Lines Matching refs:kay
280 ieee802_1x_kay_get_participant(struct ieee802_1x_kay *kay, const u8 *ckn,
285 dl_list_for_each(participant, &kay->participant_list,
303 ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay)
307 dl_list_for_each(participant, &kay->participant_list,
547 static void ieee802_1x_delete_receive_sa(struct ieee802_1x_kay *kay,
550 secy_disable_receive_sa(kay, sa);
551 secy_delete_receive_sa(kay, sa);
568 ieee802_1x_delete_receive_sa(participant->kay, psa);
571 secy_delete_receive_sc(participant->kay, psc);
627 if (secy_create_receive_sc(participant->kay, rxsc)) {
691 if (secy_create_receive_sc(participant->kay, rxsc)) {
740 struct ieee802_1x_kay *kay = participant->kay;
746 body->version = kay->mka_version;
747 body->priority = kay->actor_priority;
755 body->macsec_desired = kay->macsec_desired;
756 body->macsec_capability = kay->macsec_capable;
759 os_memcpy(body->actor_sci.addr, kay->actor_sci.addr,
760 sizeof(kay->actor_sci.addr));
761 body->actor_sci.port = kay->actor_sci.port;
766 os_memcpy(body->algo_agility, kay->algo_agility,
792 ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
808 if (kay->is_obliged_key_server && body->key_server) {
821 participant = ieee802_1x_kay_get_participant(kay, body->ckn, ckn_len);
1229 if (participant->kay->macsec_desired && participant->advised_desired)
1267 secy_get_transmit_next_pn(principal->kay, txsa);
1288 struct ieee802_1x_kay *kay = participant->kay;
1309 body->delay_protect = kay->mka_hello_time <= MKA_BOUNDED_HELLO_TIME;
1312 if (pn > kay->pn_exhaustion) {
1323 body->ptx = !kay->macsec_protect;
1324 body->prx = kay->macsec_validate != Strict;
1349 kay->tx_enable = TRUE;
1350 kay->port_enable = TRUE;
1353 kay->rx_enable = TRUE;
1379 struct ieee802_1x_kay *kay = participant->kay;
1444 ieee802_1x_cp_set_servertransmitting(kay->cp, TRUE);
1445 ieee802_1x_cp_sm_step(kay->cp);
1479 ieee802_1x_cp_set_allreceiving(kay->cp, TRUE);
1480 ieee802_1x_cp_sm_step(kay->cp);
1485 if (lpn > kay->pn_exhaustion) {
1513 secy_get_receive_lowest_pn(participant->kay, rxsa);
1519 secy_set_receive_lowest_pn(participant->kay, rxsa);
1553 unsigned int cs_index = participant->kay->macsec_csindex;
1600 cs_index = participant->kay->macsec_csindex;
1655 struct ieee802_1x_kay *kay = participant->kay;
1676 if (!kay->macsec_desired ||
1677 kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
1690 if (!sci_equal(&kay->key_server_sci, &peer->sci)) {
1696 kay->authenticated = TRUE;
1697 kay->secured = FALSE;
1698 kay->failed = FALSE;
1700 ieee802_1x_cp_connect_authenticated(kay->cp);
1701 ieee802_1x_cp_sm_step(kay->cp);
1708 kay->authenticated = FALSE;
1709 kay->secured = TRUE;
1710 kay->failed = FALSE;
1711 ieee802_1x_cp_connect_secure(kay->cp);
1712 ieee802_1x_cp_sm_step(kay->cp);
1730 kay->macsec_csindex = DEFAULT_CS_INDEX;
1731 cs = &cipher_suite_tbl[kay->macsec_csindex];
1744 kay->macsec_csindex = idx;
1781 ieee802_1x_cp_set_ciphersuite(kay->cp, cs->id);
1782 ieee802_1x_cp_sm_step(kay->cp);
1783 ieee802_1x_cp_set_offset(kay->cp, body->confid_offset);
1784 ieee802_1x_cp_sm_step(kay->cp);
1785 ieee802_1x_cp_set_distributedki(kay->cp, &sa_key->key_identifier);
1786 ieee802_1x_cp_set_distributedan(kay->cp, body->dan);
1787 ieee802_1x_cp_signal_newsak(kay->cp);
1788 ieee802_1x_cp_sm_step(kay->cp);
1790 kay->rcvd_keys++;
1816 if (mka_alg_tbl[participant->kay->mka_algindex].icv_len !=
1821 length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
1839 if (mka_alg_tbl[participant->kay->mka_algindex].icv_len !=
1848 if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
1893 < mka_alg_tbl[participant->kay->mka_algindex].icv_len)
2082 struct ieee802_1x_kay *kay = participant->kay;
2108 if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
2114 cs = &cipher_suite_tbl[kay->macsec_csindex];
