X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=blobdiff_plain;f=libeap%2Fsrc%2Fpae%2Fieee802_1x_secy_ops.c;fp=libeap%2Fsrc%2Fpae%2Fieee802_1x_secy_ops.c;h=2d12911dbfcfdcc29d706d6096a0b21fd3590e48;hp=0000000000000000000000000000000000000000;hb=f3746d009c6d7f50025af1f58a85e5fee9680be6;hpb=244f18d04aaf29e68495b5ffeb40ef5cca50942f diff --git a/libeap/src/pae/ieee802_1x_secy_ops.c b/libeap/src/pae/ieee802_1x_secy_ops.c new file mode 100644 index 0000000..2d12911 --- /dev/null +++ b/libeap/src/pae/ieee802_1x_secy_ops.c @@ -0,0 +1,491 @@ + /* + * SecY Operations + * Copyright (c) 2013, Qualcomm Atheros, Inc. + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "utils/includes.h" + +#include "utils/common.h" +#include "utils/eloop.h" +#include "common/defs.h" +#include "drivers/driver.h" +#include "pae/ieee802_1x_kay.h" +#include "pae/ieee802_1x_kay_i.h" +#include "pae/ieee802_1x_secy_ops.h" + + +int secy_cp_control_validate_frames(struct ieee802_1x_kay *kay, + enum validate_frames vf) +{ + kay->vf = vf; + return 0; +} + + +int secy_cp_control_protect_frames(struct ieee802_1x_kay *kay, Boolean enabled) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->enable_protect_frames) { + wpa_printf(MSG_ERROR, + "KaY: secy enable_protect_frames operation not supported"); + return -1; + } + + return ops->enable_protect_frames(ops->ctx, enabled); +} + + +int secy_cp_control_replay(struct ieee802_1x_kay *kay, Boolean enabled, u32 win) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->set_replay_protect) { + wpa_printf(MSG_ERROR, + "KaY: secy set_replay_protect operation not supported"); + return -1; + } + + return ops->set_replay_protect(ops->ctx, enabled, win); +} + + +int secy_cp_control_current_cipher_suite(struct ieee802_1x_kay *kay, u64 cs) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->set_current_cipher_suite) { + wpa_printf(MSG_ERROR, + "KaY: secy set_current_cipher_suite operation not supported"); + return -1; + } + + return ops->set_current_cipher_suite(ops->ctx, cs); +} + + +int secy_cp_control_confidentiality_offset(struct ieee802_1x_kay *kay, + enum confidentiality_offset co) +{ + kay->co = co; + return 0; +} + + +int secy_cp_control_enable_port(struct ieee802_1x_kay *kay, Boolean enabled) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->enable_controlled_port) { + wpa_printf(MSG_ERROR, + "KaY: secy enable_controlled_port operation not supported"); + return -1; + } + + return ops->enable_controlled_port(ops->ctx, enabled); +} + + +int secy_get_receive_lowest_pn(struct ieee802_1x_kay *kay, + struct receive_sa *rxsa) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !rxsa) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->get_receive_lowest_pn) { + wpa_printf(MSG_ERROR, + "KaY: secy get_receive_lowest_pn operation not supported"); + return -1; + } + + return ops->get_receive_lowest_pn(ops->ctx, + rxsa->sc->channel, + rxsa->an, + &rxsa->lowest_pn); +} + + +int secy_get_transmit_next_pn(struct ieee802_1x_kay *kay, + struct transmit_sa *txsa) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !txsa) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->get_transmit_next_pn) { + wpa_printf(MSG_ERROR, + "KaY: secy get_receive_lowest_pn operation not supported"); + return -1; + } + + return ops->get_transmit_next_pn(ops->ctx, + txsa->sc->channel, + txsa->an, + &txsa->next_pn); +} + + +int secy_set_transmit_next_pn(struct ieee802_1x_kay *kay, + struct transmit_sa *txsa) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !txsa) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->set_transmit_next_pn) { + wpa_printf(MSG_ERROR, + "KaY: secy get_receive_lowest_pn operation not supported"); + return -1; + } + + return ops->set_transmit_next_pn(ops->ctx, + txsa->sc->channel, + txsa->an, + txsa->next_pn); +} + + +int secy_get_available_receive_sc(struct ieee802_1x_kay *kay, u32 *channel) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->get_available_receive_sc) { + wpa_printf(MSG_ERROR, + "KaY: secy get_available_receive_sc operation not supported"); + return -1; + } + + return ops->get_available_receive_sc(ops->ctx, channel); +} + + +int secy_create_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !rxsc) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->create_receive_sc) { + wpa_printf(MSG_ERROR, + "KaY: secy create_receive_sc operation not supported"); + return -1; + } + + return ops->create_receive_sc(ops->ctx, rxsc->channel, &rxsc->sci, + kay->vf, kay->co); +} + + +int secy_delete_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !rxsc) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->delete_receive_sc) { + wpa_printf(MSG_ERROR, + "KaY: