1 /*
2  * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3  * Copyright (c) 2013, Qualcomm Atheros, Inc.
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef IEEE802_1X_KAY_I_H
10 #define IEEE802_1X_KAY_I_H
11 
12 #include "utils/list.h"
13 #include "common/defs.h"
14 #include "common/ieee802_1x_defs.h"
15 
16 #define MKA_VERSION_ID              1
17 
18 /* IEEE Std 802.1X-2010, 11.11.1, Table 11-7 */
19 enum mka_packet_type {
20 	MKA_BASIC_PARAMETER_SET = MKA_VERSION_ID,
21 	MKA_LIVE_PEER_LIST = 1,
22 	MKA_POTENTIAL_PEER_LIST = 2,
23 	MKA_SAK_USE = 3,
24 	MKA_DISTRIBUTED_SAK = 4,
25 	MKA_DISTRIBUTED_CAK = 5,
26 	MKA_KMD = 6,
27 	MKA_ANNOUNCEMENT = 7,
28 	MKA_ICV_INDICATOR = 255
29 };
30 
31 #define ICV_LEN                         16  /* 16 bytes */
32 #define SAK_WRAPPED_LEN                 24
33 /* KN + Wrapper SAK */
34 #define DEFAULT_DIS_SAK_BODY_LENGTH     (SAK_WRAPPED_LEN + 4)
35 #define MAX_RETRY_CNT                   5
36 
37 struct ieee802_1x_kay;
38 
39 struct ieee802_1x_mka_peer_id {
40 	u8 mi[MI_LEN];
41 	u32 mn;
42 };
43 
44 struct ieee802_1x_kay_peer {
45 	struct ieee802_1x_mka_sci sci;
46 	u8 mi[MI_LEN];
47 	u32 mn;
48 	time_t expire;
49 	Boolean is_key_server;
50 	u8 key_server_priority;
51 	Boolean macsec_desired;
52 	enum macsec_cap macsec_capbility;
53 	Boolean sak_used;
54 	struct dl_list list;
55 };
56 
57 struct key_conf {
58 	u8 *key;
59 	struct ieee802_1x_mka_ki ki;
60 	enum confidentiality_offset offset;
61 	u8 an;
62 	Boolean tx;
63 	Boolean rx;
64 	int key_len; /* unit: byte */
65 };
66 
67 struct data_key {
68 	u8 *key;
69 	int key_len;
70 	struct ieee802_1x_mka_ki key_identifier;
71 	enum confidentiality_offset confidentiality_offset;
72 	u8 an;
73 	Boolean transmits;
74 	Boolean receives;
75 	struct os_time created_time;
76 	u32 next_pn;
77 
78 	/* not defined data */
79 	Boolean rx_latest;
80 	Boolean tx_latest;
81 
82 	int user;  /* FIXME: to indicate if it can be delete safely */
83 
84 	struct dl_list list;
85 };
86 
87 /* TransmitSC in IEEE Std 802.1AE-2006, Figure 10-6 */
88 struct transmit_sc {
89 	struct ieee802_1x_mka_sci sci; /* const SCI sci */
90 	Boolean transmitting; /* bool transmitting (read only) */
91 
92 	struct os_time created_time; /* Time createdTime */
93 
94 	u8 encoding_sa; /* AN encodingSA (read only) */
95 	u8 enciphering_sa; /* AN encipheringSA (read only) */
96 
97 	/* not defined data */
98 	unsigned int channel;
99 
100 	struct dl_list list;
101 	struct dl_list sa_list;
102 };
103 
104 /* TransmitSA in IEEE Std 802.1AE-2006, Figure 10-6 */
105 struct transmit_sa {
106 	Boolean in_use; /* bool inUse (read only) */
107 	u32 next_pn; /* PN nextPN (read only) */
108 	struct os_time created_time; /* Time createdTime */
109 
110 	Boolean enable_transmit; /* bool EnableTransmit */
111 
112 	u8 an;
113 	Boolean confidentiality;
114 	struct data_key *pkey;
115 
116 	struct transmit_sc *sc;
117 	struct dl_list list; /* list entry in struct transmit_sc::sa_list */
118 };
119 
120 /* ReceiveSC in IEEE Std 802.1AE-2006, Figure 10-6 */
121 struct receive_sc {
122 	struct ieee802_1x_mka_sci sci; /* const SCI sci */
123 	Boolean receiving; /* bool receiving (read only) */
124 
125 	struct os_time created_time; /* Time createdTime */
126 
127 	unsigned int channel;
128 
129 	struct dl_list list;
