2114 if (!peer->is_key_server)
2122 if (compare_priorities(peer, key_server) < 0)
2126 /* elect the key server between me and the above elected peer */
2127 i_is_key_server = FALSE;
2128 if (key_server && participant->can_be_key_server) {
2129 struct ieee802_1x_kay_peer tmp;
2131 tmp.key_server_priority = kay->actor_priority;
2132 os_memcpy(&tmp.sci, &kay->actor_sci, sizeof(tmp.sci));
2133 if (compare_priorities(&tmp, key_server) < 0)
2134 i_is_key_server = TRUE;
2135 } else if (participant->can_be_key_server) {
2136 i_is_key_server = TRUE;
2139 if (i_is_key_server) {
2140 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2141 if (!sci_equal(&kay->key_server_sci, &kay->actor_sci)) {
2142 ieee802_1x_cp_signal_chgdserver(kay->cp);
2143 ieee802_1x_cp_sm_step(kay->cp);
2146 participant->is_key_server = TRUE;
2147 participant->principal = TRUE;
2148 participant->new_sak = TRUE;
2149 wpa_printf(MSG_DEBUG, "KaY: I is elected as key server");
2150 participant->to_dist_sak = FALSE;
2151 participant->is_elected = TRUE;
2153 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
2154 sizeof(kay->key_server_sci));
2155 kay->key_server_priority = kay->actor_priority;
2156 } else if (key_server) {
2157 ieee802_1x_cp_set_electedself(kay->cp, FALSE);
2158 if (!sci_equal(&kay->key_server_sci, &key_server->sci)) {
2159 ieee802_1x_cp_signal_chgdserver(kay->cp);
2160 ieee802_1x_cp_sm_step(kay->cp);
2163 participant->is_key_server = FALSE;
2164 participant->principal = TRUE;
2165 participant->is_elected = TRUE;
2167 os_memcpy(&kay->key_server_sci, &key_server->sci,
2168 sizeof(kay->key_server_sci));
2169 kay->key_server_priority = key_server->key_server_priority;
2171 participant->principal = FALSE;
2172 participant->is_key_server = FALSE;
2173 participant->is_elected = FALSE;
2181 * ieee802_1x_kay_decide_macsec_use - the key server determinate
2182 * how to use MACsec: whether use MACsec and its capability
2183 * protectFrames will be advised if the key server and one of its live peers are
2184 * MACsec capable and one of those request MACsec protection
2187 ieee802_1x_kay_decide_macsec_use(
2188 struct ieee802_1x_mka_participant *participant)
2190 struct ieee802_1x_kay *kay = participant->kay;
2191 struct ieee802_1x_kay_peer *peer;
2192 enum macsec_cap less_capability;
2195 if (!participant->is_key_server)
2198 /* key server self is MACsec-desired and requesting MACsec */
2199 if (!kay->macsec_desired) {
2200 participant->advised_desired = FALSE;
2203 if (kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
2204 participant->advised_desired = FALSE;
2207 less_capability = kay->macsec_capable;
2209 /* at least one of peers is MACsec-desired and requesting MACsec */
2211 dl_list_for_each(peer, &participant->live_peers,
2212 struct ieee802_1x_kay_peer, list) {
2213 if (!peer->macsec_desired)
2216 if (peer->macsec_capability == MACSEC_CAP_NOT_IMPLEMENTED)
2219 less_capability = (less_capability < peer->macsec_capability) ?
2220 less_capability : peer->macsec_capability;
2225 participant->advised_desired = TRUE;
2226 participant->advised_capability = less_capability;
2227 kay->authenticated = FALSE;
2228 kay->secured = TRUE;
2229 kay->failed = FALSE;
2230 ieee802_1x_cp_connect_secure(kay->cp);
2231 ieee802_1x_cp_sm_step(kay->cp);
2233 participant->advised_desired = FALSE;
2234 participant->advised_capability = MACSEC_CAP_NOT_IMPLEMENTED;
2235 participant->to_use_sak = FALSE;
2236 kay->authenticated = TRUE;
2237 kay->secured = FALSE;
2238 kay->failed = FALSE;
2247 ieee802_1x_cp_connect_authenticated(kay->cp);
2248 ieee802_1x_cp_sm_step(kay->cp);
2254 static const u8 pae_group_addr[ETH_ALEN] = {
2255 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03
2260 * ieee802_1x_kay_encode_mkpdu -
2263 ieee802_1x_kay_encode_mkpdu(struct ieee802_1x_mka_participant *participant,
2264 struct wpabuf *pbuf)
2267 struct ieee8023_hdr *ether_hdr;
2268 struct ieee802_1x_hdr *eapol_hdr;
2270 ether_hdr = wpabuf_put(pbuf, sizeof(*ether_hdr));
2271 os_memcpy(ether_hdr->dest, pae_group_addr, sizeof(ether_hdr->dest));
2272 os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr,
2273 sizeof(ether_hdr->dest));
2274 ether_hdr->ethertype = host_to_be16(ETH_P_EAPOL);
