1/* 2 * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine 3 * Copyright (c) 2013, Qualcomm Atheros, Inc. 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#ifndef IEEE802_1X_KAY_I_H 10#define IEEE802_1X_KAY_I_H 11 12#include "utils/list.h" 13#include "common/defs.h" 14#include "common/ieee802_1x_defs.h" 15 16#define MKA_VERSION_ID 1 17 18/* IEEE Std 802.1X-2010, 11.11.1, Table 11-7 (MKPDU parameter sets) */ 19enum mka_packet_type { 20 MKA_BASIC_PARAMETER_SET = MKA_VERSION_ID, 21 MKA_LIVE_PEER_LIST = 1, 22 MKA_POTENTIAL_PEER_LIST = 2, 23 MKA_SAK_USE = 3, 24 MKA_DISTRIBUTED_SAK = 4, 25 MKA_DISTRIBUTED_CAK = 5, 26 MKA_KMD = 6, 27 MKA_ANNOUNCEMENT = 7, 28 MKA_ICV_INDICATOR = 255 29}; 30 31#define ICV_LEN 16 /* 16 bytes */ 32#define SAK_WRAPPED_LEN 24 33/* KN + Wrapper SAK */ 34#define DEFAULT_DIS_SAK_BODY_LENGTH (SAK_WRAPPED_LEN + 4) 35#define MAX_RETRY_CNT 5 36 37struct ieee802_1x_kay; 38 39struct ieee802_1x_mka_peer_id { 40 u8 mi[MI_LEN]; 41 be32 mn; 42} STRUCT_PACKED; 43 44struct ieee802_1x_kay_peer { 45 struct ieee802_1x_mka_sci sci; 46 u8 mi[MI_LEN]; 47 u32 mn; 48 time_t expire; 49 Boolean is_key_server; 50 u8 key_server_priority; 51 Boolean macsec_desired; 52 enum macsec_cap macsec_capability; 53 Boolean sak_used; 54 int missing_sak_use_count; 55 struct dl_list list; 56}; 57 58struct macsec_ciphersuite { 59 u64 id; 60 char name[32]; 61 enum macsec_cap capable; 62 int sak_len; /* unit: byte */ 63}; 64 65struct mka_alg { 66 u8 parameter[4]; 67 size_t icv_len; 68 69 int (*cak_trfm)(const u8 *msk, size_t msk_bytes, const u8 *mac1, 70 const u8 *mac2, u8 *cak, size_t cak_bytes); 71 int (*ckn_trfm)(const u8 *msk, size_t msk_bytes, const u8 *mac1, 72 const u8 *mac2, const u8 *sid, size_t sid_len, u8 *ckn); 73 int (*kek_trfm)(const u8 *cak, size_t cak_bytes, 74 const u8 *ckn, size_t ckn_len, 75 u8 *kek, size_t kek_bytes); 76 int (*ick_trfm)(const u8 *cak, size_t cak_bytes, 77 const u8 *ckn, size_t ckn_len, 78 u8 *ick, size_t ick_bytes); 79 int (*icv_hash)(const u8 *ick, size_t ick_bytes, 80 const u8 *msg, size_t msg_len, u8 *icv); 81}; 82 83#define DEFAULT_MKA_ALG_INDEX 0 84 85/* See IEEE Std 802.1X-2010, 9.16 MKA management */ 86struct ieee802_1x_mka_participant { 87 /* used for active and potential participant */ 88 struct mka_key_name ckn; 89 struct mka_key cak; 90 Boolean cached; 91 92 /* used by management to monitor and control activation */ 93 Boolean active; 94 Boolean participant; 95 Boolean retain; 96 enum mka_created_mode mode; 97 98 enum activate_ctrl { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate; 99 100 /* used for active participant */ 101 Boolean principal; 102 struct dl_list live_peers; 103 struct dl_list potential_peers; 104 105 /* not defined in IEEE 802.1X */ 106 struct dl_list list; 107 108 struct mka_key kek; 109 struct mka_key ick; 110 111 struct ieee802_1x_mka_ki lki; 112 u8 lan; 113 Boolean ltx; 114 Boolean lrx; 115 116 struct ieee802_1x_mka_ki oki; 117 u8 oan; 118 Boolean otx; 119 Boolean orx; 120 121 Boolean is_key_server; 122 Boolean is_obliged_key_server; 123 Boolean can_be_key_server; 124 Boolean is_elected; 125 126 struct dl_list sak_list; 127 struct dl_list rxsc_list; 128 129 struct transmit_sc *txsc; 130 131 u8 mi[MI_LEN]; 132 u32 mn; 133 134 /* Current peer MI and SCI during MKPDU processing */ 135 struct ieee802_1x_mka_peer_id current_peer_id; 136 struct ieee802_1x_mka_sci current_peer_sci; 137 138 time_t cak_life; 139 time_t mka_life; 140 Boolean to_dist_sak; 141 Boolean to_use_sak; 