2 * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3 * Copyright (c) 2013, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
15 #include "state_machine.h"
16 #include "l2_packet/l2_packet.h"
17 #include "common/eapol_common.h"
18 #include "crypto/aes_wrap.h"
19 #include "ieee802_1x_cp.h"
20 #include "ieee802_1x_key.h"
21 #include "ieee802_1x_kay.h"
22 #include "ieee802_1x_kay_i.h"
23 #include "ieee802_1x_secy_ops.h"
26 #define DEFAULT_SA_KEY_LEN 16
27 #define DEFAULT_ICV_LEN 16
28 #define MAX_ICV_LEN 32 /* 32 bytes, 256 bits */
30 #define PENDING_PN_EXHAUSTION 0xC0000000
32 /* IEEE Std 802.1X-2010, Table 9-1 - MKA Algorithm Agility */
33 #define MKA_ALGO_AGILITY_2009 { 0x00, 0x80, 0xC2, 0x01 }
34 static u8 mka_algo_agility[4] = MKA_ALGO_AGILITY_2009;
36 /* IEEE802.1AE-2006 Table 14-1 MACsec Cipher Suites */
37 static struct macsec_ciphersuite cipher_suite_tbl[] = {
42 MACSEC_CAP_INTEG_AND_CONF_0_30_50,
48 #define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
49 #define DEFAULT_CS_INDEX 0
51 static struct mka_alg mka_alg_tbl[] = {
53 MKA_ALGO_AGILITY_2009,
54 /* 128-bit CAK, KEK, ICK, ICV */
56 ieee802_1x_cak_128bits_aes_cmac,
57 ieee802_1x_ckn_128bits_aes_cmac,
58 ieee802_1x_kek_128bits_aes_cmac,
59 ieee802_1x_ick_128bits_aes_cmac,
60 ieee802_1x_icv_128bits_aes_cmac,
65 #define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
68 static int is_ki_equal(struct ieee802_1x_mka_ki *ki1,
69 struct ieee802_1x_mka_ki *ki2)
71 return os_memcmp(ki1->mi, ki2->mi, MI_LEN) == 0 &&
76 struct mka_param_body_handler {
77 int (*body_tx)(struct ieee802_1x_mka_participant *participant,
79 int (*body_rx)(struct ieee802_1x_mka_participant *participant,
80 const u8 *mka_msg, size_t msg_len);
81 int (*body_length)(struct ieee802_1x_mka_participant *participant);
82 Boolean (*body_present)(struct ieee802_1x_mka_participant *participant);
86 static void set_mka_param_body_len(void *body, unsigned int len)
88 struct ieee802_1x_mka_hdr *hdr = body;
89 hdr->length = (len >> 8) & 0x0f;
90 hdr->length1 = len & 0xff;
94 static unsigned int get_mka_param_body_len(const void *body)
96 const struct ieee802_1x_mka_hdr *hdr = body;
97 return (hdr->length << 8) | hdr->length1;
101 static int get_mka_param_body_type(const void *body)
103 const struct ieee802_1x_mka_hdr *hdr = body;
109 * ieee802_1x_mka_dump_basic_body -
112 ieee802_1x_mka_dump_basic_body(struct ieee802_1x_mka_basic_body *body)
119 body_len = get_mka_param_body_len(body);
120 wpa_printf(MSG_DEBUG, "*** MKA Basic Parameter set ***");
121 wpa_printf(MSG_DEBUG, "\tVersion.......: %d", body->version);
122 wpa_printf(MSG_DEBUG, "\tPriority......: %d", body->priority);
123 wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server);
124 wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired);
125 wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capbility);
126 wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
127 wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR,
128 MAC2STR(body->actor_sci.addr));
129 wpa_printf(MSG_DEBUG, "\tSCI Port .....: %d",
130 be_to_host16(body->actor_sci.port));
131 wpa_hexdump(MSG_DEBUG, "\tMember Id.....:",
132 body->actor_mi, sizeof(body->actor_mi));
133 wpa_printf(MSG_DEBUG, "\tMessage Number: %d",
134 be_to_host32(body->actor_mn));
135 wpa_hexdump(MSG_DEBUG, "\tAlgo Agility..:",
136 body->algo_agility, sizeof(body->algo_agility));
137 wpa_hexdump_ascii(MSG_DEBUG, "\tCAK Name......:", body->ckn,
138 body_len + MKA_HDR_LEN - sizeof(*body));
143 * ieee802_1x_mka_dump_peer_body -
146 ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
156 body_len = get_mka_param_body_len(body);
157 if (body->type == MKA_LIVE_PEER_LIST) {
158 wpa_printf(MSG_DEBUG, "*** Live Peer List ***");
159 wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
160 } else if (body->type == MKA_POTENTIAL_PEER_LIST) {
161 wpa_printf(MSG_DEBUG, "*** Potential Live Peer List ***");
162 wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
165 for (i = 0; i < body_len; i += MI_LEN + sizeof(mn)) {
167 os_memcpy(&mn, mi + MI_LEN, sizeof(mn));
168 wpa_hexdump_ascii(MSG_DEBUG, "\tMember Id.....:", mi, MI_LEN);
169 wpa_printf(MSG_DEBUG, "\tMessage Number: %d", be_to_host32(mn));
175 * ieee802_1x_mka_dump_dist_sak_body -
178 ieee802_1x_mka_dump_dist_sak_body(struct ieee802_1x_mka_dist_sak_body *body)
185 body_len = get_mka_param_body_len(body);
186 wpa_printf(MSG_INFO, "*** Distributed SAK ***");
187 wpa_printf(MSG_INFO, "\tDistributed AN........: %d", body->dan);
188 wpa_printf(MSG_INFO, "\tConfidentiality Offset: %d",
189 body->confid_offset);
190 wpa_printf(MSG_INFO, "\tBody Length...........: %d", (int) body_len);
194 wpa_printf(MSG_INFO, "\tKey Number............: %d",
195 be_to_host32(body->kn));
196 wpa_hexdump(MSG_INFO, "\tAES Key Wrap of SAK...:", body->sak, 24);
200 static const char * yes_no(int val)
202 return val ? "Yes" : "No";
207 * ieee802_1x_mka_dump_sak_use_body -
210 ieee802_1x_mka_dump_sak_use_body(struct ieee802_1x_mka_sak_use_body *body)
217 body_len = get_mka_param_body_len(body);
218 wpa_printf(MSG_DEBUG, "*** MACsec SAK Use ***");
219 wpa_printf(MSG_DEBUG, "\tLatest Key AN....: %d", body->lan);
220 wpa_printf(MSG_DEBUG, "\tLatest Key Tx....: %s", yes_no(body->ltx));
221 wpa_printf(MSG_DEBUG, "\tLatest Key Rx....: %s", yes_no(body->lrx));
222 wpa_printf(MSG_DEBUG, "\tOld Key AN....: %d", body->oan);
223 wpa_printf(MSG_DEBUG, "\tOld Key Tx....: %s", yes_no(body->otx));
224 wpa_printf(MSG_DEBUG, "\tOld Key Rx....: %s", yes_no(body->orx));
225 wpa_printf(MSG_DEBUG, "\tPlain Key Tx....: %s", yes_no(body->ptx));
226 wpa_printf(MSG_DEBUG, "\tPlain Key Rx....: %s", yes_no(body->prx));
227 wpa_printf(MSG_DEBUG, "\tDelay Protect....: %s",
228 yes_no(body->delay_protect));
229 wpa_printf(MSG_DEBUG, "\tBody Length......: %d", body_len);
233 wpa_hexdump(MSG_DEBUG, "\tKey Server MI....:",
234 body->lsrv_mi, sizeof(body->lsrv_mi));
235 wpa_printf(MSG_DEBUG, "\tKey Number.......: %u",
236 be_to_host32(body->lkn));
237 wpa_printf(MSG_DEBUG, "\tLowest PN........: %u",
238 be_to_host32(body->llpn));
239 wpa_hexdump_ascii(MSG_DEBUG, "\tOld Key Server MI....:",
240 body->osrv_mi, sizeof(body->osrv_mi));
241 wpa_printf(MSG_DEBUG, "\tOld Key Number.......: %u",
242 be_to_host32(body->okn));
243 wpa_printf(MSG_DEBUG, "\tOld Lowest PN........: %u",
244 be_to_host32(body->olpn));
249 * ieee802_1x_kay_get_participant -
251 static struct ieee802_1x_mka_participant *
252 ieee802_1x_kay_get_participant(struct ieee802_1x_kay *kay, const u8 *ckn)
254 struct ieee802_1x_mka_participant *participant;
256 dl_list_for_each(participant, &kay->participant_list,
257 struct ieee802_1x_mka_participant, list) {
258 if (os_memcmp(participant->ckn.name, ckn,
259 participant->ckn.len) == 0)
263 wpa_printf(MSG_DEBUG, "KaY: participant is not found");
270 * ieee802_1x_kay_get_principal_participant -
272 static struct ieee802_1x_mka_participant *
273 ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay)
275 struct ieee802_1x_mka_participant *participant;
277 dl_list_for_each(participant, &kay->participant_list,
278 struct ieee802_1x_mka_participant, list) {
279 if (participant->principal)
283 wpa_printf(MSG_DEBUG, "KaY: principal participant is not founded");
288 static struct ieee802_1x_kay_peer * get_peer_mi(struct dl_list *peers,
291 struct ieee802_1x_kay_peer *peer;
293 dl_list_for_each(peer, peers, struct ieee802_1x_kay_peer, list) {
294 if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
303 * ieee802_1x_kay_is_in_potential_peer
306 ieee802_1x_kay_is_in_potential_peer(
307 struct ieee802_1x_mka_participant *participant, const u8 *mi)
309 return get_peer_mi(&participant->potential_peers, mi) != NULL;
314 * ieee802_1x_kay_is_in_live_peer
317 ieee802_1x_kay_is_in_live_peer(
318 struct ieee802_1x_mka_participant *participant, const u8 *mi)
320 return get_peer_mi(&participant->live_peers, mi) != NULL;
325 * ieee802_1x_kay_is_in_peer
328 ieee802_1x_kay_is_in_peer(struct ieee802_1x_mka_participant *participant,
331 return ieee802_1x_kay_is_in_live_peer(participant, mi) ||
332 ieee802_1x_kay_is_in_potential_peer(participant, mi);
337 * ieee802_1x_kay_get_peer
339 static struct ieee802_1x_kay_peer *
340 ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
343 struct ieee802_1x_kay_peer *peer;
345 peer = get_peer_mi(&participant->live_peers, mi);
349 return get_peer_mi(&participant->potential_peers, mi);
354 * ieee802_1x_kay_get_live_peer
356 static struct ieee802_1x_kay_peer *
357 ieee802_1x_kay_get_live_peer(struct ieee802_1x_mka_participant *participant,
360 return get_peer_mi(&participant->live_peers, mi);
365 * ieee802_1x_kay_get_cipher_suite
367 static struct macsec_ciphersuite *
