Cumulative patch from commit f4626235de4b6d19c7399a2522241f7c43e0caf6
f462623 EAP-pwd server: Allow fragment_size to be configured
c876dcd EAP-IKEv2: Allow frag ack without integrity checksum
0f73c64 EAP-pwd: Fix processing of group setup failure
13e2574 EAP-pwd peer: Export Session-Id through getSessionId callback
cfdb32e eapol_test: Check EAP-Key-Name
251c53e RADIUS: Define EAP-Key-Name
04cad50 EAP-SIM peer: Fix counter-too-small message building
270c9a4 Interworking: Allow FT to be used for connection
81ed499 Remove duplicated ibss_rsn_deinit() call
144f104 X.509: Fix v3 parsing with issuerUniqueID/subjectUniqueID present
0f1034e P2P: Refrain from performing extended listen during P2P connection
8d0dd4e Add macsec_qca driver wrapper
dd10abc MACsec: wpa_supplicant integration
887d9d0 MACsec: Add PAE implementation
7baec80 MACsec: Add driver_ops
4e9528c MACsec: Add common IEEE 802.1X definitions
3bcfab8 MACsec: Add define for EAPOL type MKA
0836c04 MACsec: Allow EAPOL version 3 to be configured
49be483 Add function to fetch EAP Session-Id from EAPOL supplicant
ea40a57 nl80211: Use max associated STAs information in AP mode
Change-Id: I0e37a10ca58d0dc1be95a0088d6a4c37b2505ad4
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/Makefile b/src/Makefile
index d73a175..10e0171 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p radius rsn_supp tls utils wps
+SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p pae radius rsn_supp tls utils wps
all:
for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d; done
diff --git a/src/common/eapol_common.h b/src/common/eapol_common.h
index 4811f38..6958661 100644
--- a/src/common/eapol_common.h
+++ b/src/common/eapol_common.h
@@ -22,17 +22,28 @@
/* followed by length octets of data */
} STRUCT_PACKED;
+struct ieee8023_hdr {
+ u8 dest[ETH_ALEN];
+ u8 src[ETH_ALEN];
+ u16 ethertype;
+} STRUCT_PACKED;
+
#ifdef _MSC_VER
#pragma pack(pop)
#endif /* _MSC_VER */
+#ifdef CONFIG_MACSEC
+#define EAPOL_VERSION 3
+#else /* CONFIG_MACSEC */
#define EAPOL_VERSION 2
+#endif /* CONFIG_MACSEC */
enum { IEEE802_1X_TYPE_EAP_PACKET = 0,
IEEE802_1X_TYPE_EAPOL_START = 1,
IEEE802_1X_TYPE_EAPOL_LOGOFF = 2,
IEEE802_1X_TYPE_EAPOL_KEY = 3,
- IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT = 4
+ IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT = 4,
+ IEEE802_1X_TYPE_EAPOL_MKA = 5,
};
enum { EAPOL_KEY_TYPE_RC4 = 1, EAPOL_KEY_TYPE_RSN = 2,
diff --git a/src/common/ieee802_1x_defs.h b/src/common/ieee802_1x_defs.h
new file mode 100644
index 0000000..cc88caa
--- /dev/null
+++ b/src/common/ieee802_1x_defs.h
@@ -0,0 +1,78 @@
+/*
+ * IEEE Std 802.1X-2010 definitions
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_DEFS_H
+#define IEEE802_1X_DEFS_H
+
+#define CS_ID_LEN 8
+#define CS_ID_GCM_AES_128 {0x00, 0x80, 0x02, 0x00, 0x01, 0x00, 0x00, 0x01}
+#define CS_NAME_GCM_AES_128 "GCM-AES-128"
+
+enum macsec_policy {
+ /**
+ * Should secure sessions.
+ * This accepts key server's advice to determine whether to secure the
+ * session or not.
+ */
+ SHOULD_SECURE,
+
+ /**
+ * Disabled MACsec - do not secure sessions.
+ */
+ DO_NOT_SECURE,
+};
+
+
+/* IEEE Std 802.1X-2010 - Table 11-6 - MACsec Capability */
+enum macsec_cap {
+ /**
+ * MACsec is not implemented
+ */
+ MACSEC_CAP_NOT_IMPLEMENTED,
+
+ /**
+ * 'Integrity without confidentiality'
+ */
+ MACSEC_CAP_INTEGRITY,
+
+ /**
+ * 'Integrity without confidentiality' and
+ * 'Integrity and confidentiality' with a confidentiality offset of 0
+ */
+ MACSEC_CAP_INTEG_AND_CONF,
+
+ /**
+ * 'Integrity without confidentiality' and
+ * 'Integrity and confidentiality' with a confidentiality offset of 0,
+ * 30, 50
+ */
+ MACSEC_CAP_INTEG_AND_CONF_0_30_50,
+};
+
+enum validate_frames {
+ Disabled,
+ Checked,
+ Strict,
+};
+
+/* IEEE Std 802.1X-2010 - Table 11-6 - Confidentiality Offset */
+enum confidentiality_offset {
+ CONFIDENTIALITY_NONE = 0,
+ CONFIDENTIALITY_OFFSET_0 = 1,
+ CONFIDENTIALITY_OFFSET_30 = 2,
+ CONFIDENTIALITY_OFFSET_50 = 3,
+};
+
+/* IEEE Std 802.1X-2010 - Table 9-2 */
+#define DEFAULT_PRIO_INFRA_PORT 0x10
+#define DEFAULT_PRIO_PRIMRAY_AP 0x30
+#define DEFAULT_PRIO_SECONDARY_AP 0x50
+#define DEFAULT_PRIO_GROUP_CA_MEMBER 0x70
+#define DEFAULT_PRIO_NOT_KEY_SERVER 0xFF
+
+#endif /* IEEE802_1X_DEFS_H */
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 481ddd6..6e47b86 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1305,6 +1305,15 @@
TDLS_PEER_WMM = BIT(2),
};
+#ifdef CONFIG_MACSEC
+struct macsec_init_params {
+ Boolean always_include_sci;
+ Boolean use_es;
+ Boolean use_scb;
+};
+#endif /* CONFIG_MACSEC */
+
+
/**
* struct wpa_driver_ops - Driver interface API definition
*
@@ -2786,6 +2795,203 @@
* Returns: Length of written status information or -1 on failure
*/
int (*status)(void *priv, char *buf, size_t buflen);
+
+#ifdef CONFIG_MACSEC
+ int (*macsec_init)(void *priv, struct macsec_init_params *params);
+
+ int (*macsec_deinit)(void *priv);
+
+ /**
+ * enable_protect_frames - Set protect frames status
+ * @priv: Private driver interface data
+ * @enabled: TRUE = protect frames enabled
+ * FALSE = protect frames disabled
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*enable_protect_frames)(void *priv, Boolean enabled);
+
+ /**
+ * set_replay_protect - Set replay protect status and window size
+ * @priv: Private driver interface data
+ * @enabled: TRUE = replay protect enabled
+ * FALSE = replay protect disabled
+ * @window: replay window size, valid only when replay protect enabled
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*set_replay_protect)(void *priv, Boolean enabled, u32 window);
+
+ /**
+ * set_current_cipher_suite - Set current cipher suite
+ * @priv: Private driver interface data
+ * @cs: EUI64 identifier
+ * @cs_len: Length of the cs buffer in octets
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*set_current_cipher_suite)(void *priv, const u8 *cs,
+ size_t cs_len);
+
+ /**
+ * enable_controlled_port - Set controlled port status
+ * @priv: Private driver interface data
+ * @enabled: TRUE = controlled port enabled
+ * FALSE = controlled port disabled
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*enable_controlled_port)(void *priv, Boolean enabled);
+
+ /**
+ * get_receive_lowest_pn - Get receive lowest pn
+ * @priv: Private driver interface data
+ * @channel: secure channel
+ * @an: association number