142 Boolean new_sak; 143 144 Boolean advised_desired; 145 enum macsec_cap advised_capability; 146 147 struct data_key *new_key; 148 u32 retry_count; 149 150 struct ieee802_1x_kay *kay; 151}; 152 153struct ieee802_1x_mka_hdr { 154 /* octet 1 */ 155 u8 type; 156 /* octet 2 */ 157 u8 reserve; 158 /* octet 3 */ 159#if __BYTE_ORDER == __LITTLE_ENDIAN 160 u8 length:4; 161 u8 reserve1:4; 162#elif __BYTE_ORDER == __BIG_ENDIAN 163 u8 reserve1:4; 164 u8 length:4; 165#else 166#error "Please fix <bits/endian.h>" 167#endif 168 /* octet 4 */ 169 u8 length1; 170} STRUCT_PACKED; 171 172#define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr) 173 174/** 175 * struct ieee802_1x_mka_basic_body - Basic Parameter Set (Figure 11-8) 176 * @version: MKA Version Identifier 177 * @priority: Key Server Priority 178 * @length: Parameter set body length 179 * @macsec_capability: MACsec capability, as defined in ieee802_1x_defs.h 180 * @macsec_desired: the participant wants MACsec to be used to protect frames 181 * (9.6.1) 182 * @key_server: the participant has not decided that another participant is or 183 * will be the key server (9.5.1) 184 * @length1: Parameter set body length (cont) 185 * @actor_mi: Actor's Member Identifier 186 * @actor_mn: Actor's Message Number 187 * @algo_agility: Algorithm Agility parameter 188 * @ckn: CAK Name 189 */ 190struct ieee802_1x_mka_basic_body { 191 /* octet 1 */ 192 u8 version; 193 /* octet 2 */ 194 u8 priority; 195 /* octet 3 */ 196#if __BYTE_ORDER == __LITTLE_ENDIAN 197 u8 length:4; 198 u8 macsec_capability:2; 199 u8 macsec_desired:1; 200 u8 key_server:1; 201#elif __BYTE_ORDER == __BIG_ENDIAN 202 u8 key_server:1; 203 u8 macsec_desired:1; 204 u8 macsec_capability:2; 205 u8 length:4; 206#endif 207 /* octet 4 */ 208 u8 length1; 209 210 struct ieee802_1x_mka_sci actor_sci; 211 u8 actor_mi[MI_LEN]; 212 be32 actor_mn; 213 u8 algo_agility[4]; 214 215 /* followed by CAK Name */ 216 u8 ckn[0]; 217} STRUCT_PACKED; 218 219/** 220 * struct ieee802_1x_mka_peer_body - Live Peer List and Potential Peer List 221 * parameter sets (Figure 11-9) 222 * @type: Parameter set type (1 or 2) 223 * @length: Parameter set body length 224 * @length1: Parameter set body length (cont) 225 * @peer: array of (MI, MN) pairs 226 */ 227struct ieee802_1x_mka_peer_body { 228 /* octet 1 */ 229 u8 type; 230 /* octet 2 */ 231 u8 reserve; 232 /* octet 3 */ 233#if __BYTE_ORDER == __LITTLE_ENDIAN 234 u8 length:4; 235 u8 reserve1:4; 236#elif __BYTE_ORDER == __BIG_ENDIAN 237 u8 reserve1:4; 238 u8 length:4; 239#endif 240 /* octet 4 */ 241 u8 length1; 242 243 /* followed by Peers */ 244 u8 peer[0]; 245} STRUCT_PACKED; 246 247/** 248 * struct ieee802_1x_mka_sak_use_body - MACsec SAK Use parameter set (Figure 249 * 11-10) 250 * @type: MKA message type 251 * @lan: latest key AN 252 * @ltx: latest key TX 253 * @lrx: latest key RX 254 * @oan: old key AN 255 * @otx: old key TX 256 * @orx: old key RX 257 * @ptx: plain TX, ie protectFrames is False 258 * @prx: plain RX, ie validateFrames is not Strict 259 * @delay_protect: True if LPNs are being reported sufficiently frequently to 260 * allow the recipient to provide data delay protection. If False, the LPN 261 * can be reported as zero. 262 * @lsrv_mi: latest key server MI 263 * @lkn: latest key number (together with MI, form the KI) 264 * @llpn: latest lowest acceptable PN (LPN) 265 * @osrv_mi: old key server MI 266 * @okn: old key number (together with MI, form the KI) 267 * @olpn: old lowest acceptable PN (LPN) 268 */ 