secy delete_receive_sc operation not supported"); + return -1; + } + + return ops->delete_receive_sc(ops->ctx, rxsc->channel); +} + + +int secy_create_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !rxsa) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->create_receive_sa) { + wpa_printf(MSG_ERROR, + "KaY: secy create_receive_sa operation not supported"); + return -1; + } + + return ops->create_receive_sa(ops->ctx, rxsa->sc->channel, rxsa->an, + rxsa->lowest_pn, rxsa->pkey->key); +} + + +int secy_enable_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !rxsa) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->enable_receive_sa) { + wpa_printf(MSG_ERROR, + "KaY: secy enable_receive_sa operation not supported"); + return -1; + } + + rxsa->enable_receive = TRUE; + + return ops->enable_receive_sa(ops->ctx, rxsa->sc->channel, rxsa->an); +} + + +int secy_disable_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !rxsa) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->disable_receive_sa) { + wpa_printf(MSG_ERROR, + "KaY: secy disable_receive_sa operation not supported"); + return -1; + } + + rxsa->enable_receive = FALSE; + + return ops->disable_receive_sa(ops->ctx, rxsa->sc->channel, rxsa->an); +} + + +int secy_get_available_transmit_sc(struct ieee802_1x_kay *kay, u32 *channel) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->get_available_transmit_sc) { + wpa_printf(MSG_ERROR, + "KaY: secy get_available_transmit_sc operation not supported"); + return -1; + } + + return ops->get_available_transmit_sc(ops->ctx, channel); +} + + +int secy_create_transmit_sc(struct ieee802_1x_kay *kay, + struct transmit_sc *txsc) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !txsc) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->create_transmit_sc) { + wpa_printf(MSG_ERROR, + "KaY: secy create_transmit_sc operation not supported"); + return -1; + } + + return ops->create_transmit_sc(ops->ctx, txsc->channel, &txsc->sci, + kay->co); +} + + +int secy_delete_transmit_sc(struct ieee802_1x_kay *kay, + struct transmit_sc *txsc) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !txsc) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->delete_transmit_sc) { + wpa_printf(MSG_ERROR, + "KaY: secy delete_transmit_sc operation not supported"); + return -1; + } + + return ops->delete_transmit_sc(ops->ctx, txsc->channel); +} + + +int secy_create_transmit_sa(struct ieee802_1x_kay *kay, + struct transmit_sa *txsa) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !txsa) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->create_transmit_sa) { + wpa_printf(MSG_ERROR, + "KaY: secy create_transmit_sa operation not supported"); + return -1; + } + + return ops->create_transmit_sa(ops->ctx, txsa->sc->channel, txsa->an, + txsa->next_pn, txsa->confidentiality, + txsa->pkey->key); +} + + +int secy_enable_transmit_sa(struct ieee802_1x_kay *kay, + struct transmit_sa *txsa) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !txsa) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->enable_transmit_sa) { + wpa_printf(MSG_ERROR, + "KaY: secy enable_transmit_sa operation not supported"); + return -1; + } + + txsa->enable_transmit = TRUE; + + return ops->enable_transmit_sa(ops->ctx, txsa->sc->channel, txsa->an); +} + + +int secy_disable_transmit_sa(struct ieee802_1x_kay *kay, + struct transmit_sa *txsa) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay || !txsa) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->disable_transmit_sa) { + wpa_printf(MSG_ERROR, + "KaY: secy disable_transmit_sa operation not supported"); + return -1; + } + + txsa->enable_transmit = FALSE; + + return ops->disable_transmit_sa(ops->ctx, txsa->sc->channel, txsa->an); +} + + +int secy_init_macsec(struct ieee802_1x_kay *kay) +{ + int ret; + struct ieee802_1x_kay_ctx *ops; + struct macsec_init_params params; + + if (!kay) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->macsec_init) { + wpa_printf(MSG_ERROR, + "KaY: secy macsec_init operation not supported"); + return -1; + } + + params.use_es = FALSE; + params.use_scb = FALSE; + params.always_include_sci = TRUE; + + ret = ops->macsec_init(ops->ctx, ¶ms); + + return ret; +} + + +int secy_deinit_macsec(struct ieee802_1x_kay *kay) +{ + struct ieee802_1x_kay_ctx *ops; + + if (!kay) { + wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__); + return -1; + } + + ops = kay->ctx; + if (!ops || !ops->macsec_deinit) { + wpa_printf(MSG_ERROR, + "KaY: secy macsec_deinit operation not supported"); + return -1; + } + + return ops->macsec_deinit(ops->ctx); +}