130 	struct dl_list sa_list;
131 };
132 
133 /* ReceiveSA in IEEE Std 802.1AE-2006, Figure 10-6 */
134 struct receive_sa {
135 	Boolean enable_receive; /* bool enableReceive */
136 	Boolean in_use; /* bool inUse (read only) */
137 
138 	u32 next_pn; /* PN nextPN (read only) */
139 	u32 lowest_pn; /* PN lowestPN (read only) */
140 	u8 an;
141 	struct os_time created_time;
142 
143 	struct data_key *pkey;
144 	struct receive_sc *sc; /* list entry in struct receive_sc::sa_list */
145 
146 	struct dl_list list;
147 };
148 
149 struct macsec_ciphersuite {
150 	u8 id[CS_ID_LEN];
151 	char name[32];
152 	enum macsec_cap capable;
153 	int sak_len; /* unit: byte */
154 
155 	u32 index;
156 };
157 
158 struct mka_alg {
159 	u8 parameter[4];
160 	size_t cak_len;
161 	size_t kek_len;
162 	size_t ick_len;
163 	size_t icv_len;
164 
165 	int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);
166 	int (*ckn_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2,
167 			const u8 *sid, size_t sid_len, u8 *ckn);
168 	int (*kek_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *kek);
169 	int (*ick_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *ick);
170 	int (*icv_hash)(const u8 *ick, const u8 *msg, size_t msg_len, u8 *icv);
171 
172 	int index; /* index for configuring */
173 };
174 
175 #define DEFAULT_MKA_ALG_INDEX 0
176 
177 /* See IEEE Std 802.1X-2010, 9.16 MKA management */
178 struct ieee802_1x_mka_participant {
179 	/* used for active and potential participant */
180 	struct mka_key_name ckn;
181 	struct mka_key cak;
182 	Boolean cached;
183 
184 	/* used by management to monitor and control activation */
185 	Boolean active;
186 	Boolean participant;
187 	Boolean retain;
188 
189 	enum { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;
190 
191 	/* used for active participant */
192 	Boolean principal;
193 	struct dl_list live_peers;
194 	struct dl_list potential_peers;
195 
196 	/* not defined in IEEE 802.1X */
197 	struct dl_list list;
198 
199 	struct mka_key kek;
200 	struct mka_key ick;
201 
202 	struct ieee802_1x_mka_ki lki;
203 	u8 lan;
204 	Boolean ltx;
205 	Boolean lrx;
206 
207 	struct ieee802_1x_mka_ki oki;
208 	u8 oan;
209 	Boolean otx;
210 	Boolean orx;
211 
212 	Boolean is_key_server;
213 	Boolean is_obliged_key_server;
214 	Boolean can_be_key_server;
215 	Boolean is_elected;
216 
217 	struct dl_list sak_list;
218 	struct dl_list rxsc_list;
219 
220 	struct transmit_sc *txsc;
221 
222 	u8 mi[MI_LEN];
223 	u32 mn;
224 
225 	struct ieee802_1x_mka_peer_id current_peer_id;
226 	struct ieee802_1x_mka_sci current_peer_sci;
227 	time_t cak_life;
228 	time_t mka_life;
229 	Boolean to_dist_sak;
230 	Boolean to_use_sak;
231 	Boolean new_sak;
232 
233 	Boolean advised_desired;
234 	enum macsec_cap advised_capability;
235 
236 	struct data_key *new_key;
237 	u32 retry_count;
238 
239 	struct ieee802_1x_kay *kay;
240 };
241 
242 struct ieee802_1x_mka_hdr {
243 	/* octet 1 */
244 	u32 type:8;
245 	/* octet 2 */
246 	u32 reserve:8;
247 	/* octet 3 */
248 #if __BYTE_ORDER == __LITTLE_ENDIAN
249 	u32 length:4;
250 	u32 reserve1:4;
251 #elif __BYTE_ORDER == __BIG_ENDIAN
252 	u32 reserve1:4;
253 	u32 length:4;
254 #else
255 #error "Please fix <bits/endian.h>"
256 #endif
257 	/* octet 4 */
258 	u32 length1:8;
259 };
260 