+ * @lowest_pn: lowest accept pn
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*get_receive_lowest_pn)(void *priv, u32 channel, u8 an,
+ u32 *lowest_pn);
+
+ /**
+ * get_transmit_next_pn - Get transmit next pn
+ * @priv: Private driver interface data
+ * @channel: secure channel
+ * @an: association number
+ * @next_pn: next pn
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*get_transmit_next_pn)(void *priv, u32 channel, u8 an,
+ u32 *next_pn);
+
+ /**
+ * set_transmit_next_pn - Set transmit next pn
+ * @priv: Private driver interface data
+ * @channel: secure channel
+ * @an: association number
+ * @next_pn: next pn
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*set_transmit_next_pn)(void *priv, u32 channel, u8 an,
+ u32 next_pn);
+
+ /**
+ * get_available_receive_sc - get available receive channel
+ * @priv: Private driver interface data
+ * @channel: secure channel
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*get_available_receive_sc)(void *priv, u32 *channel);
+
+ /**
+ * create_receive_sc - create secure channel for receiving
+ * @priv: Private driver interface data
+ * @channel: secure channel
+ * @sci_addr: secure channel identifier - address
+ * @sci_port: secure channel identifier - port
+ * @conf_offset: confidentiality offset (0, 30, or 50)
+ * @validation: frame validation policy (0 = Disabled, 1 = Checked,
+ * 2 = Strict)
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*create_receive_sc)(void *priv, u32 channel, const u8 *sci_addr,
+ u16 sci_port, unsigned int conf_offset,
+ int validation);
+
+ /**
+ * delete_receive_sc - delete secure connection for receiving
+ * @priv: private driver interface data from init()
+ * @channel: secure channel
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*delete_receive_sc)(void *priv, u32 channel);
+
+ /**
+ * create_receive_sa - create secure association for receive
+ * @priv: private driver interface data from init()
+ * @channel: secure channel
+ * @an: association number
+ * @lowest_pn: the lowest packet number can be received
+ * @sak: the secure association key
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*create_receive_sa)(void *priv, u32 channel, u8 an,
+ u32 lowest_pn, const u8 *sak);
+
+ /**
+ * enable_receive_sa - enable the SA for receive
+ * @priv: private driver interface data from init()
+ * @channel: secure channel
+ * @an: association number
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*enable_receive_sa)(void *priv, u32 channel, u8 an);
+
+ /**
+ * disable_receive_sa - disable SA for receive
+ * @priv: private driver interface data from init()
+ * @channel: secure channel index
+ * @an: association number
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*disable_receive_sa)(void *priv, u32 channel, u8 an);
+
+ /**
+ * get_available_transmit_sc - get available transmit channel
+ * @priv: Private driver interface data
+ * @channel: secure channel
+ * Returns: 0 on success, -1 on failure (or if not supported)
+ */
+ int (*get_available_transmit_sc)(void *priv, u32 *channel);
+
+ /**
+ * create_transmit_sc - create secure connection for transmit
+ * @priv: private driver interface data from init()
+ * @channel: secure channel
+ * @sci_addr: secure channel identifier - address
+ * @sci_port: secure channel identifier - port
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*create_transmit_sc)(void *priv, u32 channel, const u8 *sci_addr,
+ u16 sci_port, unsigned int conf_offset);
+
+ /**
+ * delete_transmit_sc - delete secure connection for transmit
+ * @priv: private driver interface data from init()
+ * @channel: secure channel
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*delete_transmit_sc)(void *priv, u32 channel);
+
+ /**
+ * create_transmit_sa - create secure association for transmit
+ * @priv: private driver interface data from init()
+ * @channel: secure channel index
+ * @an: association number
+ * @next_pn: the packet number used as next transmit packet
+ * @confidentiality: True if the SA is to provide confidentiality
+ * as well as integrity
+ * @sak: the secure association key
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*create_transmit_sa)(void *priv, u32 channel, u8 an, u32 next_pn,
+ Boolean confidentiality, const u8 *sak);
+
+ /**
+ * enable_transmit_sa - enable SA for transmit
+ * @priv: private driver interface data from init()
+ * @channel: secure channel
+ * @an: association number
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*enable_transmit_sa)(void *priv, u32 channel, u8 an);
+
+ /**
+ * disable_transmit_sa - disable SA for transmit
+ * @priv: private driver interface data from init()
+ * @channel: secure channel
+ * @an: association number
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*disable_transmit_sa)(void *priv, u32 channel, u8 an);
+#endif /* CONFIG_MACSEC */
};
diff --git a/src/drivers/driver_macsec_qca.c b/src/drivers/driver_macsec_qca.c
new file mode 100644
index 0000000..cf24799
--- /dev/null
+++ b/src/drivers/driver_macsec_qca.c
@@ -0,0 +1,887 @@
+/*
+ * Wired Ethernet driver interface for QCA MACsec driver
+ * Copyright (c) 2005-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004, Gunter Burchardt <tira@isx.de>
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+#include <net/if.h>
+#ifdef __linux__
+#include <netpacket/packet.h>
+#include <net/if_arp.h>
+#include <net/if.h>
+#endif /* __linux__ */
+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__)
+#include <net/if_dl.h>
+#include <net/if_media.h>
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__) */
+#ifdef __sun__
+#include <sys/sockio.h>
+#endif /* __sun__ */
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+#include "driver.h"
+
+#include "nss_macsec_secy.h"
+#include "nss_macsec_secy_rx.h"
+#include "nss_macsec_secy_tx.h"
+
+#define MAXSC 16
+
+/* TCI field definition */
+#define TCI_ES 0x40
+#define TCI_SC 0x20
+#define TCI_SCB 0x10
+#define TCI_E 0x08
+#define TCI_C 0x04
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+static const u8 pae_group_addr[ETH_ALEN] =
+{ 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 };
+
+struct macsec_qca_data {
+ char ifname[IFNAMSIZ + 1];
+ u32 secy_id;
+ void *ctx;
+
+ int sock; /* raw packet socket for driver access */
+ int pf_sock;
+ int membership, multi, iff_allmulti, iff_up;
+
+ /* shadow */
+ Boolean always_include_sci;