368 ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
373 for (i = 0; i < CS_TABLE_SIZE; i++) {
374 if (os_memcmp(cipher_suite_tbl[i].id, cs_id, CS_ID_LEN) == 0)
377 if (i >= CS_TABLE_SIZE)
380 return &cipher_suite_tbl[i];
385 * ieee802_1x_kay_get_peer_sci
387 static struct ieee802_1x_kay_peer *
388 ieee802_1x_kay_get_peer_sci(struct ieee802_1x_mka_participant *participant,
389 const struct ieee802_1x_mka_sci *sci)
391 struct ieee802_1x_kay_peer *peer;
393 dl_list_for_each(peer, &participant->live_peers,
394 struct ieee802_1x_kay_peer, list) {
395 if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
399 dl_list_for_each(peer, &participant->potential_peers,
400 struct ieee802_1x_kay_peer, list) {
401 if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
410 * ieee802_1x_kay_init_receive_sa -
412 static struct receive_sa *
413 ieee802_1x_kay_init_receive_sa(struct receive_sc *psc, u8 an, u32 lowest_pn,
414 struct data_key *key)
416 struct receive_sa *psa;
421 psa = os_zalloc(sizeof(*psa));
423 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
428 psa->lowest_pn = lowest_pn;
429 psa->next_pn = lowest_pn;
433 os_get_time(&psa->created_time);
436 dl_list_add(&psc->sa_list, &psa->list);
437 wpa_printf(MSG_DEBUG,
438 "KaY: Create receive SA(AN: %d lowest_pn: %u of SC(channel: %d)",
439 (int) an, lowest_pn, psc->channel);
446 * ieee802_1x_kay_deinit_receive_sa -
448 static void ieee802_1x_kay_deinit_receive_sa(struct receive_sa *psa)
451 wpa_printf(MSG_DEBUG,
452 "KaY: Delete receive SA(an: %d) of SC(channel: %d)",
453 psa->an, psa->sc->channel);
454 dl_list_del(&psa->list);
460 * ieee802_1x_kay_init_receive_sc -
462 static struct receive_sc *
463 ieee802_1x_kay_init_receive_sc(const struct ieee802_1x_mka_sci *psci,
466 struct receive_sc *psc;
471 psc = os_zalloc(sizeof(*psc));
473 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
477 os_memcpy(&psc->sci, psci, sizeof(psc->sci));
478 psc->channel = channel;
480 os_get_time(&psc->created_time);
481 psc->receiving = FALSE;
483 dl_list_init(&psc->sa_list);
484 wpa_printf(MSG_DEBUG, "KaY: Create receive SC(channel: %d)", channel);
485 wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)psci, sizeof(*psci));
492 * ieee802_1x_kay_deinit_receive_sc -
495 ieee802_1x_kay_deinit_receive_sc(
496 struct ieee802_1x_mka_participant *participant, struct receive_sc *psc)
498 struct receive_sa *psa, *pre_sa;
500 wpa_printf(MSG_DEBUG, "KaY: Delete receive SC(channel: %d)",
502 dl_list_for_each_safe(psa, pre_sa, &psc->sa_list, struct receive_sa,
504 secy_disable_receive_sa(participant->kay, psa);
505 ieee802_1x_kay_deinit_receive_sa(psa);
507 dl_list_del(&psc->list);
513 * ieee802_1x_kay_create_live_peer
515 static struct ieee802_1x_kay_peer *
516 ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant,
519 struct ieee802_1x_kay_peer *peer;
520 struct receive_sc *rxsc;
523 peer = os_zalloc(sizeof(*peer));
525 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
529 os_memcpy(peer->mi, mi, MI_LEN);
531 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
532 peer->sak_used = FALSE;
533 os_memcpy(&peer->sci, &participant->current_peer_sci,
535 dl_list_add(&participant->live_peers, &peer->list);
537 secy_get_available_receive_sc(participant->kay, &sc_ch);
539 rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
543 dl_list_add(&participant->rxsc_list, &rxsc->list);
544 secy_create_receive_sc(participant->kay, rxsc);
546 wpa_printf(MSG_DEBUG, "KaY: Live peer created");
547 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
548 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
549 wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
550 wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
557 * ieee802_1x_kay_create_potential_peer
559 static struct ieee802_1x_kay_peer *
560 ieee802_1x_kay_create_potential_peer(
561 struct ieee802_1x_mka_participant *participant, const u8 *mi, u32 mn)
563 struct ieee802_1x_kay_peer *peer;
565 peer = os_zalloc(sizeof(*peer));
567 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
571 os_memcpy(peer->mi, mi, MI_LEN);
573 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
574 peer->sak_used = FALSE;
576 dl_list_add(&participant->potential_peers, &peer->list);
578 wpa_printf(MSG_DEBUG, "KaY: potential peer created");
579 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
580 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
581 wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
582 wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
589 * ieee802_1x_kay_move_live_peer
591 static struct ieee802_1x_kay_peer *
592 ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
595 struct ieee802_1x_kay_peer *peer;
596 struct receive_sc *rxsc;
599 dl_list_for_each(peer, &participant->potential_peers,
600 struct ieee802_1x_kay_peer, list) {
601 if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
605 os_memcpy(&peer->sci, &participant->current_peer_sci,
608 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
610 wpa_printf(MSG_DEBUG, "KaY: move potential peer to live peer");
611 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
612 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
613 wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
614 wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
616 dl_list_del(&peer->list);
617 dl_list_add_tail(&participant->live_peers, &peer->list);
619 secy_get_available_receive_sc(participant->kay, &sc_ch);
621 rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
625 dl_list_add(&participant->rxsc_list, &rxsc->list);
626 secy_create_receive_sc(participant->kay, rxsc);
634 * ieee802_1x_mka_basic_body_present -
637 ieee802_1x_mka_basic_body_present(
638 struct ieee802_1x_mka_participant *participant)
645 * ieee802_1x_mka_basic_body_length -
648 ieee802_1x_mka_basic_body_length(struct ieee802_1x_mka_participant *participant)
652 length = sizeof(struct ieee802_1x_mka_basic_body);
653 length += participant->ckn.len;
654 return (length + 0x3) & ~0x3;
659 * ieee802_1x_mka_encode_basic_body
662 ieee802_1x_mka_encode_basic_body(
663 struct ieee802_1x_mka_participant *participant,
666 struct ieee802_1x_mka_basic_body *body;
667 struct ieee802_1x_kay *kay = participant->kay;
668 unsigned int length = ieee802_1x_mka_basic_body_length(participant);
670 body = wpabuf_put(buf, length);
672 body->version = kay->mka_version;
673 body->priority = kay->actor_priority;
674 if (participant->is_elected)
675 body->key_server = participant->is_key_server;
677 body->key_server = participant->can_be_key_server;
679 body->macsec_desired = kay->macsec_desired;
680 body->macsec_capbility = kay->macsec_capable;
681 set_mka_param_body_len(body, length - MKA_HDR_LEN);
683 os_memcpy(body->actor_sci.addr, kay->actor_sci.addr,
684 sizeof(kay->actor_sci.addr));
685 body->actor_sci.port = host_to_be16(kay->actor_sci.port);
687 os_memcpy(body->actor_mi, participant->mi, sizeof(body->actor_mi));
688 participant->mn = participant->mn + 1;
689 body->actor_mn = host_to_be32(participant->mn);
690 os_memcpy(body->algo_agility, participant->kay->algo_agility,
691 sizeof(body->algo_agility));
693 os_memcpy(body->ckn, participant->ckn.name, participant->ckn.len);
695 ieee802_1x_mka_dump_basic_body(body);
702 * ieee802_1x_mka_decode_basic_body -
704 static struct ieee802_1x_mka_participant *
705 ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
708 struct ieee802_1x_mka_participant *participant;
709 const struct ieee802_1x_mka_basic_body *body;
710 struct ieee802_1x_kay_peer *peer;
712 body = (const struct ieee802_1x_mka_basic_body *) mka_msg;
714 if (body->version > MKA_VERSION_ID) {
715 wpa_printf(MSG_DEBUG,
716 "KaY: peer's version(%d) greater than mka current version(%d)",
717 body->version, MKA_VERSION_ID);
719 if (kay->is_obliged_key_server && body->key_server) {
720 wpa_printf(MSG_DEBUG, "I must be as key server");
724 participant = ieee802_1x_kay_get_participant(kay, body->ckn);
726 wpa_printf(MSG_DEBUG, "Peer is not included in my CA");
730 /* If the peer's MI is my MI, I will choose new MI */
731 if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
732 os_get_random(participant->mi, sizeof(participant->mi));
736 os_memcpy(participant->current_peer_id.mi, body->actor_mi, MI_LEN);
737 participant->current_peer_id.mn = be_to_host32(body->actor_mn);
738 os_memcpy(participant->current_peer_sci.addr, body->actor_sci.addr,
739 sizeof(participant->current_peer_sci.addr));
740 participant->current_peer_sci.port = be_to_host16(body->actor_sci.port);
743 peer = ieee802_1x_kay_get_peer(participant, body->actor_mi);
745 /* Check duplicated SCI */
746 /* TODO: What policy should be applied to detect duplicated SCI
747 * is active attacker or a valid peer whose MI is be changed?