261 #define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr)
262 
263 struct ieee802_1x_mka_basic_body {
264 	/* octet 1 */
265 	u32 version:8;
266 	/* octet 2 */
267 	u32 priority:8;
268 	/* octet 3 */
269 #if __BYTE_ORDER == __LITTLE_ENDIAN
270 	u32 length:4;
271 	u32 macsec_capbility:2;
272 	u32 macsec_desired:1;
273 	u32 key_server:1;
274 #elif __BYTE_ORDER == __BIG_ENDIAN
275 	u32 key_server:1;
276 	u32 macsec_desired:1;
277 	u32 macsec_capbility:2;
278 	u32 length:4;
279 #endif
280 	/* octet 4 */
281 	u32 length1:8;
282 
283 	struct ieee802_1x_mka_sci actor_sci;
284 	u8 actor_mi[MI_LEN];
285 	u32 actor_mn;
286 	u8 algo_agility[4];
287 
288 	/* followed by CAK Name*/
289 	u8 ckn[0];
290 };
291 
292 struct ieee802_1x_mka_peer_body {
293 	/* octet 1 */
294 	u32 type:8;
295 	/* octet 2 */
296 	u32 reserve:8;
297 	/* octet 3 */
298 #if __BYTE_ORDER == __LITTLE_ENDIAN
299 	u32 length:4;
300 	u32 reserve1:4;
301 #elif __BYTE_ORDER == __BIG_ENDIAN
302 	u32 reserve1:4;
303 	u32 length:4;
304 #endif
305 	/* octet 4 */
306 	u32 length1:8;
307 
308 	u8 peer[0];
309 	/* followed by Peers */
310 };
311 
312 struct ieee802_1x_mka_sak_use_body {
313 	/* octet 1 */
314 	u32 type:8;
315 	/* octet 2 */
316 #if __BYTE_ORDER == __LITTLE_ENDIAN
317 	u32 orx:1;
318 	u32 otx:1;
319 	u32 oan:2;
320 	u32 lrx:1;
321 	u32 ltx:1;
322 	u32 lan:2;
323 #elif __BYTE_ORDER == __BIG_ENDIAN
324 	u32 lan:2;
325 	u32 ltx:1;
326 	u32 lrx:1;
327 	u32 oan:2;
328 	u32 otx:1;
329 	u32 orx:1;
330 #endif
331 
332 	/* octet 3 */
333 #if __BYTE_ORDER == __LITTLE_ENDIAN
334 	u32 length:4;
335 	u32 delay_protect:1;
336 	u32 reserve:1;
337 	u32 prx:1;
338 	u32 ptx:1;
339 #elif __BYTE_ORDER == __BIG_ENDIAN
340 	u32 ptx:1;
341 	u32 prx:1;
342 	u32 reserve:1;
343 	u32 delay_protect:1;
344 	u32 length:4;
345 #endif
346 
347 	/* octet 4 */
348 	u32 length1:8;
349 
350 	/* octet 5 - 16 */
351 	u8 lsrv_mi[MI_LEN];
352 	/* octet 17 - 20 */
353 	u32 lkn;
354 	/* octet 21 - 24 */
355 	u32 llpn;
356 
357 	/* octet 25 - 36 */
358 	u8 osrv_mi[MI_LEN];
359 	/* octet 37 - 40 */
360 	u32 okn;
361 	/* octet 41 - 44 */
362 	u32 olpn;
363 };
364 
365 
366 struct ieee802_1x_mka_dist_sak_body {
367 	/* octet 1 */
368 	u32 type:8;
369 	/* octet 2 */
370 #if __BYTE_ORDER == __LITTLE_ENDIAN
371 	u32 reserve:4;
372 	u32 confid_offset:2;
373 	u32 dan:2;
374 #elif __BYTE_ORDER == __BIG_ENDIAN
375 	u32 dan:2;
376 	u32 confid_offset:2;
377 	u32 reserve:4;
378 #endif
379 	/* octet 3 */
380 #if __BYTE_ORDER == __LITTLE_ENDIAN
381 	u32 length:4;
382 	u32 reserve1:4;
383 #elif __BYTE_ORDER == __BIG_ENDIAN
384 	u32 reserve1:4;
385 	u32 length:4;
386 #endif
387 	/* octet 4 */
388 	u32 length1:8;
389 	/* octet 5 - 8 */
390 	u32 kn;
391 
392 	/* for GCM-AES-128: octet 9-32: SAK
393 	 * for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK
394 	 */
395 	u8 sak[0];
396 };
397 
398 
399 struct ieee802_1x_mka_icv_body {
400 	/* octet 1 */
401 	u32 type:8;
402 	/* octet 2 */
403 	u32 reserve:8;
404 	/* octet 3 */
405 #if __BYTE_ORDER == __LITTLE_ENDIAN
406 	u32 length:4;
407 	u32 reserve1:4;
408 #elif __BYTE_ORDER == __BIG_ENDIAN
409 	u32 reserve1:4;
410 	u32 length:4;
411 #endif
412 	/* octet 4 */
413 	u32 length1:8;
414 
415 	/* octet 5 - */
416 	u8 icv[0];
417 };
418 
419 #endif /* IEEE802_1X_KAY_I_H */
420