2 * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3 * Copyright (c) 2013, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #ifndef IEEE802_1X_KAY_H
10 #define IEEE802_1X_KAY_H
12 #include "utils/list.h"
13 #include "common/defs.h"
14 #include "common/ieee802_1x_defs.h"
16 struct macsec_init_params;
17 struct ieee802_1x_cp_conf;
20 #define MAX_KEY_LEN 32 /* 32 bytes, 256 bits */
21 #define MAX_CKN_LEN 32 /* 32 bytes, 256 bits */
23 /* MKA timer, unit: millisecond */
24 #define MKA_HELLO_TIME 2000
25 #define MKA_LIFE_TIME 6000
26 #define MKA_SAK_RETIRE_TIME 3000
28 struct ieee802_1x_mka_ki {
33 struct ieee802_1x_mka_sci {
48 enum mka_created_mode {
53 struct ieee802_1x_kay_ctx {
54 /* pointer to arbitrary upper level context */
57 /* abstract wpa driver interface */
58 int (*macsec_init)(void *ctx, struct macsec_init_params *params);
59 int (*macsec_deinit)(void *ctx);
60 int (*enable_protect_frames)(void *ctx, Boolean enabled);
61 int (*set_replay_protect)(void *ctx, Boolean enabled, u32 window);
62 int (*set_current_cipher_suite)(void *ctx, u64 cs);
63 int (*enable_controlled_port)(void *ctx, Boolean enabled);
64 int (*get_receive_lowest_pn)(void *ctx, u32 channel, u8 an,
66 int (*get_transmit_next_pn)(void *ctx, u32 channel, u8 an,
68 int (*set_transmit_next_pn)(void *ctx, u32 channel, u8 an, u32 next_pn);
69 int (*get_available_receive_sc)(void *ctx, u32 *channel);
70 int (*create_receive_sc)(void *ctx, u32 channel,
71 struct ieee802_1x_mka_sci *sci,
72 enum validate_frames vf,
73 enum confidentiality_offset co);
74 int (*delete_receive_sc)(void *ctx, u32 channel);
75 int (*create_receive_sa)(void *ctx, u32 channel, u8 an, u32 lowest_pn,
77 int (*enable_receive_sa)(void *ctx, u32 channel, u8 an);
78 int (*disable_receive_sa)(void *ctx, u32 channel, u8 an);
79 int (*get_available_transmit_sc)(void *ctx, u32 *channel);
80 int (*create_transmit_sc)(void *ctx, u32 channel,
81 const struct ieee802_1x_mka_sci *sci,
82 enum confidentiality_offset co);
83 int (*delete_transmit_sc)(void *ctx, u32 channel);
84 int (*create_transmit_sa)(void *ctx, u32 channel, u8 an, u32 next_pn,
85 Boolean confidentiality, const u8 *sak);
86 int (*enable_transmit_sa)(void *ctx, u32 channel, u8 an);
87 int (*disable_transmit_sa)(void *ctx, u32 channel, u8 an);
90 struct ieee802_1x_kay {
94 Boolean authenticated;
98 struct ieee802_1x_mka_sci actor_sci;
100 struct ieee802_1x_mka_sci key_server_sci;
101 u8 key_server_priority;
103 enum macsec_cap macsec_capable;
104 Boolean macsec_desired;
105 Boolean macsec_protect;
106 Boolean macsec_replay_protect;
107 u32 macsec_replay_window;
108 enum validate_frames macsec_validate;
109 enum confidentiality_offset macsec_confidentiality;
121 /* not defined in IEEE802.1X */
122 struct ieee802_1x_kay_ctx *ctx;
123 Boolean is_key_server;
124 Boolean is_obliged_key_server;
125 char if_name[IFNAMSIZ];
127 unsigned int macsec_csindex; /* MACsec cipher suite table index */
128 int mka_algindex; /* MKA alg table index */
143 struct dl_list participant_list;
144 enum macsec_policy policy;
146 struct ieee802_1x_cp_sm *cp;
148 struct l2_packet_data *l2_mka;
150 enum validate_frames vf;
151 enum confidentiality_offset co;
155 struct ieee802_1x_kay *
156 ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
157 const char *ifname, const u8 *addr);
158 void ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay);
160 struct ieee802_1x_mka_participant *
161 ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
162 struct mka_key_name *ckn, struct mka_key *cak,
163 u32 life, enum mka_created_mode mode,
164 Boolean is_authenticator);
165 void ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay,
166 struct mka_key_name *ckn);
167 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
168 struct mka_key_name *ckn,
170 int ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay);
171 int ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,
172 unsigned int cs_index);
174 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
175 struct ieee802_1x_mka_ki *lki, u8 lan,
176 Boolean ltx, Boolean lrx);
177 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
178 struct ieee802_1x_mka_ki *oki,
179 u8 oan, Boolean otx, Boolean orx);
180 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
181 struct ieee802_1x_mka_ki *lki);
182 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
183 struct ieee802_1x_mka_ki *ki);
184 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
185 struct ieee802_1x_mka_ki *lki);
186 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
187 struct ieee802_1x_mka_ki *lki);
188 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay);
189 int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay,
190 struct ieee802_1x_cp_conf *pconf);
192 #endif /* IEEE802_1X_KAY_H */