749 peer = ieee802_1x_kay_get_peer_sci(participant,
752 wpa_printf(MSG_WARNING,
753 "KaY: duplicated SCI detected, Maybe active attacker");
754 dl_list_del(&peer->list);
758 peer = ieee802_1x_kay_create_potential_peer(
759 participant, body->actor_mi,
760 be_to_host32(body->actor_mn));
764 peer->macsec_desired = body->macsec_desired;
765 peer->macsec_capbility = body->macsec_capbility;
766 peer->is_key_server = (Boolean) body->key_server;
767 peer->key_server_priority = body->priority;
768 } else if (peer->mn < be_to_host32(body->actor_mn)) {
769 peer->mn = be_to_host32(body->actor_mn);
770 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
771 peer->macsec_desired = body->macsec_desired;
772 peer->macsec_capbility = body->macsec_capbility;
773 peer->is_key_server = (Boolean) body->key_server;
774 peer->key_server_priority = body->priority;
776 wpa_printf(MSG_WARNING, "KaY: The peer MN have received");
785 * ieee802_1x_mka_live_peer_body_present
788 ieee802_1x_mka_live_peer_body_present(
789 struct ieee802_1x_mka_participant *participant)
791 return !dl_list_empty(&participant->live_peers);
796 * ieee802_1x_kay_get_live_peer_length
799 ieee802_1x_mka_get_live_peer_length(
800 struct ieee802_1x_mka_participant *participant)
802 int len = MKA_HDR_LEN;
803 struct ieee802_1x_kay_peer *peer;
805 dl_list_for_each(peer, &participant->live_peers,
806 struct ieee802_1x_kay_peer, list)
807 len += sizeof(struct ieee802_1x_mka_peer_id);
809 return (len + 0x3) & ~0x3;
814 * ieee802_1x_mka_encode_live_peer_body -
817 ieee802_1x_mka_encode_live_peer_body(
818 struct ieee802_1x_mka_participant *participant,
821 struct ieee802_1x_mka_peer_body *body;
822 struct ieee802_1x_kay_peer *peer;
824 struct ieee802_1x_mka_peer_id *body_peer;
826 length = ieee802_1x_mka_get_live_peer_length(participant);
827 body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
829 body->type = MKA_LIVE_PEER_LIST;
830 set_mka_param_body_len(body, length - MKA_HDR_LEN);
832 dl_list_for_each(peer, &participant->live_peers,
833 struct ieee802_1x_kay_peer, list) {
834 body_peer = wpabuf_put(buf,
835 sizeof(struct ieee802_1x_mka_peer_id));
836 os_memcpy(body_peer->mi, peer->mi, MI_LEN);
837 body_peer->mn = host_to_be32(peer->mn);
841 ieee802_1x_mka_dump_peer_body(body);
846 * ieee802_1x_mka_potential_peer_body_present
849 ieee802_1x_mka_potential_peer_body_present(
850 struct ieee802_1x_mka_participant *participant)
852 return !dl_list_empty(&participant->potential_peers);
857 * ieee802_1x_kay_get_potential_peer_length
860 ieee802_1x_mka_get_potential_peer_length(
861 struct ieee802_1x_mka_participant *participant)
863 int len = MKA_HDR_LEN;
864 struct ieee802_1x_kay_peer *peer;
866 dl_list_for_each(peer, &participant->potential_peers,
867 struct ieee802_1x_kay_peer, list)
868 len += sizeof(struct ieee802_1x_mka_peer_id);
870 return (len + 0x3) & ~0x3;
875 * ieee802_1x_mka_encode_potential_peer_body -
878 ieee802_1x_mka_encode_potential_peer_body(
879 struct ieee802_1x_mka_participant *participant,
882 struct ieee802_1x_mka_peer_body *body;
883 struct ieee802_1x_kay_peer *peer;
885 struct ieee802_1x_mka_peer_id *body_peer;
887 length = ieee802_1x_mka_get_potential_peer_length(participant);
888 body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
890 body->type = MKA_POTENTIAL_PEER_LIST;
891 set_mka_param_body_len(body, length - MKA_HDR_LEN);
893 dl_list_for_each(peer, &participant->potential_peers,
894 struct ieee802_1x_kay_peer, list) {
895 body_peer = wpabuf_put(buf,
896 sizeof(struct ieee802_1x_mka_peer_id));
897 os_memcpy(body_peer->mi, peer->mi, MI_LEN);
898 body_peer->mn = host_to_be32(peer->mn);
902 ieee802_1x_mka_dump_peer_body(body);
908 * ieee802_1x_mka_i_in_peerlist -
911 ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
912 const u8 *mka_msg, size_t msg_len)
914 Boolean included = FALSE;
915 struct ieee802_1x_mka_hdr *hdr;
926 while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
927 hdr = (struct ieee802_1x_mka_hdr *) pos;
928 body_len = get_mka_param_body_len(hdr);
929 body_type = get_mka_param_body_type(hdr);
931 if (body_type != MKA_LIVE_PEER_LIST &&
932 body_type != MKA_POTENTIAL_PEER_LIST)
935 ieee802_1x_mka_dump_peer_body(
936 (struct ieee802_1x_mka_peer_body *)pos);
938 if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
939 wpa_printf(MSG_ERROR,
940 "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
941 (int) left_len, (int) MKA_HDR_LEN,
942 (int) body_len, DEFAULT_ICV_LEN);
946 if ((body_len % 16) != 0) {
947 wpa_printf(MSG_ERROR,
948 "KaY: MKA Peer Packet Body Length (%d bytes) should multiple of 16 octets",
953 for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
954 peer_mi = MKA_HDR_LEN + pos + i;
955 os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
956 peer_mn = be_to_host32(peer_mn);
957 if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0 &&
958 peer_mn == participant->mn) {
968 left_len -= body_len + MKA_HDR_LEN;
969 pos += body_len + MKA_HDR_LEN;
977 * ieee802_1x_mka_decode_live_peer_body -
979 static int ieee802_1x_mka_decode_live_peer_body(
980 struct ieee802_1x_mka_participant *participant,
981 const u8 *peer_msg, size_t msg_len)
983 const struct ieee802_1x_mka_hdr *hdr;
984 struct ieee802_1x_kay_peer *peer;
991 is_included = ieee802_1x_kay_is_in_live_peer(
992 participant, participant->current_peer_id.mi);
994 hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
995 body_len = get_mka_param_body_len(hdr);
997 for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
998 peer_mi = MKA_HDR_LEN + peer_msg + i;
999 os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
1000 peer_mn = be_to_host32(peer_mn);
1003 if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
1004 /* My message id is used by other participant */
1005 if (peer_mn > participant->mn) {
1006 os_get_random(participant->mi,
1007 sizeof(participant->mi));
1008 participant->mn = 0;
1015 peer = ieee802_1x_kay_get_peer(participant, peer_mi);
1018 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
1020 if (!ieee802_1x_kay_create_potential_peer(
1021 participant, peer_mi, peer_mn)) {
1032 * ieee802_1x_mka_decode_potential_peer_body -
1035 ieee802_1x_mka_decode_potential_peer_body(
1036 struct ieee802_1x_mka_participant *participant,
1037 const u8 *peer_msg, size_t msg_len)
1039 struct ieee802_1x_mka_hdr *hdr;
1045 hdr = (struct ieee802_1x_mka_hdr *) peer_msg;
1046 body_len = get_mka_param_body_len(hdr);
1048 for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
1049 peer_mi = MKA_HDR_LEN + peer_msg + i;
1050 os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
1051 peer_mn = be_to_host32(peer_mn);
1054 if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
1055 /* My message id is used by other participant */
1056 if (peer_mn > participant->mn) {
1057 os_get_random(participant->mi,
1058 sizeof(participant->mi));
1059 participant->mn = 0;
1070 * ieee802_1x_mka_sak_use_body_present
1073 ieee802_1x_mka_sak_use_body_present(
1074 struct ieee802_1x_mka_participant *participant)
1076 if (participant->to_use_sak)
1084 * ieee802_1x_mka_get_sak_use_length
1087 ieee802_1x_mka_get_sak_use_length(
1088 struct ieee802_1x_mka_participant *participant)
1090 int length = MKA_HDR_LEN;
1092 if (participant->kay->macsec_desired && participant->advised_desired)
1093 length = sizeof(struct ieee802_1x_mka_sak_use_body);
1095 length = MKA_HDR_LEN;
1097 length = (length + 0x3) & ~0x3;
1107 ieee802_1x_mka_get_lpn(struct ieee802_1x_mka_participant *principal,
1108 struct ieee802_1x_mka_ki *ki)
1110 struct receive_sa *rxsa;
1111 struct receive_sc *rxsc;
1114 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
1115 dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
1117 if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
1118 secy_get_receive_lowest_pn(principal->kay,
1121 lpn = lpn > rxsa->lowest_pn ?
1122 lpn : rxsa->lowest_pn;
1136 * ieee802_1x_mka_encode_sak_use_body -
1139 ieee802_1x_mka_encode_sak_use_body(
1140 struct ieee802_1x_mka_participant *participant,
1143 struct ieee802_1x_mka_sak_use_body *body;
1144 unsigned int length;
1147 length = ieee802_1x_mka_get_sak_use_length(participant);
1148 body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_sak_use_body));
1150 body->type = MKA_SAK_USE;
1151 set_mka_param_body_len(body, length - MKA_HDR_LEN);
1153 if (length == MKA_HDR_LEN) {
1159 body->delay_protect = FALSE;
1163 /* data protect, lowest accept packet number */
1164 body->delay_protect = participant->kay->macsec_replay_protect;
1165 pn = ieee802_1x_mka_get_lpn(participant, &participant->lki);
1166 if (pn > participant->kay->pn_exhaustion) {
1167 wpa_printf(MSG_WARNING, "KaY: My LPN exhaustion");
1168 if (participant->is_key_server)
1169 participant->new_sak = TRUE;
1172 body->llpn = host_to_be32(pn);
1173 pn = ieee802_1x_mka_get_lpn(participant, &participant->oki);
1174 body->olpn = host_to_be32(pn);
1176 /* plain tx, plain rx */
1177 if (participant->kay->macsec_protect)
1182 if (participant->kay->macsec_validate == Strict)
1187 /* latest key: rx, tx, key server member identifier key number */
1188 body->lan = participant->lan;
1189 os_memcpy(body->lsrv_mi, participant->lki.mi,
1190 sizeof(body->lsrv_mi));
1191 body->lkn = host_to_be32(participant->lki.kn);
1192 body->lrx = participant->lrx;
1193 body->ltx = participant->ltx;
1195 /* old key: rx, tx, key server member identifier key number */
1196 body->oan = participant->oan;
1197 if (participant->oki.kn != participant->lki.kn &&
1198 participant->oki.kn != 0) {
1201 os_memcpy(body->osrv_mi, participant->oki.mi,
1202 sizeof(body->osrv_mi));
1203 body->okn = host_to_be32(participant->oki.kn);
1209 /* set CP's variable */
1211 if (!participant->kay->tx_enable)
1212 participant->kay->tx_enable = TRUE;
1214 if (!participant->kay->port_enable)
1215 participant->kay->port_enable = TRUE;
1218 if (!participant->kay->rx_enable)
1219 participant->kay->rx_enable = TRUE;
1222 ieee802_1x_mka_dump_sak_use_body(body);
1228 * ieee802_1x_mka_decode_sak_use_body -
1231 ieee802_1x_mka_decode_sak_use_body(
1232 struct ieee802_1x_mka_participant *participant,
1233 const u8 *mka_msg, size_t msg_len)
1235 struct ieee802_1x_mka_hdr *hdr;
1236 struct ieee802_1x_mka_sak_use_body *body;
1237 struct ieee802_1x_kay_peer *peer;
1238 struct transmit_sa *txsa;
1239 struct data_key *sa_key = NULL;
1241 struct ieee802_1x_mka_ki ki;
1243 Boolean all_receiving;
1246 if (!participant->principal) {
1247 wpa_printf(MSG_WARNING, "KaY: Participant is not principal");
1250 peer = ieee802_1x_kay_get_live_peer(participant,
1251 participant->current_peer_id.mi);
1253 wpa_printf(MSG_WARNING, "KaY: the peer is not my live peer");
1257 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1258 body_len = get_mka_param_body_len(hdr);
1259 body = (struct ieee802_1x_mka_sak_use_body *) mka_msg;
1260 ieee802_1x_mka_dump_sak_use_body(body);
1262 if ((body_len != 0) && (body_len < 40)) {
1263 wpa_printf(MSG_ERROR,
1264 "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 40, or more octets",
1269 /* TODO: what action should I take when peer does not support MACsec */
1270 if (body_len == 0) {
1271 wpa_printf(MSG_WARNING, "KaY: Peer does not support MACsec");
1275 /* TODO: when the plain tx or rx of peer is true, should I change
1276 * the attribute of controlled port
1279 wpa_printf(MSG_WARNING, "KaY: peer's plain rx are TRUE");
1282 wpa_printf(MSG_WARNING, "KaY: peer's plain tx are TRUE");
1284 /* check latest key is valid */
1285 if (body->ltx || body->lrx) {
1287 os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi));
1288 ki.kn = ntohl(body->lkn);
1289 dl_list_for_each(sa_key, &participant->sak_list,
1290 struct data_key, list) {
1291 if (is_ki_equal(&sa_key->key_identifier, &ki)) {
1297 wpa_printf(MSG_WARNING, "KaY: Latest key is invalid");
1300 if (os_memcmp(participant->lki.mi, body->lsrv_mi,
1301 sizeof(participant->lki.mi)) == 0 &&
1302 ntohl(body->lkn) == participant->lki.kn &&
1303 body->lan == participant->lan) {
1304 peer->sak_used = TRUE;
1306 if (body->ltx && peer->is_key_server) {
1307 ieee802_1x_cp_set_servertransmitting(
1308 participant->kay->cp, TRUE);
1309 ieee802_1x_cp_sm_step(participant->kay->cp);
1313 /* check old key is valid */
1314 if (body->otx || body->orx) {
1315 if (os_memcmp(participant->oki.mi, body->osrv_mi,
1316 sizeof(participant->oki.mi)) != 0 ||
1317 ntohl(body->okn) != participant->oki.kn ||
1318 body->oan != participant->oan) {
1319 wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
1324 /* TODO: how to set the MACsec hardware when delay_protect is true */
1325 if (body->delay_protect && (!ntohl(body->llpn) || !ntohl(body->olpn))) {
1326 wpa_printf(MSG_WARNING,
1327 "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
1331 /* check all live peer have used the sak for receiving sa */
1332 all_receiving = TRUE;
1333 dl_list_for_each(peer, &participant->live_peers,
1334 struct ieee802_1x_kay_peer, list) {
1335 if (!peer->sak_used) {
1336 all_receiving = FALSE;
1340 if (all_receiving) {
1341 participant->to_dist_sak = FALSE;
1342 ieee802_1x_cp_set_allreceiving(participant->kay->cp, TRUE);
1343 ieee802_1x_cp_sm_step(participant->kay->cp);
1346 /* if i'm key server, and detects peer member pn exhaustion, rekey.*/
1347 lpn = ntohl(body->llpn);
1348 if (lpn > participant->kay->pn_exhaustion) {
1349 if (participant->is_key_server) {
1350 participant->new_sak = TRUE;
1351 wpa_printf(MSG_WARNING, "KaY: Peer LPN exhaustion");
1356 dl_list_for_each(txsa, &participant->txsc->sa_list,
1357 struct transmit_sa, list) {
1358 if (sa_key != NULL && txsa->pkey == sa_key) {
1364 wpa_printf(MSG_WARNING, "KaY: Can't find txsa");
1368 /* FIXME: Secy creates txsa with default npn. If MKA detected Latest Key
1369 * npn is larger than txsa's npn, set it to txsa.