+ Boolean use_es;
+ Boolean use_scb;
+ Boolean protect_frames;
+ Boolean replay_protect;
+ u32 replay_window;
+};
+
+
+static int macsec_qca_multicast_membership(int sock, int ifindex,
+ const u8 *addr, int add)
+{
+#ifdef __linux__
+ struct packet_mreq mreq;
+
+ if (sock < 0)
+ return -1;
+
+ os_memset(&mreq, 0, sizeof(mreq));
+ mreq.mr_ifindex = ifindex;
+ mreq.mr_type = PACKET_MR_MULTICAST;
+ mreq.mr_alen = ETH_ALEN;
+ os_memcpy(mreq.mr_address, addr, ETH_ALEN);
+
+ if (setsockopt(sock, SOL_PACKET,
+ add ? PACKET_ADD_MEMBERSHIP : PACKET_DROP_MEMBERSHIP,
+ &mreq, sizeof(mreq)) < 0) {
+ perror("setsockopt");
+ return -1;
+ }
+ return 0;
+#else /* __linux__ */
+ return -1;
+#endif /* __linux__ */
+}
+
+
+static int macsec_qca_get_ssid(void *priv, u8 *ssid)
+{
+ ssid[0] = 0;
+ return 0;
+}
+
+
+static int macsec_qca_get_bssid(void *priv, u8 *bssid)
+{
+ /* Report PAE group address as the "BSSID" for macsec connection. */
+ os_memcpy(bssid, pae_group_addr, ETH_ALEN);
+ return 0;
+}
+
+
+static int macsec_qca_get_capa(void *priv, struct wpa_driver_capa *capa)
+{
+ os_memset(capa, 0, sizeof(*capa));
+ capa->flags = WPA_DRIVER_FLAGS_WIRED;
+ return 0;
+}
+
+
+static int macsec_qca_get_ifflags(const char *ifname, int *flags)
+{
+ struct ifreq ifr;
+ int s;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ if (ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOCGIFFLAGS]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ *flags = ifr.ifr_flags & 0xffff;
+ return 0;
+}
+
+
+static int macsec_qca_set_ifflags(const char *ifname, int flags)
+{
+ struct ifreq ifr;
+ int s;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ ifr.ifr_flags = flags & 0xffff;
+ if (ioctl(s, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOCSIFFLAGS]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ return 0;
+}
+
+
+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__)
+static int macsec_qca_get_ifstatus(const char *ifname, int *status)
+{
+ struct ifmediareq ifmr;
+ int s;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifmr, 0, sizeof(ifmr));
+ os_strlcpy(ifmr.ifm_name, ifname, IFNAMSIZ);
+ if (ioctl(s, SIOCGIFMEDIA, (caddr_t) &ifmr) < 0) {
+ perror("ioctl[SIOCGIFMEDIA]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ *status = (ifmr.ifm_status & (IFM_ACTIVE | IFM_AVALID)) ==
+ (IFM_ACTIVE | IFM_AVALID);
+
+ return 0;
+}
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(FreeBSD_kernel__) */
+
+
+static int macsec_qca_multi(const char *ifname, const u8 *addr, int add)
+{
+ struct ifreq ifr;
+ int s;
+
+#ifdef __sun__
+ return -1;
+#endif /* __sun__ */
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0) {
+ perror("socket");
+ return -1;
+ }
+
+ os_memset(&ifr, 0, sizeof(ifr));
+ os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+#ifdef __linux__
+ ifr.ifr_hwaddr.sa_family = AF_UNSPEC;
+ os_memcpy(ifr.ifr_hwaddr.sa_data, addr, ETH_ALEN);
+#endif /* __linux__ */
+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__)
+ {
+ struct sockaddr_dl *dlp;
+ dlp = (struct sockaddr_dl *) &ifr.ifr_addr;
+ dlp->sdl_len = sizeof(struct sockaddr_dl);
+ dlp->sdl_family = AF_LINK;
+ dlp->sdl_index = 0;
+ dlp->sdl_nlen = 0;
+ dlp->sdl_alen = ETH_ALEN;
+ dlp->sdl_slen = 0;
+ os_memcpy(LLADDR(dlp), addr, ETH_ALEN);
+ }
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(FreeBSD_kernel__) */
+#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__)
+ {
+ struct sockaddr *sap;
+ sap = (struct sockaddr *) &ifr.ifr_addr;
+ sap->sa_len = sizeof(struct sockaddr);
+ sap->sa_family = AF_UNSPEC;
+ os_memcpy(sap->sa_data, addr, ETH_ALEN);
+ }
+#endif /* defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__) */
+
+ if (ioctl(s, add ? SIOCADDMULTI : SIOCDELMULTI, (caddr_t) &ifr) < 0) {
+ perror("ioctl[SIOC{ADD/DEL}MULTI]");
+ close(s);
+ return -1;
+ }
+ close(s);
+ return 0;
+}
+
+
+static void __macsec_drv_init(struct macsec_qca_data *drv)
+{
+ int ret = 0;
+ fal_rx_ctl_filt_t rx_ctl_filt;
+ fal_tx_ctl_filt_t tx_ctl_filt;
+
+ wpa_printf(MSG_INFO, "%s: secy_id=%d", __func__, drv->secy_id);
+
+ /* Enable Secy and Let EAPoL bypass */
+ ret = nss_macsec_secy_en_set(drv->secy_id, TRUE);
+ if (ret)
+ wpa_printf(MSG_ERROR, "nss_macsec_secy_en_set: FAIL");
+
+ ret = nss_macsec_secy_sc_sa_mapping_mode_set(drv->secy_id,
+ FAL_SC_SA_MAP_1_4);
+ if (ret)
+ wpa_printf(MSG_ERROR,
+ "nss_macsec_secy_sc_sa_mapping_mode_set: FAIL");
+
+ os_memset(&rx_ctl_filt, 0, sizeof(rx_ctl_filt));
+ rx_ctl_filt.bypass = 1;
+ rx_ctl_filt.match_type = IG_CTL_COMPARE_ETHER_TYPE;
+ rx_ctl_filt.match_mask = 0xffff;
+ rx_ctl_filt.ether_type_da_range = 0x888e;
+ ret = nss_macsec_secy_rx_ctl_filt_set(drv->secy_id, 0, &rx_ctl_filt);
+ if (ret)
+ wpa_printf(MSG_ERROR, "nss_macsec_secy_rx_ctl_filt_set: FAIL");
+
+ os_memset(&tx_ctl_filt, 0, sizeof(tx_ctl_filt));
+ tx_ctl_filt.bypass = 1;
+ tx_ctl_filt.match_type = EG_CTL_COMPARE_ETHER_TYPE;
+ tx_ctl_filt.match_mask = 0xffff;
+ tx_ctl_filt.ether_type_da_range = 0x888e;
+ ret = nss_macsec_secy_tx_ctl_filt_set(drv->secy_id, 0, &tx_ctl_filt);
+ if (ret)
+ wpa_printf(MSG_ERROR, "nss_macsec_secy_tx_ctl_filt_set: FAIL");
+}
+
+
+static void __macsec_drv_deinit(struct macsec_qca_data *drv)
+{
+ nss_macsec_secy_en_set(drv->secy_id, FALSE);
+ nss_macsec_secy_rx_sc_del_all(drv->secy_id);
+ nss_macsec_secy_tx_sc_del_all(drv->secy_id);
+}
+
+
+static void * macsec_qca_init(void *ctx, const char *ifname)
+{
+ struct macsec_qca_data *drv;
+ int flags;
+
+ drv = os_zalloc(sizeof(*drv));
+ if (drv == NULL)
+ return NULL;
+ os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
+ drv->ctx = ctx;
+
+ /* Board specific settings */
+ if (os_memcmp("eth2", drv->ifname, 4) == 0)
+ drv->secy_id = 1;
+ else if (os_memcmp("eth3", drv->ifname, 4) == 0)
+ drv->secy_id = 2;
+ else
+ drv->secy_id = -1;
+
+#ifdef __linux__
+ drv->pf_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
+ if (drv->pf_sock < 0)
+ perror("socket(PF_PACKET)");
+#else /* __linux__ */
+ drv->pf_sock = -1;
+#endif /* __linux__ */
+
+ if (macsec_qca_get_ifflags(ifname, &flags) == 0 &&
+ !(flags & IFF_UP) &&
+ macsec_qca_set_ifflags(ifname, flags | IFF_UP) == 0) {
+ drv->iff_up = 1;
+ }
+
+ if (macsec_qca_multicast_membership(drv->pf_sock,
+ if_nametoindex(drv->ifname),
+ pae_group_addr, 1) == 0) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Added multicast membership with packet socket",