269struct ieee802_1x_mka_sak_use_body { 270 /* octet 1 */ 271 u8 type; 272 /* octet 2 */ 273#if __BYTE_ORDER == __LITTLE_ENDIAN 274 u8 orx:1; 275 u8 otx:1; 276 u8 oan:2; 277 u8 lrx:1; 278 u8 ltx:1; 279 u8 lan:2; 280#elif __BYTE_ORDER == __BIG_ENDIAN 281 u8 lan:2; 282 u8 ltx:1; 283 u8 lrx:1; 284 u8 oan:2; 285 u8 otx:1; 286 u8 orx:1; 287#endif 288 289 /* octet 3 */ 290#if __BYTE_ORDER == __LITTLE_ENDIAN 291 u8 length:4; 292 u8 delay_protect:1; 293 u8 reserve:1; 294 u8 prx:1; 295 u8 ptx:1; 296#elif __BYTE_ORDER == __BIG_ENDIAN 297 u8 ptx:1; 298 u8 prx:1; 299 u8 reserve:1; 300 u8 delay_protect:1; 301 u8 length:4; 302#endif 303 304 /* octet 4 */ 305 u8 length1; 306 307 /* octet 5 - 16 */ 308 u8 lsrv_mi[MI_LEN]; 309 /* octet 17 - 20 */ 310 be32 lkn; 311 /* octet 21 - 24 */ 312 be32 llpn; 313 314 /* octet 25 - 36 */ 315 u8 osrv_mi[MI_LEN]; 316 /* octet 37 - 40 */ 317 be32 okn; 318 /* octet 41 - 44 */ 319 be32 olpn; 320} STRUCT_PACKED; 321 322/** 323 * struct ieee802_1x_mka_dist_sak_body - Distributed SAK parameter set 324 * (GCM-AES-128, Figure 11-11) 325 * @type: Parameter set type (4) 326 * @length: Parameter set body length 327 * @length1: Parameter set body length (cont) 328 * Total parameter body length values: 329 * - 0 for plain text 330 * - 28 for GCM-AES-128 331 * - 36 or more for other cipher suites 332 * @confid_offset: confidentiality offset, as defined in ieee802_1x_defs.h 333 * @dan: distributed AN (0 for plain text) 334 * @kn: Key Number 335 * @sak: AES Key Wrap of SAK (see 9.8) 336 */ 337struct ieee802_1x_mka_dist_sak_body { 338 /* octet 1 */ 339 u8 type; 340 /* octet 2 */ 341#if __BYTE_ORDER == __LITTLE_ENDIAN 342 u8 reserve:4; 343 u8 confid_offset:2; 344 u8 dan:2; 345#elif __BYTE_ORDER == __BIG_ENDIAN 346 u8 dan:2; 347 u8 confid_offset:2; 348 u8 reserve:4; 349#endif 350 /* octet 3 */ 351#if __BYTE_ORDER == __LITTLE_ENDIAN 352 u8 length:4; 353 u8 reserve1:4; 354#elif __BYTE_ORDER == __BIG_ENDIAN 355 u8 reserve1:4; 356 u8 length:4; 357#endif 358 /* octet 4 */ 359 u8 length1; 360 /* octet 5 - 8 */ 361 be32 kn; 362 363 /* for GCM-AES-128: octet 9-32: SAK 364 * for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK 365 */ 366 u8 sak[0]; 367} STRUCT_PACKED; 368 369/** 370 * struct ieee802_1x_mka_dist_cak_body - Distributed CAK parameter set (Figure 371 * 11-13) 372 * @type: Parameter set type (5) 373 * @length: Parameter set body length 374 * @length1: Parameter set body length (cont) 375 * Total parameter body length values: 376 * - 0 for plain text 377 * - 28 for GCM-AES-128 378 * - 36 or more for other cipher suites 379 * @cak: AES Key Wrap of CAK (see 9.8) 380 * @ckn: CAK Name 381 */ 382struct ieee802_1x_mka_dist_cak_body { 383 /* octet 1 */ 384 u8 type; 385 /* octet 2 */ 386 u8 reserve; 387 /* octet 3 */ 388#if __BYTE_ORDER == __LITTLE_ENDIAN 389 u8 length:4; 390 u8 reserve1:4; 391#elif __BYTE_ORDER == __BIG_ENDIAN 392 u8 reserve1:4; 393 u8 length:4; 394#endif 395 /* octet 4 */ 396 u8 length1; 397 398 /* octet 5 - 28 */ 399 u8 cak[24]; 400 401 /* followed by CAK Name, 29- */ 402 u8 ckn[0]; 403} STRUCT_PACKED; 404 405struct ieee802_1x_mka_icv_body { 406 /* octet 1 */ 407 u8 type; 408 /* octet 2 */ 409 u8 reserve; 410 /* octet 3 */ 411#if __BYTE_ORDER == __LITTLE_ENDIAN 412 u8 length:4; 413 u8 reserve1:4; 414#elif __BYTE_ORDER == __BIG_ENDIAN 415 u8 reserve1:4; 416 u8 length:4; 417#endif 418 /* octet 4 */ 419 u8 length1; 420 421 /* octet 5 - */ 422 u8 icv[0]; 423} STRUCT_PACKED; 424 425#endif /* IEEE802_1X_KAY_I_H */ 426