1371 secy_get_transmit_next_pn(participant->kay, txsa);
1372 if (lpn > txsa->next_pn) {
1373 secy_set_transmit_next_pn(participant->kay, txsa);
1374 wpa_printf(MSG_INFO, "KaY: update lpn =0x%x", lpn);
1382 * ieee802_1x_mka_dist_sak_body_present
1385 ieee802_1x_mka_dist_sak_body_present(
1386 struct ieee802_1x_mka_participant *participant)
1388 if (!participant->to_dist_sak || !participant->new_key)
1396 * ieee802_1x_kay_get_dist_sak_length
1399 ieee802_1x_mka_get_dist_sak_length(
1400 struct ieee802_1x_mka_participant *participant)
1403 int cs_index = participant->kay->macsec_csindex;
1405 if (participant->advised_desired) {
1406 length = sizeof(struct ieee802_1x_mka_dist_sak_body);
1407 if (cs_index != DEFAULT_CS_INDEX)
1408 length += CS_ID_LEN;
1410 length += cipher_suite_tbl[cs_index].sak_len + 8;
1412 length = MKA_HDR_LEN;
1414 length = (length + 0x3) & ~0x3;
1421 * ieee802_1x_mka_encode_dist_sak_body -
1424 ieee802_1x_mka_encode_dist_sak_body(
1425 struct ieee802_1x_mka_participant *participant,
1428 struct ieee802_1x_mka_dist_sak_body *body;
1429 struct data_key *sak;
1430 unsigned int length;
1434 length = ieee802_1x_mka_get_dist_sak_length(participant);
1435 body = wpabuf_put(buf, length);
1436 body->type = MKA_DISTRIBUTED_SAK;
1437 set_mka_param_body_len(body, length - MKA_HDR_LEN);
1438 if (length == MKA_HDR_LEN) {
1439 body->confid_offset = 0;
1444 sak = participant->new_key;
1445 body->confid_offset = sak->confidentiality_offset;
1446 body->dan = sak->an;
1447 body->kn = host_to_be32(sak->key_identifier.kn);
1448 cs_index = participant->kay->macsec_csindex;
1450 if (cs_index != DEFAULT_CS_INDEX) {
1451 os_memcpy(body->sak, cipher_suite_tbl[cs_index].id, CS_ID_LEN);
1452 sak_pos = CS_ID_LEN;
1454 if (aes_wrap(participant->kek.key,
1455 cipher_suite_tbl[cs_index].sak_len / 8,
1456 sak->key, body->sak + sak_pos)) {
1457 wpa_printf(MSG_ERROR, "KaY: AES wrap failed");
1461 ieee802_1x_mka_dump_dist_sak_body(body);
1468 * ieee802_1x_kay_init_data_key -
1470 static struct data_key *
1471 ieee802_1x_kay_init_data_key(const struct key_conf *conf)
1473 struct data_key *pkey;
1478 pkey = os_zalloc(sizeof(*pkey));
1480 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
1484 pkey->key = os_zalloc(conf->key_len);
1485 if (pkey->key == NULL) {
1486 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
1491 os_memcpy(pkey->key, conf->key, conf->key_len);
1492 os_memcpy(&pkey->key_identifier, &conf->ki,
1493 sizeof(pkey->key_identifier));
1494 pkey->confidentiality_offset = conf->offset;
1495 pkey->an = conf->an;
1496 pkey->transmits = conf->tx;
1497 pkey->receives = conf->rx;
1498 os_get_time(&pkey->created_time);
1507 * ieee802_1x_kay_decode_dist_sak_body -
1510 ieee802_1x_mka_decode_dist_sak_body(
1511 struct ieee802_1x_mka_participant *participant,
1512 const u8 *mka_msg, size_t msg_len)
1514 struct ieee802_1x_mka_hdr *hdr;
1515 struct ieee802_1x_mka_dist_sak_body *body;
1516 struct ieee802_1x_kay_peer *peer;
1517 struct macsec_ciphersuite *cs;
1519 struct key_conf *conf;
1520 struct data_key *sa_key = NULL;
1521 struct ieee802_1x_mka_ki sak_ki;
1526 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1527 body_len = get_mka_param_body_len(hdr);
1528 if ((body_len != 0) && (body_len != 28) && (body_len < 36)) {
1529 wpa_printf(MSG_ERROR,
1530 "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 28, 36, or more octets",
1535 if (!participant->principal) {
1536 wpa_printf(MSG_ERROR,
1537 "KaY: I can't accept the distributed SAK as I am not principal");
1540 if (participant->is_key_server) {
1541 wpa_printf(MSG_ERROR,
1542 "KaY: I can't accept the distributed SAK as myself is key server ");
1545 if (!participant->kay->macsec_desired ||
1546 participant->kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
1547 wpa_printf(MSG_ERROR,
1548 "KaY: I am not MACsec-desired or without MACsec capable");
1552 peer = ieee802_1x_kay_get_live_peer(participant,
1553 participant->current_peer_id.mi);
1555 wpa_printf(MSG_ERROR,
1556 "KaY: The key server is not in my live peers list");
1559 if (os_memcmp(&participant->kay->key_server_sci,
1560 &peer->sci, sizeof(struct ieee802_1x_mka_sci)) != 0) {
1561 wpa_printf(MSG_ERROR, "KaY: The key server is not elected");
1564 if (body_len == 0) {
1565 participant->kay->authenticated = TRUE;
1566 participant->kay->secured = FALSE;
1567 participant->kay->failed = FALSE;
1568 participant->advised_desired = FALSE;
1569 ieee802_1x_cp_connect_authenticated(participant->kay->cp);
1570 ieee802_1x_cp_sm_step(participant->kay->cp);
1571 wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
1572 participant->to_use_sak = TRUE;
1575 participant->advised_desired = TRUE;
1576 participant->kay->authenticated = FALSE;
1577 participant->kay->secured = TRUE;
1578 participant->kay->failed = FALSE;
1579 ieee802_1x_cp_connect_secure(participant->kay->cp);
1580 ieee802_1x_cp_sm_step(participant->kay->cp);
1582 body = (struct ieee802_1x_mka_dist_sak_body *)mka_msg;
1583 ieee802_1x_mka_dump_dist_sak_body(body);
1584 dl_list_for_each(sa_key, &participant->sak_list, struct data_key, list)
1586 if (os_memcmp(sa_key->key_identifier.mi,
1587 participant->current_peer_id.mi, MI_LEN) == 0 &&
1588 sa_key->key_identifier.kn == be_to_host32(body->kn)) {
1589 wpa_printf(MSG_WARNING, "KaY:The Key has installed");
1593 if (body_len == 28) {
1594 sak_len = DEFAULT_SA_KEY_LEN;
1595 wrap_sak = body->sak;
1596 participant->kay->macsec_csindex = DEFAULT_CS_INDEX;
1598 cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
1600 wpa_printf(MSG_ERROR,
1601 "KaY: I can't support the Cipher Suite advised by key server");
1604 sak_len = cs->sak_len;
1605 wrap_sak = body->sak + CS_ID_LEN;
1606 participant->kay->macsec_csindex = cs->index;
1609 unwrap_sak = os_zalloc(sak_len);
1611 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1614 if (aes_unwrap(participant->kek.key, sak_len >> 3, wrap_sak,
1616 wpa_printf(MSG_ERROR, "KaY: AES unwrap failed");
1617 os_free(unwrap_sak);
1620 wpa_hexdump(MSG_DEBUG, "\tAES Key Unwrap of SAK:", unwrap_sak, sak_len);
1622 conf = os_zalloc(sizeof(*conf));
1624 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1625 os_free(unwrap_sak);
1628 conf->key_len = sak_len;
1630 conf->key = os_zalloc(conf->key_len);
1632 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1633 os_free(unwrap_sak);
1638 os_memcpy(conf->key, unwrap_sak, conf->key_len);
1640 os_memcpy(&sak_ki.mi, &participant->current_peer_id.mi,
1642 sak_ki.kn = be_to_host32(body->kn);
1644 os_memcpy(conf->ki.mi, sak_ki.mi, MI_LEN);
1645 conf->ki.kn = sak_ki.kn;
1646 conf->an = body->dan;
1647 conf->offset = body->confid_offset;
1651 sa_key = ieee802_1x_kay_init_data_key(conf);
1653 os_free(unwrap_sak);
1659 dl_list_add(&participant->sak_list, &sa_key->list);
1661 ieee802_1x_cp_set_ciphersuite(
1662 participant->kay->cp,
1663 cipher_suite_tbl[participant->kay->macsec_csindex].id);
1664 ieee802_1x_cp_sm_step(participant->kay->cp);
1665 ieee802_1x_cp_set_offset(participant->kay->cp, body->confid_offset);
1666 ieee802_1x_cp_sm_step(participant->kay->cp);
1667 ieee802_1x_cp_set_distributedki(participant->kay->cp, &sak_ki);
1668 ieee802_1x_cp_set_distributedan(participant->kay->cp, body->dan);
1669 ieee802_1x_cp_signal_newsak(participant->kay->cp);
1670 ieee802_1x_cp_sm_step(participant->kay->cp);
1672 participant->to_use_sak = TRUE;
1674 os_free(unwrap_sak);
1683 * ieee802_1x_mka_icv_body_present
1686 ieee802_1x_mka_icv_body_present(struct ieee802_1x_mka_participant *participant)
1693 * ieee802_1x_kay_get_icv_length
1696 ieee802_1x_mka_get_icv_length(struct ieee802_1x_mka_participant *participant)
1700 length = sizeof(struct ieee802_1x_mka_icv_body);
1701 length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
1703 return (length + 0x3) & ~0x3;
1708 * ieee802_1x_mka_encode_icv_body -
1711 ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
1714 struct ieee802_1x_mka_icv_body *body;
1715 unsigned int length;
1716 u8 cmac[MAX_ICV_LEN];
1718 length = ieee802_1x_mka_get_icv_length(participant);
1719 if (length != DEFAULT_ICV_LEN) {
1720 body = wpabuf_put(buf, MKA_HDR_LEN);
1721 body->type = MKA_ICV_INDICATOR;
1722 set_mka_param_body_len(body, length - MKA_HDR_LEN);
1725 if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
1726 participant->ick.key, wpabuf_head(buf), buf->used, cmac)) {
1727 wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
1731 if (length != DEFAULT_ICV_LEN) {
1732 os_memcpy(wpabuf_put(buf, length - MKA_HDR_LEN), cmac,
1733 length - MKA_HDR_LEN);
1735 os_memcpy(wpabuf_put(buf, length), cmac, length);
1742 * ieee802_1x_mka_decode_icv_body -
1745 ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
1746 const u8 *mka_msg, size_t msg_len)
1748 struct ieee802_1x_mka_hdr *hdr;
1749 struct ieee802_1x_mka_icv_body *body;
1757 while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
1758 hdr = (struct ieee802_1x_mka_hdr *) pos;
1759 body_len = get_mka_param_body_len(hdr);
1760 body_type = get_mka_param_body_type(hdr);
1762 if (left_len < (body_len + MKA_HDR_LEN))
1765 if (body_type != MKA_ICV_INDICATOR) {
1766 left_len -= MKA_HDR_LEN + body_len;
1767 pos += MKA_HDR_LEN + body_len;
1771 body = (struct ieee802_1x_mka_icv_body *)pos;
1773 < mka_alg_tbl[participant->kay->mka_algindex].icv_len) {
1780 return (u8 *) (mka_msg + msg_len - DEFAULT_ICV_LEN);
1785 * ieee802_1x_mka_decode_dist_cak_body-
1788 ieee802_1x_mka_decode_dist_cak_body(
1789 struct ieee802_1x_mka_participant *participant,
1790 const u8 *mka_msg, size_t msg_len)
1792 struct ieee802_1x_mka_hdr *hdr;
1795 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1796 body_len = get_mka_param_body_len(hdr);
1797 if (body_len < 28) {
1798 wpa_printf(MSG_ERROR,
1799 "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 28 or more octets",