+ __func__);
+ drv->membership = 1;
+ } else if (macsec_qca_multi(ifname, pae_group_addr, 1) == 0) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Added multicast membership with SIOCADDMULTI",
+ __func__);
+ drv->multi = 1;
+ } else if (macsec_qca_get_ifflags(ifname, &flags) < 0) {
+ wpa_printf(MSG_INFO, "%s: Could not get interface flags",
+ __func__);
+ os_free(drv);
+ return NULL;
+ } else if (flags & IFF_ALLMULTI) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Interface is already configured for multicast",
+ __func__);
+ } else if (macsec_qca_set_ifflags(ifname, flags | IFF_ALLMULTI) < 0) {
+ wpa_printf(MSG_INFO, "%s: Failed to enable allmulti",
+ __func__);
+ os_free(drv);
+ return NULL;
+ } else {
+ wpa_printf(MSG_DEBUG, "%s: Enabled allmulti mode", __func__);
+ drv->iff_allmulti = 1;
+ }
+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__)
+ {
+ int status;
+ wpa_printf(MSG_DEBUG, "%s: waiting for link to become active",
+ __func__);
+ while (macsec_qca_get_ifstatus(ifname, &status) == 0 &&
+ status == 0)
+ sleep(1);
+ }
+#endif /* defined(__FreeBSD__) || defined(__DragonFly__) || defined(FreeBSD_kernel__) */
+
+ return drv;
+}
+
+
+static void macsec_qca_deinit(void *priv)
+{
+ struct macsec_qca_data *drv = priv;
+ int flags;
+
+ if (drv->membership &&
+ macsec_qca_multicast_membership(drv->pf_sock,
+ if_nametoindex(drv->ifname),
+ pae_group_addr, 0) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Failed to remove PAE multicast group (PACKET)",
+ __func__);
+ }
+
+ if (drv->multi &&
+ macsec_qca_multi(drv->ifname, pae_group_addr, 0) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "%s: Failed to remove PAE multicast group (SIOCDELMULTI)",
+ __func__);
+ }
+
+ if (drv->iff_allmulti &&
+ (macsec_qca_get_ifflags(drv->ifname, &flags) < 0 ||
+ macsec_qca_set_ifflags(drv->ifname, flags & ~IFF_ALLMULTI) < 0)) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to disable allmulti mode",
+ __func__);
+ }
+
+ if (drv->iff_up &&
+ macsec_qca_get_ifflags(drv->ifname, &flags) == 0 &&
+ (flags & IFF_UP) &&
+ macsec_qca_set_ifflags(drv->ifname, flags & ~IFF_UP) < 0) {
+ wpa_printf(MSG_DEBUG, "%s: Failed to set the interface down",
+ __func__);
+ }
+
+ if (drv->pf_sock != -1)
+ close(drv->pf_sock);
+
+ os_free(drv);
+}
+
+
+static int macsec_qca_macsec_init(void *priv, struct macsec_init_params *params)
+{
+ struct macsec_qca_data *drv = priv;
+
+ drv->always_include_sci = params->always_include_sci;
+ drv->use_es = params->use_es;
+ drv->use_scb = params->use_scb;
+
+ wpa_printf(MSG_DEBUG, "%s: es=%d, scb=%d, sci=%d",
+ __func__, drv->use_es, drv->use_scb,
+ drv->always_include_sci);
+
+ __macsec_drv_init(drv);
+
+ return 0;
+}
+
+
+static int macsec_qca_macsec_deinit(void *priv)
+{
+ struct macsec_qca_data *drv = priv;
+
+ wpa_printf(MSG_DEBUG, "%s", __func__);
+
+ __macsec_drv_deinit(drv);
+
+ return 0;
+}
+
+
+static int macsec_qca_enable_protect_frames(void *priv, Boolean enabled)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+
+ drv->protect_frames = enabled;
+
+ return ret;
+}
+
+
+static int macsec_qca_set_replay_protect(void *priv, Boolean enabled,
+ unsigned int window)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: enabled=%d, win=%u",
+ __func__, enabled, window);
+
+ drv->replay_protect = enabled;
+ drv->replay_window = window;
+
+ return ret;
+}
+
+
+static int macsec_qca_set_current_cipher_suite(void *priv, const u8 *cs,
+ size_t cs_len)
+{
+ u8 default_cs_id[] = CS_ID_GCM_AES_128;
+
+ if (cs_len != CS_ID_LEN ||
+ os_memcmp(cs, default_cs_id, cs_len) != 0) {
+ wpa_hexdump(MSG_ERROR, "macsec: NOT supported CipherSuite",
+ cs, cs_len);
+ return -1;
+ }
+
+ /* Support default Cipher Suite 0080020001000001 (GCM-AES-128) */
+ wpa_printf(MSG_DEBUG, "%s: default support aes-gcm-128", __func__);
+
+ return 0;
+}
+
+
+static int macsec_qca_enable_controlled_port(void *priv, Boolean enabled)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: enable=%d", __func__, enabled);
+
+ ret += nss_macsec_secy_controlled_port_en_set(drv->secy_id, enabled);
+
+ return ret;
+}
+
+
+static int macsec_qca_get_receive_lowest_pn(void *priv, u32 channel, u8 an,
+ u32 *lowest_pn)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ u32 next_pn = 0;
+ bool enabled = FALSE;
+ u32 win;
+
+ ret += nss_macsec_secy_rx_sa_next_pn_get(drv->secy_id, channel, an,
+ &next_pn);
+ ret += nss_macsec_secy_rx_sc_replay_protect_get(drv->secy_id, channel,
+ &enabled);
+ ret += nss_macsec_secy_rx_sc_anti_replay_window_get(drv->secy_id,
+ channel, &win);
+
+ if (enabled)
+ *lowest_pn = (next_pn > win) ? (next_pn - win) : 1;
+ else
+ *lowest_pn = next_pn;
+
+ wpa_printf(MSG_DEBUG, "%s: lpn=0x%x", __func__, *lowest_pn);
+
+ return ret;
+}
+
+
+static int macsec_qca_get_transmit_next_pn(void *priv, u32 channel, u8 an,
+ u32 *next_pn)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ ret += nss_macsec_secy_tx_sa_next_pn_get(drv->secy_id, channel, an,
+ next_pn);
+
+ wpa_printf(MSG_DEBUG, "%s: npn=0x%x", __func__, *next_pn);
+
+ return ret;
+}
+
+
+int macsec_qca_set_transmit_next_pn(void *priv, u32 channel, u8 an, u32 next_pn)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ ret += nss_macsec_secy_tx_sa_next_pn_set(drv->secy_id, channel, an,
+ next_pn);
+
+ wpa_printf(MSG_INFO, "%s: npn=0x%x", __func__, next_pn);
+
+ return ret;
+}
+
+
+static int macsec_qca_get_available_receive_sc(void *priv, u32 *channel)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ u32 sc_ch = 0;
+ bool in_use = FALSE;
+
+ for (sc_ch = 0; sc_ch < MAXSC; sc_ch++) {
+ ret = nss_macsec_secy_rx_sc_in_used_get(drv->secy_id, sc_ch,
+ &in_use);
+ if (ret)
+ continue;
+
+ if (!in_use) {
+ *channel = sc_ch;
+ wpa_printf(MSG_DEBUG, "%s: channel=%d",
+ __func__, *channel);
+ return 0;
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: no available channel", __func__);
+
+ return -1;
+}
+
+
+static int macsec_qca_create_receive_sc(void *priv, u32 channel,
+ const u8 *sci_addr, u16 sci_port,
+ unsigned int conf_offset,
+ int validation)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_rx_prc_lut_t entry;
+ fal_rx_sc_validate_frame_e vf;
+ enum validate_frames validate_frames = validation;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel);
+
+ /* rx prc lut */
+ os_memset(&entry, 0, sizeof(entry));
+
+ os_memcpy(entry.sci, sci_addr, ETH_ALEN);