2276 eapol_hdr = wpabuf_put(pbuf, sizeof(*eapol_hdr));
2277 eapol_hdr->version = EAPOL_VERSION;
2278 eapol_hdr->type = IEEE802_1X_TYPE_EAPOL_MKA;
2279 eapol_hdr->length = host_to_be16(pbuf->size - pbuf->used);
2281 for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) {
2282 if (mka_body_handler[i].body_present &&
2283 mka_body_handler[i].body_present(participant)) {
2284 if (mka_body_handler[i].body_tx(participant, pbuf))
2293 * ieee802_1x_participant_send_mkpdu -
2296 ieee802_1x_participant_send_mkpdu(
2297 struct ieee802_1x_mka_participant *participant)
2300 struct ieee802_1x_kay *kay = participant->kay;
2304 wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU");
2305 length += sizeof(struct ieee802_1x_hdr) + sizeof(struct ieee8023_hdr);
2306 for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) {
2307 if (mka_body_handler[i].body_present &&
2308 mka_body_handler[i].body_present(participant))
2309 length += mka_body_handler[i].body_length(participant);
2312 buf = wpabuf_alloc(length);
2314 wpa_printf(MSG_ERROR, "KaY: out of memory");
2318 if (ieee802_1x_kay_encode_mkpdu(participant, buf)) {
2319 wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail!");
2323 l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf));
2327 participant->active = TRUE;
2333 static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa);
2335 * ieee802_1x_participant_timer -
2337 static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
2339 struct ieee802_1x_mka_participant *participant;
2340 struct ieee802_1x_kay *kay;
2341 struct ieee802_1x_kay_peer *peer, *pre_peer;
2342 time_t now = time(NULL);
2344 struct receive_sc *rxsc, *pre_rxsc;
2345 struct transmit_sa *txsa, *pre_txsa;
2347 participant = (struct ieee802_1x_mka_participant *)eloop_ctx;
2348 kay = participant->kay;
2349 if (participant->cak_life) {
2350 if (now > participant->cak_life)
2354 /* should delete MKA instance if there are not live peers
2355 * when the MKA life elapsed since its creating */
2356 if (participant->mka_life) {
2357 if (dl_list_empty(&participant->live_peers)) {
2358 if (now > participant->mka_life)
2361 participant->mka_life = 0;
2366 dl_list_for_each_safe(peer, pre_peer, &participant->live_peers,
2367 struct ieee802_1x_kay_peer, list) {
2368 if (now > peer->expire) {
2369 wpa_printf(MSG_DEBUG, "KaY: Live peer removed");
2370 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
2372 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
2373 dl_list_for_each_safe(rxsc, pre_rxsc,
2374 &participant->rxsc_list,
2375 struct receive_sc, list) {
2376 if (sci_equal(&rxsc->sci, &peer->sci)) {
2377 secy_delete_receive_sc(kay, rxsc);
2378 ieee802_1x_kay_deinit_receive_sc(
2382 dl_list_del(&peer->list);
2389 if (dl_list_empty(&participant->live_peers)) {
2390 participant->advised_desired = FALSE;
2391 participant->advised_capability =
2392 MACSEC_CAP_NOT_IMPLEMENTED;
2393 participant->to_use_sak = FALSE;
2394 kay->authenticated = TRUE;
2395 kay->secured = FALSE;
2396 kay->failed = FALSE;
2405 dl_list_for_each_safe(txsa, pre_txsa,
2406 &participant->txsc->sa_list,
2407 struct transmit_sa, list) {
2408 secy_disable_transmit_sa(kay, txsa);
2409 ieee802_1x_kay_deinit_transmit_sa(txsa);
2412 ieee802_1x_cp_connect_authenticated(kay->cp);
2413 ieee802_1x_cp_sm_step(kay->cp);
2415 ieee802_1x_kay_elect_key_server(participant);
2416 ieee802_1x_kay_decide_macsec_use(participant);
2420 dl_list_for_each_safe(peer, pre_peer, &participant->potential_peers,
2421 struct ieee802_1x_kay_peer, list) {
2422 if (now > peer->expire) {
2423 wpa_printf(MSG_DEBUG, "KaY: Potential peer removed");
2424 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
2426 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
2427 dl_list_del(&peer->list);
2432 if (participant->new_sak) {
2433 if (!ieee802_1x_kay_generate_new_sak(participant))
2434 participant->to_dist_sak = TRUE;
2436 participant->new_sak = FALSE;
2439 if (participant->retry_count < MAX_RETRY_CNT) {
2440 ieee802_1x_participant_send_mkpdu(participant);
2441 participant->retry_count++;
2444 eloop_register_timeout(MKA_HELLO_TIME / 1000, 0,
2445 ieee802_1x_participant_timer,
2451 kay->authenticated = FALSE;