1809 * ieee802_1x_mka_decode_kmd_body -
1812 ieee802_1x_mka_decode_kmd_body(
1813 struct ieee802_1x_mka_participant *participant,
1814 const u8 *mka_msg, size_t msg_len)
1816 struct ieee802_1x_mka_hdr *hdr;
1819 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1820 body_len = get_mka_param_body_len(hdr);
1822 wpa_printf(MSG_ERROR,
1823 "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 5 or more octets",
1833 * ieee802_1x_mka_decode_announce_body -
1835 static int ieee802_1x_mka_decode_announce_body(
1836 struct ieee802_1x_mka_participant *participant,
1837 const u8 *mka_msg, size_t msg_len)
1843 static struct mka_param_body_handler mak_body_handler[] = {
1844 /* basic parameter set */
1846 ieee802_1x_mka_encode_basic_body,
1848 ieee802_1x_mka_basic_body_length,
1849 ieee802_1x_mka_basic_body_present
1852 /* live peer list parameter set */
1854 ieee802_1x_mka_encode_live_peer_body,
1855 ieee802_1x_mka_decode_live_peer_body,
1856 ieee802_1x_mka_get_live_peer_length,
1857 ieee802_1x_mka_live_peer_body_present
1860 /* potential peer list parameter set */
1862 ieee802_1x_mka_encode_potential_peer_body,
1863 ieee802_1x_mka_decode_potential_peer_body,
1864 ieee802_1x_mka_get_potential_peer_length,
1865 ieee802_1x_mka_potential_peer_body_present
1868 /* sak use parameter set */
1870 ieee802_1x_mka_encode_sak_use_body,
1871 ieee802_1x_mka_decode_sak_use_body,
1872 ieee802_1x_mka_get_sak_use_length,
1873 ieee802_1x_mka_sak_use_body_present
1876 /* distribute sak parameter set */
1878 ieee802_1x_mka_encode_dist_sak_body,
1879 ieee802_1x_mka_decode_dist_sak_body,
1880 ieee802_1x_mka_get_dist_sak_length,
1881 ieee802_1x_mka_dist_sak_body_present
1884 /* distribute cak parameter set */
1887 ieee802_1x_mka_decode_dist_cak_body,
1892 /* kmd parameter set */
1895 ieee802_1x_mka_decode_kmd_body,
1900 /* announce parameter set */
1903 ieee802_1x_mka_decode_announce_body,
1908 /* icv parameter set */
1910 ieee802_1x_mka_encode_icv_body,
1912 ieee802_1x_mka_get_icv_length,
1913 ieee802_1x_mka_icv_body_present
1919 * ieee802_1x_kay_deinit_data_key -
1921 void ieee802_1x_kay_deinit_data_key(struct data_key *pkey)
1930 dl_list_del(&pkey->list);
1937 * ieee802_1x_kay_generate_new_sak -
1940 ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
1942 struct data_key *sa_key = NULL;
1943 struct key_conf *conf;
1944 struct ieee802_1x_kay_peer *peer;
1945 struct ieee802_1x_kay *kay = participant->kay;
1946 int ctx_len, ctx_offset;
1949 /* check condition for generating a fresh SAK:
1950 * must have one live peer
1951 * and MKA life time elapse since last distribution
1952 * or potential peer is empty
1954 if (dl_list_empty(&participant->live_peers)) {
1955 wpa_printf(MSG_ERROR,
1956 "KaY: Live peers list must not empty when generating fresh SAK");
1960 /* FIXME: A fresh SAK not generated until
1961 * the live peer list contains at least one peer and
1962 * MKA life time has elapsed since the prior SAK was first distributed,
1963 * or the Key server's potential peer is empty
1964 * but I can't understand the second item, so
1965 * here only check first item and ingore
1966 * && (!dl_list_empty(&participant->potential_peers))) {
1968 if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
1969 wpa_printf(MSG_ERROR,
1970 "KaY: Life time have not elapsed since prior SAK distributed");
1974 conf = os_zalloc(sizeof(*conf));
1976 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1979 conf->key_len = cipher_suite_tbl[kay->macsec_csindex].sak_len;
1981 conf->key = os_zalloc(conf->key_len);
1984 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1988 ctx_len = conf->key_len + sizeof(kay->dist_kn);
1989 dl_list_for_each(peer, &participant->live_peers,
1990 struct ieee802_1x_kay_peer, list)
1991 ctx_len += sizeof(peer->mi);
1992 ctx_len += sizeof(participant->mi);
1994 context = os_zalloc(ctx_len);
2001 os_get_random(context + ctx_offset, conf->key_len);
2002 ctx_offset += conf->key_len;
2003 dl_list_for_each(peer, &participant->live_peers,
2004 struct ieee802_1x_kay_peer, list) {
2005 os_memcpy(context + ctx_offset, peer->mi, sizeof(peer->mi));
2006 ctx_offset += sizeof(peer->mi);
2008 os_memcpy(context + ctx_offset, participant->mi,
2009 sizeof(participant->mi));
2010 ctx_offset += sizeof(participant->mi);
2011 os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
2013 if (conf->key_len == 16) {
2014 ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
2015 context, ctx_len, conf->key);
2016 } else if (conf->key_len == 32) {
2017 ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
2018 context, ctx_len, conf->key);
2020 wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
2026 wpa_hexdump(MSG_DEBUG, "KaY: generated new SAK",
2027 conf->key, conf->key_len);
2029 os_memcpy(conf->ki.mi, participant->mi, MI_LEN);
2030 conf->ki.kn = participant->kay->dist_kn;
2031 conf->an = participant->kay->dist_an;
2032 conf->offset = kay->macsec_confidentiality;
2036 sa_key = ieee802_1x_kay_init_data_key(conf);
2043 participant->new_key = sa_key;
2045 dl_list_add(&participant->sak_list, &sa_key->list);
2046 ieee802_1x_cp_set_ciphersuite(participant->kay->cp,
2047 cipher_suite_tbl[kay->macsec_csindex].id);
2048 ieee802_1x_cp_sm_step(kay->cp);
2049 ieee802_1x_cp_set_offset(kay->cp, conf->offset);
2050 ieee802_1x_cp_sm_step(kay->cp);
2051 ieee802_1x_cp_set_distributedki(kay->cp, &conf->ki);
2052 ieee802_1x_cp_set_distributedan(kay->cp, conf->an);
2053 ieee802_1x_cp_signal_newsak(kay->cp);
2054 ieee802_1x_cp_sm_step(kay->cp);
2056 dl_list_for_each(peer, &participant->live_peers,
2057 struct ieee802_1x_kay_peer, list)
2058 peer->sak_used = FALSE;
2060 participant->kay->dist_kn++;
2061 participant->kay->dist_an++;
2062 if (participant->kay->dist_an > 3)
2063 participant->kay->dist_an = 0;
2065 participant->kay->dist_time = time(NULL);
2075 * ieee802_1x_kay_elect_key_server - elect the key server
2076 * when to elect: whenever the live peers list changes
2079 ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
2081 struct ieee802_1x_kay_peer *peer;
2082 struct ieee802_1x_kay_peer *key_server = NULL;
2083 struct ieee802_1x_kay *kay = participant->kay;
2084 Boolean i_is_key_server;
2087 if (participant->is_obliged_key_server) {
2088 participant->new_sak = TRUE;
2089 participant->to_dist_sak = FALSE;
2090 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2094 /* elect the key server among the peers */
2095 dl_list_for_each(peer, &participant->live_peers,
2096 struct ieee802_1x_kay_peer, list) {
2097 if (!peer->is_key_server)
2105 if (peer->key_server_priority <
2106 key_server->key_server_priority) {
2108 } else if (peer->key_server_priority ==
2109 key_server->key_server_priority) {
2110 for (i = 0; i < 6; i++) {
2111 if (peer->sci.addr[i] <
2112 key_server->sci.addr[i])
2118 /* elect the key server between me and the above elected peer */
2119 i_is_key_server = FALSE;
2120 if (key_server && participant->can_be_key_server) {
2121 if (kay->actor_priority
2122 < key_server->key_server_priority) {
2123 i_is_key_server = TRUE;
2124 } else if (kay->actor_priority
2125 == key_server->key_server_priority) {
2126 for (i = 0; i < 6; i++) {
2127 if (kay->actor_sci.addr[i]
2128 < key_server->sci.addr[i]) {
2129 i_is_key_server = TRUE;
2135 if (!key_server && !i_is_key_server) {
2136 participant->principal = FALSE;
2137 participant->is_key_server = FALSE;
2138 participant->is_elected = FALSE;
2142 if (i_is_key_server) {
2143 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2144 if (os_memcmp(&kay->key_server_sci, &kay->actor_sci,
2145 sizeof(kay->key_server_sci))) {
2146 ieee802_1x_cp_signal_chgdserver(kay->cp);
2147 ieee802_1x_cp_sm_step(kay->cp);
2150 participant->is_key_server = TRUE;
2151 participant->principal = TRUE;
2152 participant->new_sak = TRUE;
2153 wpa_printf(MSG_DEBUG, "KaY: I is elected as key server");
2154 participant->to_dist_sak = FALSE;
2155 participant->is_elected = TRUE;
2157 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
2158 sizeof(kay->key_server_sci));
2159 kay->key_server_priority = kay->actor_priority;
2163 ieee802_1x_cp_set_electedself(kay->cp, FALSE);
2164 if (os_memcmp(&kay->key_server_sci, &key_server->sci,
2165 sizeof(kay->key_server_sci))) {
2166 ieee802_1x_cp_signal_chgdserver(kay->cp);
2167 ieee802_1x_cp_sm_step(kay->cp);
2170 participant->is_key_server = FALSE;
2171 participant->principal = TRUE;
2172 participant->is_elected = TRUE;
2174 os_memcpy(&kay->key_server_sci, &key_server->sci,
2175 sizeof(kay->key_server_sci));
2176 kay->key_server_priority = key_server->key_server_priority;
2184 * ieee802_1x_kay_decide_macsec_use - the key server determinate
2185 * how to use MACsec: whether use MACsec and its capability
2186 * protectFrames will be advised if the key server and one of its live peers are
2187 * MACsec capable and one of those request MACsec protection
2190 ieee802_1x_kay_decide_macsec_use(
2191 struct ieee802_1x_mka_participant *participant)
2193 struct ieee802_1x_kay *kay = participant->kay;
2194 struct ieee802_1x_kay_peer *peer;
2195 enum macsec_cap less_capability;
2198 if (!participant->is_key_server)
2201 /* key server self is MACsec-desired and requesting MACsec */
2202 if (!kay->macsec_desired) {
2203 participant->advised_desired = FALSE;
2206 if (kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
2207 participant->advised_desired = FALSE;
2210 less_capability = kay->macsec_capable;
2212 /* at least one of peers is MACsec-desired and requesting MACsec */
2214 dl_list_for_each(peer, &participant->live_peers,
2215 struct ieee802_1x_kay_peer, list) {
2216 if (!peer->macsec_desired)
2219 if (peer->macsec_capbility == MACSEC_CAP_NOT_IMPLEMENTED)
2222 less_capability = (less_capability < peer->macsec_capbility) ?