2122 ctx_len = key_len + sizeof(kay->dist_kn);
2145 os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
2173 sa_key->key_identifier.kn = kay->dist_kn;
2175 sa_key->confidentiality_offset = kay->macsec_confidentiality;
2176 sa_key->an = kay->dist_an;
2184 ieee802_1x_cp_set_ciphersuite(kay->cp, cs->id);
2185 ieee802_1x_cp_sm_step(kay->cp);
2186 ieee802_1x_cp_set_offset(kay->cp, kay->macsec_confidentiality);
2187 ieee802_1x_cp_sm_step(kay->cp);
2188 ieee802_1x_cp_set_distributedki(kay->cp, &sa_key->key_identifier);
2189 ieee802_1x_cp_set_distributedan(kay->cp, sa_key->an);
2190 ieee802_1x_cp_signal_newsak(kay->cp);
2191 ieee802_1x_cp_sm_step(kay->cp);
2197 kay->dist_kn++;
2198 kay->dist_an++;
2199 if (kay->dist_an > 3)
2200 kay->dist_an = 0;
2202 kay->dist_time = time(NULL);
2234 struct ieee802_1x_kay *kay = participant->kay;
2241 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2265 tmp.key_server_priority = kay->actor_priority;
2266 os_memcpy(&tmp.sci, &kay->actor_sci, sizeof(tmp.sci));
2280 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2281 if (!sci_equal(&kay->key_server_sci, &kay->actor_sci)) {
2282 ieee802_1x_cp_signal_chgdserver(kay->cp);
2283 ieee802_1x_cp_sm_step(kay->cp);
2293 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
2294 sizeof(kay->key_server_sci));
2295 kay->key_server_priority = kay->actor_priority;
2300 ieee802_1x_cp_set_electedself(kay->cp, FALSE);
2301 if (!sci_equal(&kay->key_server_sci, &key_server->sci)) {
2302 ieee802_1x_cp_signal_chgdserver(kay->cp);
2303 ieee802_1x_cp_sm_step(kay->cp);
2310 os_memcpy(&kay->key_server_sci, &key_server->sci,
2311 sizeof(kay->key_server_sci));
2312 kay->key_server_priority = key_server->key_server_priority;
2333 struct ieee802_1x_kay *kay = participant->kay;
2342 if (!kay->macsec_desired) {
2346 if (kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
2350 less_capability = kay->macsec_capable;
2370 kay->authenticated = FALSE;
2371 kay->secured = TRUE;
2372 kay->failed = FALSE;
2373 ieee802_1x_cp_connect_secure(kay->cp);
2374 ieee802_1x_cp_sm_step(kay->cp);
2379 kay->authenticated = TRUE;
2380 kay->secured = FALSE;
2381 kay->failed = FALSE;
2382 kay->ltx_kn = 0;
2383 kay->ltx_an = 0;
2384 kay->lrx_kn = 0;
2385 kay->lrx_an = 0;
2386 kay->otx_kn = 0;
2387 kay->otx_an = 0;
2388 kay->orx_kn = 0;
2389 kay->orx_an = 0;
2390 ieee802_1x_cp_connect_authenticated(kay->cp);
2391 ieee802_1x_cp_sm_step(kay->cp);
2415 os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr,
2452 struct ieee802_1x_kay *kay = participant->kay;
2457 kay->if_name);
2477 l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf));
2480 kay->active = TRUE;
2489 static void ieee802_1x_delete_transmit_sa(struct ieee802_1x_kay *kay,
2492 secy_disable_transmit_sa(kay, sa);
2493 secy_delete_transmit_sa(kay, sa);
2504 struct ieee802_1x_kay *kay;
2512 kay = participant->kay;
2514 kay->if_name);
2565 kay->authenticated = FALSE;
2566 kay->secured = FALSE;
2567 kay->failed = FALSE;
2568 kay->ltx_kn = 0;
2569 kay->ltx_an = 0;
2570 kay->lrx_kn = 0;
2571 kay->lrx_an = 0;
2572 kay->otx_kn = 0;
2573 kay->otx_an = 0;
2574 kay->orx_kn = 0;
2575 kay->orx_an = 0;
2579 ieee802_1x_delete_transmit_sa(kay, txsa);
2582 ieee802_1x_cp_connect_pending(kay->cp);
2583 ieee802_1x_cp_sm_step(kay->cp);
2615 eloop_register_timeout(kay->mka_hello_time / 1000, 0,
2622 kay->authenticated = FALSE;
2623 kay->secured = FALSE;
2624 kay->failed = TRUE;
2625 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
2725 ieee802_1x_delete_transmit_sa(participant->kay, psa);
2727 secy_delete_transmit_sc(participant->kay, psc);
2736 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
2742 principal = ieee802_1x_kay_get_principal_participant(kay);
2755 kay->ltx_kn = 0;
2756 kay->lrx_kn = 0;