2452 kay->secured = FALSE;
2454 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
2459 * ieee802_1x_kay_init_transmit_sa -
2461 static struct transmit_sa *
2462 ieee802_1x_kay_init_transmit_sa(struct transmit_sc *psc, u8 an, u32 next_PN,
2463 struct data_key *key)
2465 struct transmit_sa *psa;
2467 key->tx_latest = TRUE;
2468 key->rx_latest = TRUE;
2470 psa = os_zalloc(sizeof(*psa));
2472 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
2476 if (key->confidentiality_offset >= CONFIDENTIALITY_OFFSET_0 &&
2477 key->confidentiality_offset <= CONFIDENTIALITY_OFFSET_50)
2478 psa->confidentiality = TRUE;
2480 psa->confidentiality = FALSE;
2484 psa->next_pn = next_PN;
2487 os_get_time(&psa->created_time);
2488 psa->in_use = FALSE;
2490 dl_list_add(&psc->sa_list, &psa->list);
2491 wpa_printf(MSG_DEBUG,
2492 "KaY: Create transmit SA(an: %hhu, next_PN: %u) of SC(channel: %d)",
2493 an, next_PN, psc->channel);
2500 * ieee802_1x_kay_deinit_transmit_sa -
2502 static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa)
2505 wpa_printf(MSG_DEBUG,
2506 "KaY: Delete transmit SA(an: %hhu) of SC",
2508 dl_list_del(&psa->list);
2514 * init_transmit_sc -
2516 static struct transmit_sc *
2517 ieee802_1x_kay_init_transmit_sc(const struct ieee802_1x_mka_sci *sci,
2520 struct transmit_sc *psc;
2522 psc = os_zalloc(sizeof(*psc));
2524 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
2527 os_memcpy(&psc->sci, sci, sizeof(psc->sci));
2528 psc->channel = channel;
2530 os_get_time(&psc->created_time);
2531 psc->transmitting = FALSE;
2532 psc->encoding_sa = FALSE;
2533 psc->enciphering_sa = FALSE;
2535 dl_list_init(&psc->sa_list);
2536 wpa_printf(MSG_DEBUG, "KaY: Create transmit SC(channel: %d)", channel);
2537 wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)sci , sizeof(*sci));
2544 * ieee802_1x_kay_deinit_transmit_sc -
2547 ieee802_1x_kay_deinit_transmit_sc(
2548 struct ieee802_1x_mka_participant *participant, struct transmit_sc *psc)
2550 struct transmit_sa *psa, *tmp;
2552 wpa_printf(MSG_DEBUG, "KaY: Delete transmit SC(channel: %d)",
2554 dl_list_for_each_safe(psa, tmp, &psc->sa_list, struct transmit_sa,
2556 secy_disable_transmit_sa(participant->kay, psa);
2557 ieee802_1x_kay_deinit_transmit_sa(psa);
2564 /****************** Interface between CP and KAY *********************/
2566 * ieee802_1x_kay_set_latest_sa_attr -
2568 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
2569 struct ieee802_1x_mka_ki *lki, u8 lan,
2570 Boolean ltx, Boolean lrx)
2572 struct ieee802_1x_mka_participant *principal;
2574 principal = ieee802_1x_kay_get_principal_participant(kay);
2579 os_memset(&principal->lki, 0, sizeof(principal->lki));
2581 os_memcpy(&principal->lki, lki, sizeof(principal->lki));
2583 principal->lan = lan;
2584 principal->ltx = ltx;
2585 principal->lrx = lrx;
2590 kay->ltx_kn = lki->kn;
2591 kay->lrx_kn = lki->kn;
2601 * ieee802_1x_kay_set_old_sa_attr -
2603 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
2604 struct ieee802_1x_mka_ki *oki,
2605 u8 oan, Boolean otx, Boolean orx)
2607 struct ieee802_1x_mka_participant *principal;
2609 principal = ieee802_1x_kay_get_principal_participant(kay);
2614 os_memset(&principal->oki, 0, sizeof(principal->oki));
2616 os_memcpy(&principal->oki, oki, sizeof(principal->oki));
2618 principal->oan = oan;
2619 principal->otx = otx;
2620 principal->orx = orx;
2626 kay->otx_kn = oki->kn;
2627 kay->orx_kn = oki->kn;
2637 * ieee802_1x_kay_create_sas -
2639 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
2640 struct ieee802_1x_mka_ki *lki)
2642 struct data_key *sa_key, *latest_sak;
2643 struct ieee802_1x_mka_participant *principal;
2644 struct receive_sc *rxsc;
2645 struct receive_sa *rxsa;
2646 struct transmit_sa *txsa;
2648 principal = ieee802_1x_kay_get_principal_participant(kay);
2653 dl_list_for_each(sa_key, &principal->sak_list, struct data_key, list) {
2654 if (is_ki_equal(&sa_key->key_identifier, lki)) {
2655 sa_key->rx_latest = TRUE;
2656 sa_key->tx_latest = TRUE;
2657 latest_sak = sa_key;
2658 principal->to_use_sak = TRUE;
2660 sa_key->rx_latest = FALSE;
2661 sa_key->tx_latest = FALSE;
2665 wpa_printf(MSG_ERROR, "lki related sak not found");