2223 less_capability : peer->macsec_capbility;
2228 participant->advised_desired = TRUE;
2229 participant->advised_capability = less_capability;
2230 kay->authenticated = FALSE;
2231 kay->secured = TRUE;
2232 kay->failed = FALSE;
2233 ieee802_1x_cp_connect_secure(kay->cp);
2234 ieee802_1x_cp_sm_step(kay->cp);
2236 participant->advised_desired = FALSE;
2237 participant->advised_capability = MACSEC_CAP_NOT_IMPLEMENTED;
2238 participant->to_use_sak = FALSE;
2239 kay->authenticated = TRUE;
2240 kay->secured = FALSE;
2241 kay->failed = FALSE;
2250 ieee802_1x_cp_connect_authenticated(kay->cp);
2251 ieee802_1x_cp_sm_step(kay->cp);
2257 static const u8 pae_group_addr[ETH_ALEN] = {
2258 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03
2263 * ieee802_1x_kay_encode_mkpdu -
2266 ieee802_1x_kay_encode_mkpdu(struct ieee802_1x_mka_participant *participant,
2267 struct wpabuf *pbuf)
2270 struct ieee8023_hdr *ether_hdr;
2271 struct ieee802_1x_hdr *eapol_hdr;
2273 ether_hdr = wpabuf_put(pbuf, sizeof(*ether_hdr));
2274 os_memcpy(ether_hdr->dest, pae_group_addr, sizeof(ether_hdr->dest));
2275 os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr,
2276 sizeof(ether_hdr->dest));
2277 ether_hdr->ethertype = host_to_be16(ETH_P_EAPOL);
2279 eapol_hdr = wpabuf_put(pbuf, sizeof(*eapol_hdr));
2280 eapol_hdr->version = EAPOL_VERSION;
2281 eapol_hdr->type = IEEE802_1X_TYPE_EAPOL_MKA;
2282 eapol_hdr->length = host_to_be16(pbuf->size - pbuf->used);
2284 for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
2285 if (mak_body_handler[i].body_present &&
2286 mak_body_handler[i].body_present(participant)) {
2287 if (mak_body_handler[i].body_tx(participant, pbuf))
2296 * ieee802_1x_participant_send_mkpdu -
2299 ieee802_1x_participant_send_mkpdu(
2300 struct ieee802_1x_mka_participant *participant)
2303 struct ieee802_1x_kay *kay = participant->kay;
2307 wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU");
2308 length += sizeof(struct ieee802_1x_hdr) + sizeof(struct ieee8023_hdr);
2309 for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
2310 if (mak_body_handler[i].body_present &&
2311 mak_body_handler[i].body_present(participant))
2312 length += mak_body_handler[i].body_length(participant);
2315 buf = wpabuf_alloc(length);
2317 wpa_printf(MSG_ERROR, "KaY: out of memory");
2321 if (ieee802_1x_kay_encode_mkpdu(participant, buf)) {
2322 wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail!");
2326 l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf));
2330 participant->active = TRUE;
2336 static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa);
2338 * ieee802_1x_participant_timer -
2340 static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
2342 struct ieee802_1x_mka_participant *participant;
2343 struct ieee802_1x_kay *kay;
2344 struct ieee802_1x_kay_peer *peer, *pre_peer;
2345 time_t now = time(NULL);
2347 struct receive_sc *rxsc, *pre_rxsc;
2348 struct transmit_sa *txsa, *pre_txsa;
2350 participant = (struct ieee802_1x_mka_participant *)eloop_ctx;
2351 kay = participant->kay;
2352 if (participant->cak_life) {
2353 if (now > participant->cak_life) {
2354 kay->authenticated = FALSE;
2355 kay->secured = FALSE;
2357 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
2362 /* should delete MKA instance if there are not live peers
2363 * when the MKA life elapsed since its creating */
2364 if (participant->mka_life) {
2365 if (dl_list_empty(&participant->live_peers)) {
2366 if (now > participant->mka_life) {
2367 kay->authenticated = FALSE;
2368 kay->secured = FALSE;
2370 ieee802_1x_kay_delete_mka(kay,
2375 participant->mka_life = 0;
2380 dl_list_for_each_safe(peer, pre_peer, &participant->live_peers,
2381 struct ieee802_1x_kay_peer, list) {
2382 if (now > peer->expire) {
2383 wpa_printf(MSG_DEBUG, "KaY: Live peer removed");
2384 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
2386 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
2387 dl_list_for_each_safe(rxsc, pre_rxsc,
2388 &participant->rxsc_list,
2389 struct receive_sc, list) {
2390 if (os_memcmp(&rxsc->sci, &peer->sci,
2391 sizeof(rxsc->sci)) == 0) {
2392 secy_delete_receive_sc(kay, rxsc);
2393 ieee802_1x_kay_deinit_receive_sc(
2397 dl_list_del(&peer->list);
2404 if (dl_list_empty(&participant->live_peers)) {
2405 participant->advised_desired = FALSE;
2406 participant->advised_capability =
2407 MACSEC_CAP_NOT_IMPLEMENTED;
2408 participant->to_use_sak = FALSE;
2409 kay->authenticated = TRUE;
2410 kay->secured = FALSE;
2411 kay->failed = FALSE;
2420 dl_list_for_each_safe(txsa, pre_txsa,
2421 &participant->txsc->sa_list,
2422 struct transmit_sa, list) {
2423 secy_disable_transmit_sa(kay, txsa);
2424 ieee802_1x_kay_deinit_transmit_sa(txsa);
2427 ieee802_1x_cp_connect_authenticated(kay->cp);
2428 ieee802_1x_cp_sm_step(kay->cp);
2430 ieee802_1x_kay_elect_key_server(participant);
2431 ieee802_1x_kay_decide_macsec_use(participant);
2435 dl_list_for_each_safe(peer, pre_peer, &participant->potential_peers,
2436 struct ieee802_1x_kay_peer, list) {
2437 if (now > peer->expire) {
2438 wpa_printf(MSG_DEBUG, "KaY: Potential peer removed");
2439 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
2441 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
2442 dl_list_del(&peer->list);
2447 if (participant->new_sak) {
2448 if (!ieee802_1x_kay_generate_new_sak(participant))
2449 participant->to_dist_sak = TRUE;
2451 participant->new_sak = FALSE;
2454 if (participant->retry_count < MAX_RETRY_CNT) {
2455 ieee802_1x_participant_send_mkpdu(participant);
2456 participant->retry_count++;
2459 eloop_register_timeout(MKA_HELLO_TIME / 1000, 0,
2460 ieee802_1x_participant_timer,
2466 * ieee802_1x_kay_init_transmit_sa -
2468 static struct transmit_sa *
2469 ieee802_1x_kay_init_transmit_sa(struct transmit_sc *psc, u8 an, u32 next_PN,
2470 struct data_key *key)
2472 struct transmit_sa *psa;
2474 key->tx_latest = TRUE;
2475 key->rx_latest = TRUE;
2477 psa = os_zalloc(sizeof(*psa));
2479 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
2483 if (key->confidentiality_offset >= CONFIDENTIALITY_OFFSET_0 &&
2484 key->confidentiality_offset <= CONFIDENTIALITY_OFFSET_50)
2485 psa->confidentiality = TRUE;
2487 psa->confidentiality = FALSE;
2491 psa->next_pn = next_PN;
2494 os_get_time(&psa->created_time);
2495 psa->in_use = FALSE;
2497 dl_list_add(&psc->sa_list, &psa->list);
2498 wpa_printf(MSG_DEBUG,
2499 "KaY: Create transmit SA(an: %d, next_PN: %u) of SC(channel: %d)",
2500 (int) an, next_PN, psc->channel);
2507 * ieee802_1x_kay_deinit_transmit_sa -
2509 static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa)
2512 wpa_printf(MSG_DEBUG,
2513 "KaY: Delete transmit SA(an: %d) of SC(channel: %d)",
2514 psa->an, psa->sc->channel);
2515 dl_list_del(&psa->list);
2521 * init_transmit_sc -
2523 static struct transmit_sc *
2524 ieee802_1x_kay_init_transmit_sc(const struct ieee802_1x_mka_sci *sci,
2527 struct transmit_sc *psc;
2529 psc = os_zalloc(sizeof(*psc));
2531 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
2534 os_memcpy(&psc->sci, sci, sizeof(psc->sci));
2535 psc->channel = channel;
2537 os_get_time(&psc->created_time);
2538 psc->transmitting = FALSE;
2539 psc->encoding_sa = FALSE;
2540 psc->enciphering_sa = FALSE;
2542 dl_list_init(&psc->sa_list);
2543 wpa_printf(MSG_DEBUG, "KaY: Create transmit SC(channel: %d)", channel);
2544 wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)sci , sizeof(*sci));
2551 * ieee802_1x_kay_deinit_transmit_sc -
2554 ieee802_1x_kay_deinit_transmit_sc(
2555 struct ieee802_1x_mka_participant *participant, struct transmit_sc *psc)
2557 struct transmit_sa *psa, *tmp;
2559 wpa_printf(MSG_DEBUG, "KaY: Delete transmit SC(channel: %d)",
2561 dl_list_for_each_safe(psa, tmp, &psc->sa_list, struct transmit_sa,
2563 secy_disable_transmit_sa(participant->kay, psa);
2564 ieee802_1x_kay_deinit_transmit_sa(psa);
2571 /****************** Interface between CP and KAY *********************/
2573 * ieee802_1x_kay_set_latest_sa_attr -
2575 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
2576 struct ieee802_1x_mka_ki *lki, u8 lan,
2577 Boolean ltx, Boolean lrx)
2579 struct ieee802_1x_mka_participant *principal;
2581 principal = ieee802_1x_kay_get_principal_participant(kay);
2586 os_memset(&principal->lki, 0, sizeof(principal->lki));
2588 os_memcpy(&principal->lki, lki, sizeof(principal->lki));
2590 principal->lan = lan;
2591 principal->ltx = ltx;
2592 principal->lrx = lrx;
2597 kay->ltx_kn = lki->kn;
2598 kay->lrx_kn = lki->kn;
2608 * ieee802_1x_kay_set_old_sa_attr -
2610 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
2611 struct ieee802_1x_mka_ki *oki,
2612 u8 oan, Boolean otx, Boolean orx)
2614 struct ieee802_1x_mka_participant *principal;
2616 principal = ieee802_1x_kay_get_principal_participant(kay);
2621 os_memset(&principal->oki, 0, sizeof(principal->oki));
2623 os_memcpy(&principal->oki, oki, sizeof(principal->oki));
2625 principal->oan = oan;
2626 principal->otx = otx;
2627 principal->orx = orx;
2633 kay->otx_kn = oki->kn;
2634 kay->orx_kn = oki->kn;
2644 * ieee802_1x_kay_create_sas -
2646 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
2647 struct ieee802_1x_mka_ki *lki)
2649 struct data_key *sa_key, *latest_sak;