2758 kay->ltx_kn = lki->kn;
2759 kay->lrx_kn = lki->kn;
2761 kay->ltx_an = lan;
2762 kay->lrx_an = lan;
2771 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
2777 principal = ieee802_1x_kay_get_principal_participant(kay);
2791 kay->otx_kn = 0;
2792 kay->orx_kn = 0;
2794 kay->otx_kn = oki->kn;
2795 kay->orx_kn = oki->kn;
2797 kay->otx_an = oan;
2798 kay->orx_an = oan;
2833 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
2842 principal = ieee802_1x_kay_get_principal_participant(kay);
2865 ieee802_1x_delete_receive_sa(kay, rxsa);
2872 secy_create_receive_sa(kay, rxsa);
2877 ieee802_1x_delete_transmit_sa(kay, txsa);
2886 secy_create_transmit_sa(kay, txsa);
2897 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
2907 principal = ieee802_1x_kay_get_principal_participant(kay);
2915 ieee802_1x_delete_transmit_sa(kay, txsa);
2923 ieee802_1x_delete_receive_sa(kay, rxsa);
2946 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
2952 principal = ieee802_1x_kay_get_principal_participant(kay);
2960 secy_enable_transmit_sa(kay, txsa);
2962 principal->kay->cp, TRUE);
2963 ieee802_1x_cp_sm_step(principal->kay->cp);
2974 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
2981 principal = ieee802_1x_kay_get_principal_participant(kay);
2990 secy_enable_receive_sa(kay, rxsa);
2992 principal->kay->cp, TRUE);
2993 ieee802_1x_cp_sm_step(principal->kay->cp);
3005 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
3009 principal = ieee802_1x_kay_get_principal_participant(kay);
3027 static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
3109 participant = ieee802_1x_kay_get_participant(kay, body->ckn, ckn_len);
3130 if (len < mka_alg_tbl[kay->mka_algindex].icv_len ||
3131 mka_alg_tbl[kay->mka_algindex].icv_hash(
3133 buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
3146 msg_icv, mka_alg_tbl[kay->mka_algindex].icv_len);
3148 mka_alg_tbl[kay->mka_algindex].icv_len) != 0) {
3152 icv, mka_alg_tbl[kay->mka_algindex].icv_len);
3163 static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
3180 kay->if_name);
3181 if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len))
3188 participant = ieee802_1x_mka_decode_basic_body(kay, pos, left_len);
3352 kay->active = TRUE;
3364 struct ieee802_1x_kay *kay = ctx;
3406 if (dl_list_empty(&kay->participant_list)) {
3412 ieee802_1x_kay_decode_mkpdu(kay, buf, len);
3424 struct ieee802_1x_kay *kay;
3429 kay = os_zalloc(sizeof(*kay));
3430 if (!kay) {
3436 kay->ctx = ctx;
3438 kay->enable = TRUE;
3439 kay->active = FALSE;
3441 kay->authenticated = FALSE;
3442 kay->secured = FALSE;
3443 kay->failed = FALSE;
3444 kay->policy = policy;
3446 os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
3447 os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
3448 kay->actor_sci.port = host_to_be16(port ? port : 0x0001);
3450 sci_txt(&kay->actor_sci));
3451 kay->actor_priority = priority;
3454 kay->dist_kn = 1;
3455 kay->dist_an = 0;
3456 kay->dist_time = 0;
3458 kay->pn_exhaustion = PENDING_PN_EXHAUSTION;
3459 kay->macsec_csindex = DEFAULT_CS_INDEX;
3460 kay->mka_algindex = DEFAULT_MKA_ALG_INDEX;
3461 kay->mka_version = MKA_VERSION_ID;
3463 os_memcpy(kay->algo_agility, mka_algo_agility,
3464 sizeof(kay->algo_agility));
3466 dl_list_init(&kay->participant_list);
3469 secy_get_capability(kay, &kay->macsec_capable) < 0)
3473 kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
3474 kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
3475 kay->macsec_desired = FALSE;
3476 kay->macsec_protect = FALSE;
3477 kay->macsec_encrypt = FALSE;
3478 kay->macsec_validate = Disabled;
3479 kay->macsec_replay_protect = FALSE;
3480 kay->macsec_replay_window = 0;
3481 kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
3482 kay->mka_hello_time = MKA_HELLO_TIME;
3484 kay->macsec_desired = TRUE;