2669 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2670 rxsa = ieee802_1x_kay_init_receive_sa(rxsc, latest_sak->an, 1,
2675 secy_create_receive_sa(kay, rxsa);
2678 txsa = ieee802_1x_kay_init_transmit_sa(principal->txsc, latest_sak->an,
2683 secy_create_transmit_sa(kay, txsa);
2692 * ieee802_1x_kay_delete_sas -
2694 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
2695 struct ieee802_1x_mka_ki *ki)
2697 struct data_key *sa_key, *pre_key;
2698 struct transmit_sa *txsa, *pre_txsa;
2699 struct receive_sa *rxsa, *pre_rxsa;
2700 struct receive_sc *rxsc;
2701 struct ieee802_1x_mka_participant *principal;
2703 wpa_printf(MSG_DEBUG, "KaY: Entry into %s", __func__);
2704 principal = ieee802_1x_kay_get_principal_participant(kay);
2708 /* remove the transmit sa */
2709 dl_list_for_each_safe(txsa, pre_txsa, &principal->txsc->sa_list,
2710 struct transmit_sa, list) {
2711 if (is_ki_equal(&txsa->pkey->key_identifier, ki)) {
2712 secy_disable_transmit_sa(kay, txsa);
2713 ieee802_1x_kay_deinit_transmit_sa(txsa);
2717 /* remove the receive sa */
2718 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2719 dl_list_for_each_safe(rxsa, pre_rxsa, &rxsc->sa_list,
2720 struct receive_sa, list) {
2721 if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
2722 secy_disable_receive_sa(kay, rxsa);
2723 ieee802_1x_kay_deinit_receive_sa(rxsa);
2728 /* remove the sak */
2729 dl_list_for_each_safe(sa_key, pre_key, &principal->sak_list,
2730 struct data_key, list) {
2731 if (is_ki_equal(&sa_key->key_identifier, ki)) {
2732 ieee802_1x_kay_deinit_data_key(sa_key);
2735 if (principal->new_key == sa_key)
2736 principal->new_key = NULL;
2744 * ieee802_1x_kay_enable_tx_sas -
2746 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
2747 struct ieee802_1x_mka_ki *lki)
2749 struct ieee802_1x_mka_participant *principal;
2750 struct transmit_sa *txsa;
2752 principal = ieee802_1x_kay_get_principal_participant(kay);
2756 dl_list_for_each(txsa, &principal->txsc->sa_list, struct transmit_sa,
2758 if (is_ki_equal(&txsa->pkey->key_identifier, lki)) {
2759 txsa->in_use = TRUE;
2760 secy_enable_transmit_sa(kay, txsa);
2761 ieee802_1x_cp_set_usingtransmitas(
2762 principal->kay->cp, TRUE);
2763 ieee802_1x_cp_sm_step(principal->kay->cp);
2772 * ieee802_1x_kay_enable_rx_sas -
2774 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
2775 struct ieee802_1x_mka_ki *lki)
2777 struct ieee802_1x_mka_participant *principal;
2778 struct receive_sa *rxsa;
2779 struct receive_sc *rxsc;
2781 principal = ieee802_1x_kay_get_principal_participant(kay);
2785 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2786 dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
2788 if (is_ki_equal(&rxsa->pkey->key_identifier, lki)) {
2789 rxsa->in_use = TRUE;
2790 secy_enable_receive_sa(kay, rxsa);
2791 ieee802_1x_cp_set_usingreceivesas(
2792 principal->kay->cp, TRUE);
2793 ieee802_1x_cp_sm_step(principal->kay->cp);
2803 * ieee802_1x_kay_enable_new_info -
2805 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
2807 struct ieee802_1x_mka_participant *principal;
2809 principal = ieee802_1x_kay_get_principal_participant(kay);
2813 if (principal->retry_count < MAX_RETRY_CNT) {
2814 ieee802_1x_participant_send_mkpdu(principal);
2815 principal->retry_count++;
2823 * ieee802_1x_kay_cp_conf -
2825 int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay,
2826 struct ieee802_1x_cp_conf *pconf)
2828 pconf->protect = kay->macsec_protect;
2829 pconf->replay_protect = kay->macsec_replay_protect;
2830 pconf->validate = kay->macsec_validate;
2837 * ieee802_1x_kay_alloc_cp_sm -
2839 static struct ieee802_1x_cp_sm *
2840 ieee802_1x_kay_alloc_cp_sm(struct ieee802_1x_kay *kay)
2842 struct ieee802_1x_cp_conf conf;
2844 os_memset(&conf, 0, sizeof(conf));
2845 conf.protect = kay->macsec_protect;
2846 conf.replay_protect = kay->macsec_replay_protect;
2847 conf.validate = kay->macsec_validate;
2848 conf.replay_window = kay->macsec_replay_window;
2850 return ieee802_1x_cp_sm_init(kay, &conf);
2855 * ieee802_1x_kay_mkpdu_sanity_check -
2856 * sanity check specified in clause 11.11.2 of IEEE802.1X-2010
2858 static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
2859 const u8 *buf, size_t len)
2861 struct ieee8023_hdr *eth_hdr;