2650 struct ieee802_1x_mka_participant *principal;
2651 struct receive_sc *rxsc;
2652 struct receive_sa *rxsa;
2653 struct transmit_sa *txsa;
2655 principal = ieee802_1x_kay_get_principal_participant(kay);
2660 dl_list_for_each(sa_key, &principal->sak_list, struct data_key, list) {
2661 if (is_ki_equal(&sa_key->key_identifier, lki)) {
2662 sa_key->rx_latest = TRUE;
2663 sa_key->tx_latest = TRUE;
2664 latest_sak = sa_key;
2665 principal->to_use_sak = TRUE;
2667 sa_key->rx_latest = FALSE;
2668 sa_key->tx_latest = FALSE;
2672 wpa_printf(MSG_ERROR, "lki related sak not found");
2676 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2677 rxsa = ieee802_1x_kay_init_receive_sa(rxsc, latest_sak->an, 1,
2682 secy_create_receive_sa(kay, rxsa);
2685 txsa = ieee802_1x_kay_init_transmit_sa(principal->txsc, latest_sak->an,
2690 secy_create_transmit_sa(kay, txsa);
2699 * ieee802_1x_kay_delete_sas -
2701 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
2702 struct ieee802_1x_mka_ki *ki)
2704 struct data_key *sa_key, *pre_key;
2705 struct transmit_sa *txsa, *pre_txsa;
2706 struct receive_sa *rxsa, *pre_rxsa;
2707 struct receive_sc *rxsc;
2708 struct ieee802_1x_mka_participant *principal;
2710 wpa_printf(MSG_DEBUG, "KaY: Entry into %s", __func__);
2711 principal = ieee802_1x_kay_get_principal_participant(kay);
2715 /* remove the transmit sa */
2716 dl_list_for_each_safe(txsa, pre_txsa, &principal->txsc->sa_list,
2717 struct transmit_sa, list) {
2718 if (is_ki_equal(&txsa->pkey->key_identifier, ki)) {
2719 secy_disable_transmit_sa(kay, txsa);
2720 ieee802_1x_kay_deinit_transmit_sa(txsa);
2724 /* remove the receive sa */
2725 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2726 dl_list_for_each_safe(rxsa, pre_rxsa, &rxsc->sa_list,
2727 struct receive_sa, list) {
2728 if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
2729 secy_disable_receive_sa(kay, rxsa);
2730 ieee802_1x_kay_deinit_receive_sa(rxsa);
2735 /* remove the sak */
2736 dl_list_for_each_safe(sa_key, pre_key, &principal->sak_list,
2737 struct data_key, list) {
2738 if (is_ki_equal(&sa_key->key_identifier, ki)) {
2739 ieee802_1x_kay_deinit_data_key(sa_key);
2742 if (principal->new_key == sa_key)
2743 principal->new_key = NULL;
2751 * ieee802_1x_kay_enable_tx_sas -
2753 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
2754 struct ieee802_1x_mka_ki *lki)
2756 struct ieee802_1x_mka_participant *principal;
2757 struct transmit_sa *txsa;
2759 principal = ieee802_1x_kay_get_principal_participant(kay);
2763 dl_list_for_each(txsa, &principal->txsc->sa_list, struct transmit_sa,
2765 if (is_ki_equal(&txsa->pkey->key_identifier, lki)) {
2766 txsa->in_use = TRUE;
2767 secy_enable_transmit_sa(kay, txsa);
2768 ieee802_1x_cp_set_usingtransmitas(
2769 principal->kay->cp, TRUE);
2770 ieee802_1x_cp_sm_step(principal->kay->cp);
2779 * ieee802_1x_kay_enable_rx_sas -
2781 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
2782 struct ieee802_1x_mka_ki *lki)
2784 struct ieee802_1x_mka_participant *principal;
2785 struct receive_sa *rxsa;
2786 struct receive_sc *rxsc;
2788 principal = ieee802_1x_kay_get_principal_participant(kay);
2792 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2793 dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
2795 if (is_ki_equal(&rxsa->pkey->key_identifier, lki)) {
2796 rxsa->in_use = TRUE;
2797 secy_enable_receive_sa(kay, rxsa);
2798 ieee802_1x_cp_set_usingreceivesas(
2799 principal->kay->cp, TRUE);
2800 ieee802_1x_cp_sm_step(principal->kay->cp);
2810 * ieee802_1x_kay_enable_new_info -
2812 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
2814 struct ieee802_1x_mka_participant *principal;
2816 principal = ieee802_1x_kay_get_principal_participant(kay);
2820 if (principal->retry_count < MAX_RETRY_CNT) {
2821 ieee802_1x_participant_send_mkpdu(principal);
2822 principal->retry_count++;
2830 * ieee802_1x_kay_cp_conf -
2832 int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay,
2833 struct ieee802_1x_cp_conf *pconf)
2835 pconf->protect = kay->macsec_protect;
2836 pconf->replay_protect = kay->macsec_replay_protect;
2837 pconf->validate = kay->macsec_validate;
2844 * ieee802_1x_kay_alloc_cp_sm -
2846 static struct ieee802_1x_cp_sm *
2847 ieee802_1x_kay_alloc_cp_sm(struct ieee802_1x_kay *kay)
2849 struct ieee802_1x_cp_conf conf;
2851 os_memset(&conf, 0, sizeof(conf));
2852 conf.protect = kay->macsec_protect;
2853 conf.replay_protect = kay->macsec_replay_protect;
2854 conf.validate = kay->macsec_validate;
2855 conf.replay_window = kay->macsec_replay_window;
2857 return ieee802_1x_cp_sm_init(kay, &conf);
2862 * ieee802_1x_kay_mkpdu_sanity_check -
2863 * sanity check specified in clause 11.11.2 of IEEE802.1X-2010
2865 static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
2866 const u8 *buf, size_t len)
2868 struct ieee8023_hdr *eth_hdr;
2869 struct ieee802_1x_hdr *eapol_hdr;
2870 struct ieee802_1x_mka_hdr *mka_hdr;
2871 struct ieee802_1x_mka_basic_body *body;
2873 struct ieee802_1x_mka_participant *participant;
2875 u8 icv[MAX_ICV_LEN];
2878 eth_hdr = (struct ieee8023_hdr *) buf;
2879 eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
2880 mka_hdr = (struct ieee802_1x_mka_hdr *) (eapol_hdr + 1);
2882 /* destination address should be not individual address */
2883 if (os_memcmp(eth_hdr->dest, pae_group_addr, ETH_ALEN) != 0) {
2884 wpa_printf(MSG_MSGDUMP,
2885 "KaY: ethernet destination address is not PAE group address");
2889 /* MKPDU should not less than 32 octets */
2890 mka_msg_len = be_to_host16(eapol_hdr->length);
2891 if (mka_msg_len < 32) {
2892 wpa_printf(MSG_MSGDUMP, "KaY: MKPDU is less than 32 octets");
2895 /* MKPDU should multiple 4 octets */
2896 if ((mka_msg_len % 4) != 0) {
2897 wpa_printf(MSG_MSGDUMP,
2898 "KaY: MKPDU is not multiple of 4 octets");
2902 body = (struct ieee802_1x_mka_basic_body *) mka_hdr;
2903 ieee802_1x_mka_dump_basic_body(body);
2904 body_len = get_mka_param_body_len(body);
2905 /* EAPOL-MKA body should comprise basic parameter set and ICV */
2906 if (mka_msg_len < MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN) {
2907 wpa_printf(MSG_ERROR,
2908 "KaY: Received EAPOL-MKA Packet Body Length (%d bytes) is less than the Basic Parameter Set Header Length (%d bytes) + the Basic Parameter Set Body Length (%d bytes) + %d bytes of ICV",
2909 (int) mka_msg_len, (int) MKA_HDR_LEN,
2910 (int) body_len, DEFAULT_ICV_LEN);
2914 /* CKN should be owned by I */
2915 participant = ieee802_1x_kay_get_participant(kay, body->ckn);
2917 wpa_printf(MSG_DEBUG, "CKN is not included in my CA");
2921 /* algorithm agility check */
2922 if (os_memcmp(body->algo_agility, mka_algo_agility,
2923 sizeof(body->algo_agility)) != 0) {
2924 wpa_printf(MSG_ERROR,
2925 "KaY: peer's algorithm agility not supported for me");
2931 * The ICV will comprise the final octets of the packet body, whatever
2932 * its size, not the fixed length 16 octets, indicated by the EAPOL
2933 * packet body length.
2935 if (mka_alg_tbl[kay->mka_algindex].icv_hash(
2936 participant->ick.key,
2937 buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
2938 wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
2941 msg_icv = ieee802_1x_mka_decode_icv_body(participant, (u8 *) mka_hdr,
2945 if (os_memcmp_const(msg_icv, icv,
2946 mka_alg_tbl[kay->mka_algindex].icv_len) !=
2948 wpa_printf(MSG_ERROR,
2949 "KaY: Computed ICV is not equal to Received ICV");
2953 wpa_printf(MSG_ERROR, "KaY: No ICV");
2962 * ieee802_1x_kay_decode_mkpdu -
2964 static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
2965 const u8 *buf, size_t len)
2967 struct ieee802_1x_mka_participant *participant;
2968 struct ieee802_1x_mka_hdr *hdr;
2974 Boolean my_included;
2975 Boolean handled[256];
2977 if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len))
2980 /* handle basic parameter set */
2981 pos = buf + sizeof(struct ieee8023_hdr) + sizeof(struct ieee802_1x_hdr);
2982 left_len = len - sizeof(struct ieee8023_hdr) -
2983 sizeof(struct ieee802_1x_hdr);
2984 participant = ieee802_1x_mka_decode_basic_body(kay, pos, left_len);
2988 /* to skip basic parameter set */
2989 hdr = (struct ieee802_1x_mka_hdr *) pos;
2990 body_len = get_mka_param_body_len(hdr);
2991 pos += body_len + MKA_HDR_LEN;
2992 left_len -= body_len + MKA_HDR_LEN;
2994 /* check i am in the peer's peer list */
2995 my_included = ieee802_1x_mka_i_in_peerlist(participant, pos, left_len);
2997 /* accept the peer as live peer */
2998 if (!ieee802_1x_kay_is_in_peer(
3000 participant->current_peer_id.mi)) {
3001 if (!ieee802_1x_kay_create_live_peer(
3003 participant->current_peer_id.mi,
3004 participant->current_peer_id.mn))
3006 ieee802_1x_kay_elect_key_server(participant);
3007 ieee802_1x_kay_decide_macsec_use(participant);
3009 if (ieee802_1x_kay_is_in_potential_peer(
3010 participant, participant->current_peer_id.mi)) {
3011 ieee802_1x_kay_move_live_peer(
3012 participant, participant->current_peer_id.mi,
3013 participant->current_peer_id.mn);
3014 ieee802_1x_kay_elect_key_server(participant);
3015 ieee802_1x_kay_decide_macsec_use(participant);
3020 * Handle other parameter set than basic parameter set.
3021 * Each parameter set should be present only once.