+ entry.sci[6] = (sci_port >> 8) & 0xf;
+ entry.sci[7] = sci_port & 0xf;
+ entry.sci_mask = 0xf;
+
+ entry.valid = 1;
+ entry.channel = channel;
+ entry.action = FAL_RX_PRC_ACTION_PROCESS;
+ entry.offset = conf_offset;
+
+ /* rx validate frame */
+ if (validate_frames == Strict)
+ vf = FAL_RX_SC_VALIDATE_FRAME_STRICT;
+ else if (validate_frames == Checked)
+ vf = FAL_RX_SC_VALIDATE_FRAME_CHECK;
+ else
+ vf = FAL_RX_SC_VALIDATE_FRAME_DISABLED;
+
+ ret += nss_macsec_secy_rx_prc_lut_set(drv->secy_id, channel, &entry);
+ ret += nss_macsec_secy_rx_sc_create(drv->secy_id, channel);
+ ret += nss_macsec_secy_rx_sc_validate_frame_set(drv->secy_id, channel,
+ vf);
+ ret += nss_macsec_secy_rx_sc_replay_protect_set(drv->secy_id, channel,
+ drv->replay_protect);
+ ret += nss_macsec_secy_rx_sc_anti_replay_window_set(drv->secy_id,
+ channel,
+ drv->replay_window);
+
+ return ret;
+}
+
+
+static int macsec_qca_delete_receive_sc(void *priv, u32 channel)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_rx_prc_lut_t entry;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel);
+
+ /* rx prc lut */
+ os_memset(&entry, 0, sizeof(entry));
+
+ ret += nss_macsec_secy_rx_sc_del(drv->secy_id, channel);
+ ret += nss_macsec_secy_rx_prc_lut_set(drv->secy_id, channel, &entry);
+
+ return ret;
+}
+
+
+static int macsec_qca_create_receive_sa(void *priv, u32 channel, u8 an,
+ u32 lowest_pn, const u8 *sak)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_rx_sak_t rx_sak;
+ int i = 0;
+
+ wpa_printf(MSG_DEBUG, "%s, channel=%d, an=%d, lpn=0x%x",
+ __func__, channel, an, lowest_pn);
+
+ os_memset(&rx_sak, 0, sizeof(rx_sak));
+ for (i = 0; i < 16; i++)
+ rx_sak.sak[i] = sak[15 - i];
+
+ ret += nss_macsec_secy_rx_sa_create(drv->secy_id, channel, an);
+ ret += nss_macsec_secy_rx_sak_set(drv->secy_id, channel, an, &rx_sak);
+
+ return ret;
+}
+
+
+static int macsec_qca_enable_receive_sa(void *priv, u32 channel, u8 an)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an);
+
+ ret += nss_macsec_secy_rx_sa_en_set(drv->secy_id, channel, an, TRUE);
+
+ return ret;
+}
+
+
+static int macsec_qca_disable_receive_sa(void *priv, u32 channel, u8 an)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an);
+
+ ret += nss_macsec_secy_rx_sa_en_set(drv->secy_id, channel, an, FALSE);
+
+ return ret;
+}
+
+
+static int macsec_qca_get_available_transmit_sc(void *priv, u32 *channel)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ u32 sc_ch = 0;
+ bool in_use = FALSE;
+
+ for (sc_ch = 0; sc_ch < MAXSC; sc_ch++) {
+ ret = nss_macsec_secy_tx_sc_in_used_get(drv->secy_id, sc_ch,
+ &in_use);
+ if (ret)
+ continue;
+
+ if (!in_use) {
+ *channel = sc_ch;
+ wpa_printf(MSG_DEBUG, "%s: channel=%d",
+ __func__, *channel);
+ return 0;
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "%s: no avaiable channel", __func__);
+
+ return -1;
+}
+
+
+static int macsec_qca_create_transmit_sc(void *priv, u32 channel,
+ const u8 *sci_addr, u16 sci_port,
+ unsigned int conf_offset)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_tx_class_lut_t entry;
+ u8 psci[ETH_ALEN + 2];
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel);
+
+ /* class lut */
+ os_memset(&entry, 0, sizeof(entry));
+
+ entry.valid = 1;
+ entry.action = FAL_TX_CLASS_ACTION_FORWARD;
+ entry.channel = channel;
+
+ os_memcpy(psci, sci_addr, ETH_ALEN);
+ psci[6] = (sci_port >> 8) & 0xf;
+ psci[7] = sci_port & 0xf;
+
+ ret += nss_macsec_secy_tx_class_lut_set(drv->secy_id, channel, &entry);
+ ret += nss_macsec_secy_tx_sc_create(drv->secy_id, channel, psci, 8);
+ ret += nss_macsec_secy_tx_sc_protect_set(drv->secy_id, channel,
+ drv->protect_frames);
+ ret += nss_macsec_secy_tx_sc_confidentiality_offset_set(drv->secy_id,
+ channel,
+ conf_offset);
+
+ return ret;
+}
+
+
+static int macsec_qca_delete_transmit_sc(void *priv, u32 channel)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ fal_tx_class_lut_t entry;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d", __func__, channel);
+
+ /* class lut */
+ os_memset(&entry, 0, sizeof(entry));
+
+ ret += nss_macsec_secy_tx_class_lut_set(drv->secy_id, channel, &entry);
+ ret += nss_macsec_secy_tx_sc_del(drv->secy_id, channel);
+
+ return ret;
+}
+
+
+static int macsec_qca_create_transmit_sa(void *priv, u32 channel, u8 an,
+ u32 next_pn, Boolean confidentiality,
+ const u8 *sak)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+ u8 tci = 0;
+ fal_tx_sak_t tx_sak;
+ int i;
+
+ wpa_printf(MSG_DEBUG,
+ "%s: channel=%d, an=%d, next_pn=0x%x, confidentiality=%d",
+ __func__, channel, an, next_pn, confidentiality);
+
+ if (drv->always_include_sci)
+ tci |= TCI_SC;
+ else if (drv->use_es)
+ tci |= TCI_ES;
+ else if (drv->use_scb)
+ tci |= TCI_SCB;
+
+ if (confidentiality)
+ tci |= TCI_E | TCI_C;
+
+ os_memset(&tx_sak, 0, sizeof(tx_sak));
+ for (i = 0; i < 16; i++)
+ tx_sak.sak[i] = sak[15 - i];
+
+ ret += nss_macsec_secy_tx_sa_next_pn_set(drv->secy_id, channel, an,
+ next_pn);
+ ret += nss_macsec_secy_tx_sak_set(drv->secy_id, channel, an, &tx_sak);
+ ret += nss_macsec_secy_tx_sc_tci_7_2_set(drv->secy_id, channel,
+ (tci >> 2));
+ ret += nss_macsec_secy_tx_sc_an_set(drv->secy_id, channel, an);
+
+ return ret;
+}
+
+
+static int macsec_qca_enable_transmit_sa(void *priv, u32 channel, u8 an)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an);
+
+ ret += nss_macsec_secy_tx_sa_en_set(drv->secy_id, channel, an, TRUE);
+
+ return ret;
+}
+
+
+static int macsec_qca_disable_transmit_sa(void *priv, u32 channel, u8 an)
+{
+ struct macsec_qca_data *drv = priv;
+ int ret = 0;
+
+ wpa_printf(MSG_DEBUG, "%s: channel=%d, an=%d", __func__, channel, an);
+
+ ret += nss_macsec_secy_tx_sa_en_set(drv->secy_id, channel, an, FALSE);
+
+ return ret;
+}
+
+
+const struct wpa_driver_ops wpa_driver_macsec_qca_ops = {
+ .name = "macsec_qca",
+ .desc = "QCA MACsec Ethernet driver",
+ .get_ssid = macsec_qca_get_ssid,
+ .get_bssid = macsec_qca_get_bssid,
+ .get_capa = macsec_qca_get_capa,
+ .init = macsec_qca_init,
+ .deinit = macsec_qca_deinit,
+
+ .macsec_init = macsec_qca_macsec_init,
+ .macsec_deinit = macsec_qca_macsec_deinit,
+ .enable_protect_frames = macsec_qca_enable_protect_frames,
+ .set_replay_protect = macsec_qca_set_replay_protect,
+ .set_current_cipher_suite = macsec_qca_set_current_cipher_suite,
+ .enable_controlled_port = macsec_qca_enable_controlled_port,