2862 struct ieee802_1x_hdr *eapol_hdr;
2863 struct ieee802_1x_mka_hdr *mka_hdr;
2864 struct ieee802_1x_mka_basic_body *body;
2866 struct ieee802_1x_mka_participant *participant;
2868 u8 icv[MAX_ICV_LEN];
2871 eth_hdr = (struct ieee8023_hdr *) buf;
2872 eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
2873 mka_hdr = (struct ieee802_1x_mka_hdr *) (eapol_hdr + 1);
2875 /* destination address should be not individual address */
2876 if (os_memcmp(eth_hdr->dest, pae_group_addr, ETH_ALEN) != 0) {
2877 wpa_printf(MSG_MSGDUMP,
2878 "KaY: ethernet destination address is not PAE group address");
2882 /* MKPDU should not be less than 32 octets */
2883 mka_msg_len = be_to_host16(eapol_hdr->length);
2884 if (mka_msg_len < 32) {
2885 wpa_printf(MSG_MSGDUMP, "KaY: MKPDU is less than 32 octets");
2888 /* MKPDU should be a multiple of 4 octets */
2889 if ((mka_msg_len % 4) != 0) {
2890 wpa_printf(MSG_MSGDUMP,
2891 "KaY: MKPDU is not multiple of 4 octets");
2895 body = (struct ieee802_1x_mka_basic_body *) mka_hdr;
2896 ieee802_1x_mka_dump_basic_body(body);
2897 body_len = get_mka_param_body_len(body);
2898 /* EAPOL-MKA body should comprise basic parameter set and ICV */
2899 if (mka_msg_len < MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN) {
2900 wpa_printf(MSG_ERROR,
2901 "KaY: Received EAPOL-MKA Packet Body Length (%zu bytes) is less than the Basic Parameter Set Header Length (%zu bytes) + the Basic Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
2902 mka_msg_len, MKA_HDR_LEN,
2903 body_len, DEFAULT_ICV_LEN);
2907 /* CKN should be owned by I */
2908 participant = ieee802_1x_kay_get_participant(kay, body->ckn);
2910 wpa_printf(MSG_DEBUG, "CKN is not included in my CA");
2914 /* algorithm agility check */
2915 if (os_memcmp(body->algo_agility, mka_algo_agility,
2916 sizeof(body->algo_agility)) != 0) {
2917 wpa_printf(MSG_ERROR,
2918 "KaY: peer's algorithm agility not supported for me");
2924 * The ICV will comprise the final octets of the packet body, whatever
2925 * its size, not the fixed length 16 octets, indicated by the EAPOL
2926 * packet body length.
2928 if (mka_alg_tbl[kay->mka_algindex].icv_hash(
2929 participant->ick.key,
2930 buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
2931 wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
2935 msg_icv = ieee802_1x_mka_decode_icv_body(participant, (u8 *) mka_hdr,
2938 wpa_printf(MSG_ERROR, "KaY: No ICV");
2941 if (os_memcmp_const(msg_icv, icv,
2942 mka_alg_tbl[kay->mka_algindex].icv_len) != 0) {
2943 wpa_printf(MSG_ERROR,
2944 "KaY: Computed ICV is not equal to Received ICV");
2953 * ieee802_1x_kay_decode_mkpdu -
2955 static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
2956 const u8 *buf, size_t len)
2958 struct ieee802_1x_mka_participant *participant;
2959 struct ieee802_1x_mka_hdr *hdr;
2965 Boolean handled[256];
2967 if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len))
2970 /* handle basic parameter set */
2971 pos = buf + sizeof(struct ieee8023_hdr) + sizeof(struct ieee802_1x_hdr);
2972 left_len = len - sizeof(struct ieee8023_hdr) -
2973 sizeof(struct ieee802_1x_hdr);
2974 participant = ieee802_1x_mka_decode_basic_body(kay, pos, left_len);
2978 /* to skip basic parameter set */
2979 hdr = (struct ieee802_1x_mka_hdr *) pos;
2980 body_len = get_mka_param_body_len(hdr);
2981 pos += body_len + MKA_HDR_LEN;
2982 left_len -= body_len + MKA_HDR_LEN;
2984 /* check i am in the peer's peer list */
2985 if (ieee802_1x_mka_i_in_peerlist(participant, pos, left_len) &&
2986 !ieee802_1x_kay_is_in_live_peer(participant,
2987 participant->current_peer_id.mi)) {
2988 /* accept the peer as live peer */
2989 if (ieee802_1x_kay_is_in_potential_peer(
2990 participant, participant->current_peer_id.mi)) {
2991 if (!ieee802_1x_kay_move_live_peer(
2993 participant->current_peer_id.mi,
2994 be_to_host32(participant->
2995 current_peer_id.mn)))
2997 } else if (!ieee802_1x_kay_create_live_peer(
2998 participant, participant->current_peer_id.mi,
2999 be_to_host32(participant->
3000 current_peer_id.mn))) {
3004 ieee802_1x_kay_elect_key_server(participant);
3005 ieee802_1x_kay_decide_macsec_use(participant);
3009 * Handle other parameter set than basic parameter set.