3023 for (i = 0; i < 256; i++)
3027 while (left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN) {
3028 hdr = (struct ieee802_1x_mka_hdr *) pos;
3029 body_len = get_mka_param_body_len(hdr);
3030 body_type = get_mka_param_body_type(hdr);
3032 if (body_type == MKA_ICV_INDICATOR)
3035 if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
3036 wpa_printf(MSG_ERROR,
3037 "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
3038 (int) left_len, (int) MKA_HDR_LEN,
3039 (int) body_len, DEFAULT_ICV_LEN);
3043 if (handled[body_type])
3046 handled[body_type] = TRUE;
3047 if (mak_body_handler[body_type].body_rx) {
3048 mak_body_handler[body_type].body_rx
3049 (participant, pos, left_len);
3051 wpa_printf(MSG_ERROR,
3052 "The type %d not supported in this MKA version %d",
3053 body_type, MKA_VERSION_ID);
3057 pos += body_len + MKA_HDR_LEN;
3058 left_len -= body_len + MKA_HDR_LEN;
3062 participant->retry_count = 0;
3063 participant->active = TRUE;
3070 static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
3073 struct ieee802_1x_kay *kay = ctx;
3074 struct ieee8023_hdr *eth_hdr;
3075 struct ieee802_1x_hdr *eapol_hdr;
3077 /* must contain at least ieee8023_hdr + ieee802_1x_hdr */
3078 if (len < sizeof(*eth_hdr) + sizeof(*eapol_hdr)) {
3079 wpa_printf(MSG_MSGDUMP, "KaY: EAPOL frame too short (%lu)",
3080 (unsigned long) len);
3084 eth_hdr = (struct ieee8023_hdr *) buf;
3085 eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
3086 if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
3087 ntohs(eapol_hdr->length)) {
3088 wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
3089 (unsigned long) len,
3090 (unsigned long) ntohs(eapol_hdr->length));
3094 if (eapol_hdr->version < EAPOL_VERSION) {
3095 wpa_printf(MSG_MSGDUMP, "KaY: version %d does not support MKA",
3096 eapol_hdr->version);
3099 if (ntohs(eth_hdr->ethertype) != ETH_P_PAE ||
3100 eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
3103 wpa_hexdump(MSG_DEBUG, "RX EAPOL-MKA: ", buf, len);
3104 if (dl_list_empty(&kay->participant_list)) {
3105 wpa_printf(MSG_ERROR, "KaY: no MKA participant instance");
3109 ieee802_1x_kay_decode_mkpdu(kay, buf, len);
3114 * ieee802_1x_kay_init -
3116 struct ieee802_1x_kay *
3117 ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
3118 const char *ifname, const u8 *addr)
3120 struct ieee802_1x_kay *kay;
3122 kay = os_zalloc(sizeof(*kay));
3124 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3131 kay->active = FALSE;
3133 kay->authenticated = FALSE;
3134 kay->secured = FALSE;
3135 kay->failed = FALSE;
3136 kay->policy = policy;
3138 os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
3139 os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
3140 kay->actor_sci.port = 0x0001;
3141 kay->actor_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
3143 /* While actor acts as a key server, shall distribute sakey */
3148 kay->pn_exhaustion = PENDING_PN_EXHAUSTION;
3149 kay->macsec_csindex = DEFAULT_CS_INDEX;
3150 kay->mka_algindex = DEFAULT_MKA_ALG_INDEX;
3151 kay->mka_version = MKA_VERSION_ID;
3153 os_memcpy(kay->algo_agility, mka_algo_agility,
3154 sizeof(kay->algo_agility));
3156 dl_list_init(&kay->participant_list);
3158 if (policy == DO_NOT_SECURE) {
3159 kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
3160 kay->macsec_desired = FALSE;
3161 kay->macsec_protect = FALSE;
3162 kay->macsec_validate = FALSE;
3163 kay->macsec_replay_protect = FALSE;
3164 kay->macsec_replay_window = 0;
3165 kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
3167 kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
3168 kay->macsec_desired = TRUE;
3169 kay->macsec_protect = TRUE;
3170 kay->macsec_validate = TRUE;
3171 kay->macsec_replay_protect = FALSE;
3172 kay->macsec_replay_window = 0;
3173 kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
3176 wpa_printf(MSG_DEBUG, "KaY: state machine created");
3178 /* Initialize the SecY must be prio to CP, as CP will control SecY */
3179 secy_init_macsec(kay);
3180 secy_get_available_transmit_sc(kay, &kay->sc_ch);
3182 wpa_printf(MSG_DEBUG, "KaY: secy init macsec done");
3185 kay->cp = ieee802_1x_kay_alloc_cp_sm(kay);
3186 if (kay->cp == NULL) {
3187 ieee802_1x_kay_deinit(kay);
3191 if (policy == DO_NOT_SECURE) {
3192 ieee802_1x_cp_connect_authenticated(kay->cp);
3193 ieee802_1x_cp_sm_step(kay->cp);
3195 kay->l2_mka = l2_packet_init(kay->if_name, NULL, ETH_P_PAE,
3196 kay_l2_receive, kay, 1);
3197 if (kay->l2_mka == NULL) {
3198 wpa_printf(MSG_WARNING,
3199 "KaY: Failed to initialize L2 packet processing for MKA packet");
3200 ieee802_1x_kay_deinit(kay);
3210 * ieee802_1x_kay_deinit -
3213 ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay)
3215 struct ieee802_1x_mka_participant *participant;
3220 wpa_printf(MSG_DEBUG, "KaY: state machine removed");
3222 while (!dl_list_empty(&kay->participant_list)) {
3223 participant = dl_list_entry(kay->participant_list.next,
3224 struct ieee802_1x_mka_participant,
3226 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
3229 ieee802_1x_cp_sm_deinit(kay->cp);
3230 secy_deinit_macsec(kay);
3233 l2_packet_deinit(kay->l2_mka);
3243 * ieee802_1x_kay_create_mka -
3245 struct ieee802_1x_mka_participant *
3246 ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
3247 struct mka_key *cak, u32 life,
3248 enum mka_created_mode mode, Boolean is_authenticator)
3250 struct ieee802_1x_mka_participant *participant;
3253 if (!kay || !ckn || !cak) {
3254 wpa_printf(MSG_ERROR, "KaY: ckn or cak is null");
3258 if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
3259 wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
3262 if (ckn->len > MAX_CKN_LEN) {
3263 wpa_printf(MSG_ERROR, "KaY: CKN is out of range(<=32 bytes)");
3267 wpa_printf(MSG_ERROR, "KaY: Now is at disable state");
3271 participant = os_zalloc(sizeof(*participant));
3273 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3277 participant->ckn.len = ckn->len;
3278 os_memcpy(participant->ckn.name, ckn->name, ckn->len);
3279 participant->cak.len = cak->len;
3280 os_memcpy(participant->cak.key, cak->key, cak->len);
3282 participant->cak_life = life + time(NULL);
3286 if (is_authenticator) {
3287 participant->is_obliged_key_server = TRUE;
3288 participant->can_be_key_server = TRUE;
3289 participant->is_key_server = TRUE;
3290 participant->principal = TRUE;
3292 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
3293 sizeof(kay->key_server_sci));
3294 kay->key_server_priority = kay->actor_priority;
3295 participant->is_elected = TRUE;
3297 participant->is_obliged_key_server = FALSE;
3298 participant->can_be_key_server = FALSE;
3299 participant->is_key_server = FALSE;
3300 participant->is_elected = TRUE;
3305 participant->is_obliged_key_server = FALSE;
3306 participant->can_be_key_server = TRUE;
3307 participant->is_key_server = FALSE;
3308 participant->is_elected = FALSE;
3312 participant->cached = FALSE;
3314 participant->active = FALSE;
3315 participant->participant = FALSE;
3316 participant->retain = FALSE;
3317 participant->activate = DEFAULT;
3319 if (participant->is_key_server)
3320 participant->principal = TRUE;
3322 dl_list_init(&participant->live_peers);
3323 dl_list_init(&participant->potential_peers);
3325 participant->retry_count = 0;
3326 participant->kay = kay;
3328 os_get_random(participant->mi, sizeof(participant->mi));
3329 participant->mn = 0;
3331 participant->lrx = FALSE;
3332 participant->ltx = FALSE;
3333 participant->orx = FALSE;
3334 participant->otx = FALSE;
3335 participant->to_dist_sak = FALSE;
3336 participant->to_use_sak = FALSE;
3337 participant->new_sak = FALSE;
3338 dl_list_init(&participant->sak_list);
3339 participant->new_key = NULL;
3340 dl_list_init(&participant->rxsc_list);
3341 participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci,
3343 secy_create_transmit_sc(kay, participant->txsc);
3345 /* to derive KEK from CAK and CKN */
3346 participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
3347 if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
3348 participant->ckn.name,
3349 participant->ckn.len,
3350 participant->kek.key)) {
3351 wpa_printf(MSG_ERROR, "KaY: Derived KEK failed");
3354 wpa_hexdump_key(MSG_DEBUG, "KaY: Derived KEK",
3355 participant->kek.key, participant->kek.len);
3357 /* to derive ICK from CAK and CKN */
3358 participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
3359 if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
3360 participant->ckn.name,
3361 participant->ckn.len,
3362 participant->ick.key)) {
3363 wpa_printf(MSG_ERROR, "KaY: Derived ICK failed");
3366 wpa_hexdump_key(MSG_DEBUG, "KaY: Derived ICK",
3367 participant->ick.key, participant->ick.len);
3369 dl_list_add(&kay->participant_list, &participant->list);
3370 wpa_hexdump(MSG_DEBUG, "KaY: Participant created:",
3371 ckn->name, ckn->len);
3373 usecs = os_random() % (MKA_HELLO_TIME * 1000);
3374 eloop_register_timeout(0, usecs, ieee802_1x_participant_timer,
3376 participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
3382 os_free(participant);
3388 * ieee802_1x_kay_delete_mka -
3391 ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
3393 struct ieee802_1x_mka_participant *participant;
3394 struct ieee802_1x_kay_peer *peer;
3395 struct data_key *sak;
3396 struct receive_sc *rxsc;
3401 wpa_printf(MSG_DEBUG, "KaY: participant removed");
3403 /* get the participant */
3404 participant = ieee802_1x_kay_get_participant(kay, ckn->name);
3406 wpa_hexdump(MSG_DEBUG, "KaY: participant is not found",
3407 ckn->name, ckn->len);
3411 dl_list_del(&participant->list);
3413 /* remove live peer */
3414 while (!dl_list_empty(&participant->live_peers)) {
3415 peer = dl_list_entry(participant->live_peers.next,
3416 struct ieee802_1x_kay_peer, list);
3417 dl_list_del(&peer->list);
3421 /* remove potential peer */
3422 while (!dl_list_empty(&participant->potential_peers)) {
3423 peer = dl_list_entry(participant->potential_peers.next,
3424 struct ieee802_1x_kay_peer, list);
3425 dl_list_del(&peer->list);
3430 while (!dl_list_empty(&participant->sak_list)) {
3431 sak = dl_list_entry(participant->sak_list.next,
3432 struct data_key, list);
3433 dl_list_del(&sak->list);
3437 while (!dl_list_empty(&participant->rxsc_list)) {
3438 rxsc = dl_list_entry(participant->rxsc_list.next,
3439 struct receive_sc, list);
3440 secy_delete_receive_sc(kay, rxsc);
3441 ieee802_1x_kay_deinit_receive_sc(participant, rxsc);
3443 secy_delete_transmit_sc(kay, participant->txsc);
3444 ieee802_1x_kay_deinit_transmit_sc(participant, participant->txsc);
3446 os_memset(&participant->cak, 0, sizeof(participant->cak));
3447 os_memset(&participant->kek, 0, sizeof(participant->kek));
3448 os_memset(&participant->ick, 0, sizeof(participant->ick));
3449 os_free(participant);
3454 * ieee802_1x_kay_mka_participate -
3456 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
3457 struct mka_key_name *ckn,
3460 struct ieee802_1x_mka_participant *participant;
3465 participant = ieee802_1x_kay_get_participant(kay, ckn->name);
3469 participant->active = status;
3474 * ieee802_1x_kay_new_sak -
3477 ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay)
3479 struct ieee802_1x_mka_participant *participant;
3484 participant = ieee802_1x_kay_get_principal_participant(kay);
3488 participant->new_sak = TRUE;
3489 wpa_printf(MSG_DEBUG, "KaY: new SAK signal");
3496 * ieee802_1x_kay_change_cipher_suite -
3499 ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay, int cs_index)
3501 struct ieee802_1x_mka_participant *participant;
3506 if ((unsigned int) cs_index >= CS_TABLE_SIZE) {
3507 wpa_printf(MSG_ERROR,
3508 "KaY: Configured cipher suite index is out of range");
3511 if (kay->macsec_csindex == cs_index)
3515 kay->macsec_desired = FALSE;
3517 kay->macsec_csindex = cs_index;
3518 kay->macsec_capable = cipher_suite_tbl[kay->macsec_csindex].capable;
3520 participant = ieee802_1x_kay_get_principal_participant(kay);
3522 wpa_printf(MSG_INFO, "KaY: Cipher Suite changed");
3523 participant->new_sak = TRUE;
projects / mech_eap.git / blob