+ .get_receive_lowest_pn = macsec_qca_get_receive_lowest_pn,
+ .get_transmit_next_pn = macsec_qca_get_transmit_next_pn,
+ .set_transmit_next_pn = macsec_qca_set_transmit_next_pn,
+ .get_available_receive_sc = macsec_qca_get_available_receive_sc,
+ .create_receive_sc = macsec_qca_create_receive_sc,
+ .delete_receive_sc = macsec_qca_delete_receive_sc,
+ .create_receive_sa = macsec_qca_create_receive_sa,
+ .enable_receive_sa = macsec_qca_enable_receive_sa,
+ .disable_receive_sa = macsec_qca_disable_receive_sa,
+ .get_available_transmit_sc = macsec_qca_get_available_transmit_sc,
+ .create_transmit_sc = macsec_qca_create_transmit_sc,
+ .delete_transmit_sc = macsec_qca_delete_transmit_sc,
+ .create_transmit_sa = macsec_qca_create_transmit_sa,
+ .enable_transmit_sa = macsec_qca_enable_transmit_sa,
+ .disable_transmit_sa = macsec_qca_disable_transmit_sa,
+};
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 9cbe6f3..5895efa 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -3852,6 +3852,10 @@
wiphy_info_wowlan_triggers(capa,
tb[NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED]);
+ if (tb[NL80211_ATTR_MAX_AP_ASSOC_STA])
+ capa->max_stations =
+ nla_get_u32(tb[NL80211_ATTR_MAX_AP_ASSOC_STA]);
+
return NL_SKIP;
}
diff --git a/src/drivers/drivers.c b/src/drivers/drivers.c
index 446ab63..d0e42ec 100644
--- a/src/drivers/drivers.c
+++ b/src/drivers/drivers.c
@@ -34,6 +34,10 @@
#ifdef CONFIG_DRIVER_WIRED
extern struct wpa_driver_ops wpa_driver_wired_ops; /* driver_wired.c */
#endif /* CONFIG_DRIVER_WIRED */
+#ifdef CONFIG_DRIVER_MACSEC_QCA
+ /* driver_macsec_qca.c */
+extern struct wpa_driver_ops wpa_driver_macsec_qca_ops;
+#endif /* CONFIG_DRIVER_MACSEC_QCA */
#ifdef CONFIG_DRIVER_TEST
extern struct wpa_driver_ops wpa_driver_test_ops; /* driver_test.c */
#endif /* CONFIG_DRIVER_TEST */
@@ -75,6 +79,9 @@
#ifdef CONFIG_DRIVER_WIRED
&wpa_driver_wired_ops,
#endif /* CONFIG_DRIVER_WIRED */
+#ifdef CONFIG_DRIVER_MACSEC_QCA
+ &wpa_driver_macsec_qca_ops,
+#endif /* CONFIG_DRIVER_MACSEC_QCA */
#ifdef CONFIG_DRIVER_TEST
&wpa_driver_test_ops,
#endif /* CONFIG_DRIVER_TEST */
diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak
index 68ff910..7e175f4 100644
--- a/src/drivers/drivers.mak
+++ b/src/drivers/drivers.mak
@@ -17,6 +17,11 @@
DRV_OBJS += ../src/drivers/driver_wired.o
endif
+ifdef CONFIG_DRIVER_MACSEC_QCA
+DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_QCA
+DRV_OBJS += ../src/drivers/driver_macsec_qca.o
+endif
+
ifdef CONFIG_DRIVER_NL80211
DRV_CFLAGS += -DCONFIG_DRIVER_NL80211
DRV_OBJS += ../src/drivers/driver_nl80211.o
diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index 7d6e6b8..96c9efd 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -284,11 +284,10 @@
int compute_keys(EAP_PWD_group *grp, BN_CTX *bnctx, BIGNUM *k,
BIGNUM *peer_scalar, BIGNUM *server_scalar,
u8 *confirm_peer, u8 *confirm_server,
- u32 *ciphersuite, u8 *msk, u8 *emsk)
+ u32 *ciphersuite, u8 *msk, u8 *emsk, u8 *session_id)
{
struct crypto_hash *hash;
u8 mk[SHA256_MAC_LEN], *cruft;
- u8 session_id[SHA256_MAC_LEN + 1];
u8 msk_emsk[EAP_MSK_LEN + EAP_EMSK_LEN];
int offset;
diff --git a/src/eap_common/eap_pwd_common.h b/src/eap_common/eap_pwd_common.h
index 816e58c..c54c441 100644
--- a/src/eap_common/eap_pwd_common.h
+++ b/src/eap_common/eap_pwd_common.h
@@ -59,7 +59,7 @@
int compute_password_element(EAP_PWD_group *, u16, u8 *, int, u8 *, int, u8 *,
int, u8 *);
int compute_keys(EAP_PWD_group *, BN_CTX *, BIGNUM *, BIGNUM *, BIGNUM *,
- u8 *, u8 *, u32 *, u8 *, u8 *);
+ u8 *, u8 *, u32 *, u8 *, u8 *, u8 *);
struct crypto_hash * eap_pwd_h_init(void);
void eap_pwd_h_update(struct crypto_hash *hash, const u8 *data, size_t len);
void eap_pwd_h_final(struct crypto_hash *hash, u8 *digest);
diff --git a/src/eap_peer/eap_ikev2.c b/src/eap_peer/eap_ikev2.c
index 2d7841d..45945fe 100644
--- a/src/eap_peer/eap_ikev2.c
+++ b/src/eap_peer/eap_ikev2.c
@@ -251,7 +251,8 @@
static int eap_ikev2_process_icv(struct eap_ikev2_data *data,
const struct wpabuf *reqData,
- u8 flags, const u8 *pos, const u8 **end)
+ u8 flags, const u8 *pos, const u8 **end,
+ int frag_ack)
{
if (flags & IKEV2_FLAGS_ICV_INCLUDED) {
int icv_len = eap_ikev2_validate_icv(
@@ -261,7 +262,7 @@
return -1;
/* Hide Integrity Checksum Data from further processing */
*end -= icv_len;
- } else if (data->keys_ready) {
+ } else if (data->keys_ready && !frag_ack) {
wpa_printf(MSG_INFO, "EAP-IKEV2: The message should have "
"included integrity checksum");
return -1;
@@ -351,7 +352,9 @@
else
flags = *pos++;
- if (eap_ikev2_process_icv(data, reqData, flags, pos, &end) < 0) {
+ if (eap_ikev2_process_icv(data, reqData, flags, pos, &end,
+ data->state == WAIT_FRAG_ACK && len == 0) < 0)
+ {
ret->ignore = TRUE;
return NULL;
}
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index e4168fc..2aa7ba5 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -43,6 +43,7 @@
u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN];
+ u8 session_id[1 + SHA256_MAC_LEN];
BN_CTX *bnctx;
};
@@ -189,6 +190,25 @@
}
+static u8 * eap_pwd_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
+{
+ struct eap_pwd_data *data = priv;
+ u8 *id;
+
+ if (data->state != SUCCESS)
+ return NULL;
+
+ id = os_malloc(1 + SHA256_MAC_LEN);
+ if (id == NULL)
+ return NULL;
+
+ os_memcpy(id, data->session_id, 1 + SHA256_MAC_LEN);
+ *len = 1 + SHA256_MAC_LEN;
+
+ return id;
+}
+
+
static void
eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
struct eap_method_ret *ret,
@@ -232,8 +252,8 @@
wpa_hexdump_ascii(MSG_INFO, "EAP-PWD (peer): server sent id of",
data->id_server, data->id_server_len);
- if ((data->grp = (EAP_PWD_group *) os_malloc(sizeof(EAP_PWD_group))) ==
- NULL) {
+ data->grp = os_zalloc(sizeof(EAP_PWD_group));
+ if (data->grp == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for "
"group");
eap_pwd_state(data, FAILURE);
@@ -647,7 +667,7 @@
if (compute_keys(data->grp, data->bnctx, data->k,
data->my_scalar, data->server_scalar, conf, ptr,
- &cs, data->msk, data->emsk) < 0) {
+ &cs, data->msk, data->emsk, data->session_id) < 0) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute MSK | "
"EMSK");
goto fin;
@@ -838,8 +858,11 @@
data->in_frag_pos = 0;
}
- if (data->outbuf == NULL)
+ if (data->outbuf == NULL) {
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
return NULL; /* generic failure */
+ }
/*
* we have output! Do we need to fragment it?