3010 * Each parameter set should be present only once.
3012 for (i = 0; i < 256; i++)
3016 for (; left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
3017 pos += body_len + MKA_HDR_LEN,
3018 left_len -= body_len + MKA_HDR_LEN) {
3019 hdr = (struct ieee802_1x_mka_hdr *) pos;
3020 body_len = get_mka_param_body_len(hdr);
3021 body_type = get_mka_param_body_type(hdr);
3023 if (body_type == MKA_ICV_INDICATOR)
3026 if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
3027 wpa_printf(MSG_ERROR,
3028 "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
3029 left_len, MKA_HDR_LEN,
3030 body_len, DEFAULT_ICV_LEN);
3034 if (handled[body_type])
3037 handled[body_type] = TRUE;
3038 if (body_type < ARRAY_SIZE(mka_body_handler) &&
3039 mka_body_handler[body_type].body_rx) {
3040 mka_body_handler[body_type].body_rx
3041 (participant, pos, left_len);
3043 wpa_printf(MSG_ERROR,
3044 "The type %d is not supported in this MKA version %d",
3045 body_type, MKA_VERSION_ID);
3050 participant->retry_count = 0;
3051 participant->active = TRUE;
3058 static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
3061 struct ieee802_1x_kay *kay = ctx;
3062 struct ieee8023_hdr *eth_hdr;
3063 struct ieee802_1x_hdr *eapol_hdr;
3065 /* must contain at least ieee8023_hdr + ieee802_1x_hdr */
3066 if (len < sizeof(*eth_hdr) + sizeof(*eapol_hdr)) {
3067 wpa_printf(MSG_MSGDUMP, "KaY: EAPOL frame too short (%lu)",
3068 (unsigned long) len);
3072 eth_hdr = (struct ieee8023_hdr *) buf;
3073 eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
3074 if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
3075 be_to_host16(eapol_hdr->length)) {
3076 wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
3077 (unsigned long) len,
3078 (unsigned long) be_to_host16(eapol_hdr->length));
3082 if (eapol_hdr->version < EAPOL_VERSION) {
3083 wpa_printf(MSG_MSGDUMP, "KaY: version %d does not support MKA",
3084 eapol_hdr->version);
3087 if (be_to_host16(eth_hdr->ethertype) != ETH_P_PAE ||
3088 eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
3091 wpa_hexdump(MSG_DEBUG, "RX EAPOL-MKA: ", buf, len);
3092 if (dl_list_empty(&kay->participant_list)) {
3093 wpa_printf(MSG_ERROR, "KaY: no MKA participant instance");
3097 ieee802_1x_kay_decode_mkpdu(kay, buf, len);
3102 * ieee802_1x_kay_init -
3104 struct ieee802_1x_kay *
3105 ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
3106 const char *ifname, const u8 *addr)
3108 struct ieee802_1x_kay *kay;
3110 kay = os_zalloc(sizeof(*kay));
3112 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3119 kay->active = FALSE;
3121 kay->authenticated = FALSE;
3122 kay->secured = FALSE;
3123 kay->failed = FALSE;
3124 kay->policy = policy;
3126 os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
3127 os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
3128 kay->actor_sci.port = host_to_be16(0x0001);
3129 kay->actor_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
3131 /* While actor acts as a key server, shall distribute sakey */
3136 kay->pn_exhaustion = PENDING_PN_EXHAUSTION;
3137 kay->macsec_csindex = DEFAULT_CS_INDEX;
3138 kay->mka_algindex = DEFAULT_MKA_ALG_INDEX;
3139 kay->mka_version = MKA_VERSION_ID;
3141 os_memcpy(kay->algo_agility, mka_algo_agility,
3142 sizeof(kay->algo_agility));
3144 dl_list_init(&kay->participant_list);
3146 if (policy == DO_NOT_SECURE) {
3147 kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
3148 kay->macsec_desired = FALSE;
3149 kay->macsec_protect = FALSE;
3150 kay->macsec_validate = Disabled;
3151 kay->macsec_replay_protect = FALSE;
3152 kay->macsec_replay_window = 0;
3153 kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
3155 kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
3156 kay->macsec_desired = TRUE;
3157 kay->macsec_protect = TRUE;
3158 kay->macsec_validate = Strict;
3159 kay->macsec_replay_protect = FALSE;
3160 kay->macsec_replay_window = 0;
3161 kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
3164 wpa_printf(MSG_DEBUG, "KaY: state machine created");
3166 /* Initialize the SecY must be prio to CP, as CP will control SecY */
3167 secy_init_macsec(kay);