3485 kay->macsec_protect = TRUE;
3486 if (kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF &&
3488 kay->macsec_encrypt = TRUE;
3489 kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
3491 kay->macsec_encrypt = FALSE;
3492 kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
3494 kay->macsec_validate = Strict;
3495 kay->macsec_replay_protect = macsec_replay_protect;
3496 kay->macsec_replay_window = macsec_replay_window;
3497 kay->mka_hello_time = MKA_HELLO_TIME;
3503 if (secy_init_macsec(kay) < 0) {
3511 kay->cp = ieee802_1x_cp_sm_init(kay);
3512 if (kay->cp == NULL)
3516 ieee802_1x_cp_connect_authenticated(kay->cp);
3517 ieee802_1x_cp_sm_step(kay->cp);
3519 kay->l2_mka = l2_packet_init(kay->if_name, NULL, ETH_P_PAE,
3520 kay_l2_receive, kay, 1);
3521 if (kay->l2_mka == NULL) {
3528 return kay;
3531 ieee802_1x_kay_deinit(kay);
3540 ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay)
3544 if (!kay)
3549 while (!dl_list_empty(&kay->participant_list)) {
3550 participant = dl_list_entry(kay->participant_list.next,
3553 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
3556 ieee802_1x_cp_sm_deinit(kay->cp);
3557 secy_deinit_macsec(kay);
3559 if (kay->l2_mka) {
3560 l2_packet_deinit(kay->l2_mka);
3561 kay->l2_mka = NULL;
3564 os_free(kay->ctx);
3565 os_free(kay);
3586 ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
3596 kay->if_name, mode_txt(mode), yes_no(is_authenticator));
3598 if (!kay || !ckn || !cak) {
3612 if (!kay->enable) {
3642 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
3643 sizeof(kay->key_server_sci));
3644 kay->key_server_priority = kay->actor_priority;
3676 participant->kay = kay;
3693 participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci);
3694 secy_cp_control_protect_frames(kay, kay->macsec_protect);
3695 secy_cp_control_replay(kay, kay->macsec_replay_protect,
3696 kay->macsec_replay_window);
3697 if (secy_create_transmit_sc(kay, participant->txsc))
3702 if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
3716 if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
3728 dl_list_add(&kay->participant_list, &participant->list);
3730 usecs = os_random() % (kay->mka_hello_time * 1000);
3758 ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
3765 if (!kay || !ckn)
3771 participant = ieee802_1x_kay_get_participant(kay, ckn->name, ckn->len);
3821 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
3827 if (!kay || !ckn)
3830 participant = ieee802_1x_kay_get_participant(kay, ckn->name, ckn->len);
3842 ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay)
3846 if (!kay)
3849 participant = ieee802_1x_kay_get_principal_participant(kay);
3864 ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,
3870 if (!kay)
3878 if (kay->macsec_csindex == cs_index)
3882 kay->macsec_desired = FALSE;
3884 kay->macsec_csindex = cs_index;
3885 kay->macsec_capable = cipher_suite_tbl[kay->macsec_csindex].capable;
3887 if (secy_get_capability(kay, &secy_cap) < 0)
3890 if (kay->macsec_capable > secy_cap)
3891 kay->macsec_capable = secy_cap;
3893 participant = ieee802_1x_kay_get_principal_participant(kay);
3917 int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf,
3924 if (!kay)
3941 kay->active ? "Active" : "Not-Active",
3942 kay->authenticated ? "Yes" : "No",
3943 kay->secured ? "Yes" : "No",
3944 kay->failed ? "Yes" : "No",
3945 kay->actor_priority,
3946 kay->key_server_priority,
3947 kay->is_key_server ? "Yes" : "No",
3948 kay->dist_kn - 1,
3949 kay->rcvd_keys,
3950 kay->mka_hello_time);
3956 "actor_sci=%s\n", sci_txt(&kay->actor_sci));
3962 "key_server_sci=%s\n", sci_txt(&kay->key_server_sci));
3968 dl_list_for_each(p, &kay->participant_list,
4059 int ieee802_1x_kay_get_mib(struct ieee802_1x_kay *kay, char *buf,
4066 if (!kay)
4072 dl_list_for_each(p, &kay->participant_list,