@@ -934,6 +957,7 @@
eap->process = eap_pwd_process;
eap->isKeyAvailable = eap_pwd_key_available;
eap->getKey = eap_pwd_getkey;
+ eap->getSessionId = eap_pwd_get_session_id;
eap->get_emsk = eap_pwd_get_emsk;
ret = eap_peer_method_register(eap);
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index d856054..fc9df96 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -952,9 +952,11 @@
}
if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
+ struct wpabuf *res;
wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid counter "
"(%d <= %d)", eattr.counter, data->counter);
data->counter_too_small = eattr.counter;
+
/* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
* reauth_id must not be used to start a new reauthentication.
* However, since it was used in the last EAP-Response-Identity
@@ -965,8 +967,11 @@
data->last_eap_identity_len = data->reauth_id_len;
data->reauth_id = NULL;
data->reauth_id_len = 0;
+
+ res = eap_sim_response_reauth(data, id, 1, eattr.nonce_s);
os_free(decrypted);
- return eap_sim_response_reauth(data, id, 1, eattr.nonce_s);
+
+ return res;
}
data->counter = eattr.counter;
diff --git a/src/eap_server/eap_server_ikev2.c b/src/eap_server/eap_server_ikev2.c
index 1ada0c8..3e32cc9 100644
--- a/src/eap_server/eap_server_ikev2.c
+++ b/src/eap_server/eap_server_ikev2.c
@@ -256,7 +256,8 @@
static int eap_ikev2_process_icv(struct eap_ikev2_data *data,
const struct wpabuf *respData,
- u8 flags, const u8 *pos, const u8 **end)
+ u8 flags, const u8 *pos, const u8 **end,
+ int frag_ack)
{
if (flags & IKEV2_FLAGS_ICV_INCLUDED) {
int icv_len = eap_ikev2_validate_icv(
@@ -266,7 +267,7 @@
return -1;
/* Hide Integrity Checksum Data from further processing */
*end -= icv_len;
- } else if (data->keys_ready) {
+ } else if (data->keys_ready && !frag_ack) {
wpa_printf(MSG_INFO, "EAP-IKEV2: The message should have "
"included integrity checksum");
return -1;
@@ -365,7 +366,9 @@
} else
flags = *pos++;
- if (eap_ikev2_process_icv(data, respData, flags, pos, &end) < 0) {
+ if (eap_ikev2_process_icv(data, respData, flags, pos, &end,
+ data->state == WAIT_FRAG_ACK && len == 0) < 0)
+ {
eap_ikev2_state(data, FAIL);
return;
}
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 3467dd1..ec53481 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -45,6 +45,7 @@
u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN];
+ u8 session_id[1 + SHA256_MAC_LEN];
BN_CTX *bnctx;
};
@@ -123,7 +124,8 @@
data->in_frag_pos = data->out_frag_pos = 0;
data->inbuf = data->outbuf = NULL;
- data->mtu = 1020; /* default from RFC 5931, make it configurable! */
+ /* use default MTU from RFC 5931 if not configured otherwise */
+ data->mtu = sm->fragment_size > 0 ? sm->fragment_size : 1020;
return data;
}
@@ -598,7 +600,8 @@
wpa_hexdump_ascii(MSG_DEBUG, "EAP-PWD (server): peer sent id of",
data->id_peer, data->id_peer_len);
- if ((data->grp = os_malloc(sizeof(EAP_PWD_group))) == NULL) {
+ data->grp = os_zalloc(sizeof(EAP_PWD_group));
+ if (data->grp == NULL) {
wpa_printf(MSG_INFO, "EAP-PWD: failed to allocate memory for "
"group");
return;
@@ -841,7 +844,8 @@
wpa_printf(MSG_DEBUG, "EAP-pwd (server): confirm verified");
if (compute_keys(data->grp, data->bnctx, data->k,
data->peer_scalar, data->my_scalar, conf,
- data->my_confirm, &cs, data->msk, data->emsk) < 0)
+ data->my_confirm, &cs, data->msk, data->emsk,
+ data->session_id) < 0)
eap_pwd_state(data, FAILURE);
else
eap_pwd_state(data, SUCCESS);
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index cbcde7e..1004b1a 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1345,6 +1345,13 @@
eapol_sm_step(sm);
}
break;
+#ifdef CONFIG_MACSEC
+ case IEEE802_1X_TYPE_EAPOL_MKA:
+ wpa_printf(MSG_EXCESSIVE,
+ "EAPOL type %d will be handled by MKA",
+ hdr->type);
+ break;
+#endif /* CONFIG_MACSEC */
default:
wpa_printf(MSG_DEBUG, "EAPOL: Received unknown EAPOL type %d",
hdr->type);
@@ -1557,6 +1564,24 @@
/**
+ * eapol_sm_get_session_id - Get EAP Session-Id
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @len: Pointer to variable that will be set to number of bytes in the session
+ * Returns: Pointer to the EAP Session-Id or %NULL on failure
+ *
+ * The Session-Id is available only after a successful authentication.
+ */
+const u8 * eapol_sm_get_session_id(struct eapol_sm *sm, size_t *len)
+{
+ if (sm == NULL || !eap_key_available(sm->eap)) {
+ wpa_printf(MSG_DEBUG, "EAPOL: EAP Session-Id not available");
+ return NULL;
+ }
+ return eap_get_eapSessionId(sm->eap, len);
+}
+
+
+/**
* eapol_sm_notify_logoff - Notification of logon/logoff commands
* @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
* @logoff: Whether command was logoff
diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index 934eda0..d76c8c2 100644
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -285,6 +285,7 @@
struct eap_peer_config *config,
const struct eapol_config *conf);
int eapol_sm_get_key(struct eapol_sm *sm, u8 *key, size_t len);
+const u8 * eapol_sm_get_session_id(struct eapol_sm *sm, size_t *len);
void eapol_sm_notify_logoff(struct eapol_sm *sm, Boolean logoff);
void eapol_sm_notify_cached(struct eapol_sm *sm);
void eapol_sm_notify_pmkid_attempt(struct eapol_sm *sm, int attempt);
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index b30ea56..5e227ec 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -3849,6 +3849,13 @@
p2p_ext_listen_timeout, p2p, NULL);
}
+ if (p2p->cfg->is_p2p_in_progress &&
+ p2p->cfg->is_p2p_in_progress(p2p->cfg->cb_ctx)) {
+ p2p_dbg(p2p, "Operation in progress - skip Extended Listen timeout (%s)",
+ p2p_state_txt(p2p->state));
+ return;
+ }
+
if (p2p->state == P2P_LISTEN_ONLY && p2p->ext_listen_only) {
/*
* This should not really happen, but it looks like the Listen
diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h
index abbb111..fa8031d 100644
--- a/src/p2p/p2p.h
+++ b/src/p2p/p2p.h
@@ -805,6 +805,14 @@
* or 0 if not.