3168 secy_get_available_transmit_sc(kay, &kay->sc_ch);
3170 wpa_printf(MSG_DEBUG, "KaY: secy init macsec done");
3173 kay->cp = ieee802_1x_kay_alloc_cp_sm(kay);
3174 if (kay->cp == NULL) {
3175 ieee802_1x_kay_deinit(kay);
3179 if (policy == DO_NOT_SECURE) {
3180 ieee802_1x_cp_connect_authenticated(kay->cp);
3181 ieee802_1x_cp_sm_step(kay->cp);
3183 kay->l2_mka = l2_packet_init(kay->if_name, NULL, ETH_P_PAE,
3184 kay_l2_receive, kay, 1);
3185 if (kay->l2_mka == NULL) {
3186 wpa_printf(MSG_WARNING,
3187 "KaY: Failed to initialize L2 packet processing for MKA packet");
3188 ieee802_1x_kay_deinit(kay);
3198 * ieee802_1x_kay_deinit -
3201 ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay)
3203 struct ieee802_1x_mka_participant *participant;
3208 wpa_printf(MSG_DEBUG, "KaY: state machine removed");
3210 while (!dl_list_empty(&kay->participant_list)) {
3211 participant = dl_list_entry(kay->participant_list.next,
3212 struct ieee802_1x_mka_participant,
3214 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
3217 ieee802_1x_cp_sm_deinit(kay->cp);
3218 secy_deinit_macsec(kay);
3221 l2_packet_deinit(kay->l2_mka);
3231 * ieee802_1x_kay_create_mka -
3233 struct ieee802_1x_mka_participant *
3234 ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
3235 struct mka_key *cak, u32 life,
3236 enum mka_created_mode mode, Boolean is_authenticator)
3238 struct ieee802_1x_mka_participant *participant;
3241 if (!kay || !ckn || !cak) {
3242 wpa_printf(MSG_ERROR, "KaY: ckn or cak is null");
3246 if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
3247 wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
3250 if (ckn->len > MAX_CKN_LEN) {
3251 wpa_printf(MSG_ERROR, "KaY: CKN is out of range(<=32 bytes)");
3255 wpa_printf(MSG_ERROR, "KaY: Now is at disable state");
3259 participant = os_zalloc(sizeof(*participant));
3261 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3265 participant->ckn.len = ckn->len;
3266 os_memcpy(participant->ckn.name, ckn->name, ckn->len);
3267 participant->cak.len = cak->len;
3268 os_memcpy(participant->cak.key, cak->key, cak->len);
3270 participant->cak_life = life + time(NULL);
3274 if (is_authenticator) {
3275 participant->is_obliged_key_server = TRUE;
3276 participant->can_be_key_server = TRUE;
3277 participant->is_key_server = TRUE;
3278 participant->principal = TRUE;
3280 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
3281 sizeof(kay->key_server_sci));
3282 kay->key_server_priority = kay->actor_priority;
3283 participant->is_elected = TRUE;
3285 participant->is_obliged_key_server = FALSE;
3286 participant->can_be_key_server = FALSE;
3287 participant->is_key_server = FALSE;
3288 participant->is_elected = TRUE;
3293 participant->is_obliged_key_server = FALSE;
3294 participant->can_be_key_server = TRUE;
3295 participant->is_key_server = TRUE;
3296 participant->is_elected = FALSE;
3300 participant->cached = FALSE;
3302 participant->active = FALSE;
3303 participant->participant = FALSE;
3304 participant->retain = FALSE;
3305 participant->activate = DEFAULT;
3307 if (participant->is_key_server)
3308 participant->principal = TRUE;
3310 dl_list_init(&participant->live_peers);
3311 dl_list_init(&participant->potential_peers);
3313 participant->retry_count = 0;
3314 participant->kay = kay;
3316 if (!reset_participant_mi(participant))
3319 participant->lrx = FALSE;
3320 participant->ltx = FALSE;
3321 participant->orx = FALSE;
3322 participant->otx = FALSE;
3323 participant->to_dist_sak = FALSE;
3324 participant->to_use_sak = FALSE;
3325 participant->new_sak = FALSE;
3326 dl_list_init(&participant->sak_list);
3327 participant->new_key = NULL;
3328 dl_list_init(&participant->rxsc_list);
3329 participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci,
3331 secy_cp_control_protect_frames(kay, kay->macsec_protect);
3332 secy_cp_control_replay(kay, kay->macsec_replay_protect,
3333 kay->macsec_replay_window);
3334 secy_create_transmit_sc(kay, participant->txsc);
3336 /* to derive KEK from CAK and CKN */
3337 participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
3338 if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
3339 participant->ckn.name,
3340 participant->ckn.len,
3341 participant->kek.key)) {
3342 wpa_printf(MSG_ERROR, "KaY: Derived KEK failed");
3345 wpa_hexdump_key(MSG_DEBUG, "KaY: Derived KEK",
3346 participant->kek.key, participant->kek.len);
3348 /* to derive ICK from CAK and CKN */
3349 participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
3350 if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
3351 participant->ckn.name,
3352 participant->ckn.len,
3353 participant->ick.key)) {
3354 wpa_printf(MSG_ERROR, "KaY: Derived ICK failed");
3357 wpa_hexdump_key(MSG_DEBUG, "KaY: Derived ICK",
3358 participant->ick.key, participant->ick.len);
3360 dl_list_add(&kay->participant_list, &participant->list);
3361 wpa_hexdump(MSG_DEBUG, "KaY: Participant created:",
3362 ckn->name, ckn->len);
3364 usecs = os_random() % (MKA_HELLO_TIME * 1000);
3365 eloop_register_timeout(0, usecs, ieee802_1x_participant_timer,
3367 participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
3373 os_free(participant);
3379 * ieee802_1x_kay_delete_mka -
3382 ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
3384 struct ieee802_1x_mka_participant *participant;
3385 struct ieee802_1x_kay_peer *peer;
3386 struct data_key *sak;
3387 struct receive_sc *rxsc;
3392 wpa_printf(MSG_DEBUG, "KaY: participant removed");
3394 /* get the participant */
3395 participant = ieee802_1x_kay_get_participant(kay, ckn->name);
3397 wpa_hexdump(MSG_DEBUG, "KaY: participant is not found",
3398 ckn->name, ckn->len);
3402 eloop_cancel_timeout(ieee802_1x_participant_timer, participant, NULL);
3403 dl_list_del(&participant->list);
3405 /* remove live peer */
3406 while (!dl_list_empty(&participant->live_peers)) {
3407 peer = dl_list_entry(participant->live_peers.next,
3408 struct ieee802_1x_kay_peer, list);
3409 dl_list_del(&peer->list);
3413 /* remove potential peer */
3414 while (!dl_list_empty(&participant->potential_peers)) {
3415 peer = dl_list_entry(participant->potential_peers.next,
3416 struct ieee802_1x_kay_peer, list);
3417 dl_list_del(&peer->list);
3422 while (!dl_list_empty(&participant->sak_list)) {
3423 sak = dl_list_entry(participant->sak_list.next,
3424 struct data_key, list);
3425 dl_list_del(&sak->list);
3429 while (!dl_list_empty(&participant->rxsc_list)) {
3430 rxsc = dl_list_entry(participant->rxsc_list.next,
3431 struct receive_sc, list);
3432 secy_delete_receive_sc(kay, rxsc);
3433 ieee802_1x_kay_deinit_receive_sc(participant, rxsc);
3435 secy_delete_transmit_sc(kay, participant->txsc);
3436 ieee802_1x_kay_deinit_transmit_sc(participant, participant->txsc);
3438 os_memset(&participant->cak, 0, sizeof(participant->cak));
3439 os_memset(&participant->kek, 0, sizeof(participant->kek));
3440 os_memset(&participant->ick, 0, sizeof(participant->ick));
3441 os_free(participant);
3446 * ieee802_1x_kay_mka_participate -
3448 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
3449 struct mka_key_name *ckn,
3452 struct ieee802_1x_mka_participant *participant;
3457 participant = ieee802_1x_kay_get_participant(kay, ckn->name);
3461 participant->active = status;
3466 * ieee802_1x_kay_new_sak -
3469 ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay)
3471 struct ieee802_1x_mka_participant *participant;
3476 participant = ieee802_1x_kay_get_principal_participant(kay);
3480 participant->new_sak = TRUE;
3481 wpa_printf(MSG_DEBUG, "KaY: new SAK signal");
3488 * ieee802_1x_kay_change_cipher_suite -
3491 ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay, int cs_index)
3493 struct ieee802_1x_mka_participant *participant;
3498 if ((unsigned int) cs_index >= CS_TABLE_SIZE) {
3499 wpa_printf(MSG_ERROR,
3500 "KaY: Configured cipher suite index is out of range");
3503 if (kay->macsec_csindex == cs_index)
3507 kay->macsec_desired = FALSE;
3509 kay->macsec_csindex = cs_index;
3510 kay->macsec_capable = cipher_suite_tbl[kay->macsec_csindex].capable;
3512 participant = ieee802_1x_kay_get_principal_participant(kay);
3514 wpa_printf(MSG_INFO, "KaY: Cipher Suite changed");
3515 participant->new_sak = TRUE;
projects / mech_eap.git / blob