*/
int (*is_concurrent_session_active)(void *ctx);
+
+ /**
+ * is_p2p_in_progress - Check whether P2P operation is in progress
+ * @ctx: Callback context from cb_ctx
+ * Returns: 1 if P2P operation (e.g., group formation) is in progress
+ * or 0 if not.
+ */
+ int (*is_p2p_in_progress)(void *ctx);
};
diff --git a/src/pae/Makefile b/src/pae/Makefile
new file mode 100644
index 0000000..9c41962
--- /dev/null
+++ b/src/pae/Makefile
@@ -0,0 +1,8 @@
+all:
+ @echo Nothing to be made.
+
+clean:
+ rm -f *~ *.o *.d
+
+install:
+ @echo Nothing to be made.
diff --git a/src/pae/ieee802_1x_cp.c b/src/pae/ieee802_1x_cp.c
new file mode 100644
index 0000000..cf43c59
--- /dev/null
+++ b/src/pae/ieee802_1x_cp.c
@@ -0,0 +1,744 @@
+/*
+ * IEEE 802.1X-2010 Controlled Port of PAE state machine - CP state machine
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+#include "utils/state_machine.h"
+#include "ieee802_1x_kay.h"
+#include "ieee802_1x_secy_ops.h"
+#include "pae/ieee802_1x_cp.h"
+
+#define STATE_MACHINE_DATA struct ieee802_1x_cp_sm
+#define STATE_MACHINE_DEBUG_PREFIX "CP"
+
+static u8 default_cs_id[] = CS_ID_GCM_AES_128;
+
+/* The variable defined in clause 12 in IEEE Std 802.1X-2010 */
+enum connect_type { PENDING, UNAUTHENTICATED, AUTHENTICATED, SECURE };
+
+struct ieee802_1x_cp_sm {
+ enum cp_states {
+ CP_BEGIN, CP_INIT, CP_CHANGE, CP_ALLOWED, CP_AUTHENTICATED,
+ CP_SECURED, CP_RECEIVE, CP_RECEIVING, CP_READY, CP_TRANSMIT,
+ CP_TRANSMITTING, CP_ABANDON, CP_RETIRE
+ } CP_state;
+ Boolean changed;
+
+ /* CP -> Client */
+ Boolean port_valid;
+
+ /* Logon -> CP */
+ enum connect_type connect;
+ u8 *authorization_data;
+
+ /* KaY -> CP */
+ Boolean chgd_server; /* clear by CP */
+ Boolean elected_self;
+ u8 *authorization_data1;
+ enum confidentiality_offset cipher_offset;
+ u8 *cipher_suite;
+ Boolean new_sak; /* clear by CP */
+ struct ieee802_1x_mka_ki distributed_ki;
+ u8 distributed_an;
+ Boolean using_receive_sas;
+ Boolean all_receiving;
+ Boolean server_transmitting;
+ Boolean using_transmit_sa;
+
+ /* CP -> KaY */
+ struct ieee802_1x_mka_ki *lki;
+ u8 lan;
+ Boolean ltx;
+ Boolean lrx;
+ struct ieee802_1x_mka_ki *oki;
+ u8 oan;
+ Boolean otx;
+ Boolean orx;
+
+ /* CP -> SecY */
+ Boolean protect_frames;
+ enum validate_frames validate_frames;
+
+ Boolean replay_protect;
+ u32 replay_window;
+
+ u8 *current_cipher_suite;
+ enum confidentiality_offset confidentiality_offset;
+ Boolean controlled_port_enabled;
+
+ /* SecY -> CP */
+ Boolean port_enabled; /* SecY->CP */
+
+ /* private */
+ u32 transmit_when;
+ u32 transmit_delay;
+ u32 retire_when;
+ u32 retire_delay;
+
+ /* not defined IEEE Std 802.1X-2010 */
+ struct ieee802_1x_kay *kay;
+};
+
+static void ieee802_1x_cp_retire_when_timeout(void *eloop_ctx,
+ void *timeout_ctx);
+static void ieee802_1x_cp_transmit_when_timeout(void *eloop_ctx,
+ void *timeout_ctx);
+
+
+static int changed_cipher(struct ieee802_1x_cp_sm *sm)
+{
+ return sm->confidentiality_offset != sm->cipher_offset ||
+ os_memcmp(sm->current_cipher_suite, sm->cipher_suite,
+ CS_ID_LEN) != 0;
+}
+
+
+static int changed_connect(struct ieee802_1x_cp_sm *sm)
+{
+ return sm->connect != SECURE || sm->chgd_server || changed_cipher(sm);
+}
+
+
+SM_STATE(CP, INIT)
+{
+ SM_ENTRY(CP, INIT);
+
+ sm->controlled_port_enabled = FALSE;
+ secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+
+ sm->port_valid = FALSE;
+
+ os_free(sm->lki);
+ sm->lki = NULL;
+ sm->ltx = FALSE;
+ sm->lrx = FALSE;
+
+ os_free(sm->oki);
+ sm->oki = NULL;
+ sm->otx = FALSE;
+ sm->orx = FALSE;
+
+ sm->port_enabled = TRUE;
+ sm->chgd_server = FALSE;
+}
+
+
+SM_STATE(CP, CHANGE)
+{
+ SM_ENTRY(CP, CHANGE);
+
+ sm->port_valid = FALSE;
+ sm->controlled_port_enabled = FALSE;
+ secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+
+ if (sm->lki)
+ ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
+ if (sm->oki)
+ ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
+}
+
+
+SM_STATE(CP, ALLOWED)
+{
+ SM_ENTRY(CP, ALLOWED);
+
+ sm->protect_frames = FALSE;
+ sm->replay_protect = FALSE;
+ sm->validate_frames = Checked;
+
+ sm->port_valid = FALSE;
+ sm->controlled_port_enabled = TRUE;
+
+ secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+ secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
+ secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
+ secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
+}
+
+
+SM_STATE(CP, AUTHENTICATED)
+{
+ SM_ENTRY(CP, AUTHENTICATED);
+
+ sm->protect_frames = FALSE;
+ sm->replay_protect = FALSE;
+ sm->validate_frames = Checked;
+
+ sm->port_valid = FALSE;
+ sm->controlled_port_enabled = TRUE;
+
+ secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+ secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
+ secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
+ secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
+}
+
+
+SM_STATE(CP, SECURED)
+{
+ struct ieee802_1x_cp_conf conf;
+
+ SM_ENTRY(CP, SECURED);
+
+ sm->chgd_server = FALSE;
+
+ ieee802_1x_kay_cp_conf(sm->kay, &conf);
+ sm->protect_frames = conf.protect;
+ sm->replay_protect = conf.replay_protect;
+ sm->validate_frames = conf.validate;
+
+ /* NOTE: now no other than default cipher suiter(AES-GCM-128) */
+ os_memcpy(sm->current_cipher_suite, sm->cipher_suite, CS_ID_LEN);
+ secy_cp_control_current_cipher_suite(sm->kay, sm->current_cipher_suite,
+ CS_ID_LEN);
+
+ sm->confidentiality_offset = sm->cipher_offset;
+
+ sm->port_valid = TRUE;
+
+ secy_cp_control_confidentiality_offset(sm->kay,
+ sm->confidentiality_offset);
+ secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
+ secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
+ secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
+}
+
+
+SM_STATE(CP, RECEIVE)
+{
+ SM_ENTRY(CP, RECEIVE);
+ /* RECEIVE state machine not keep with Figure 12-2 in
+ * IEEE Std 802.1X-2010 */
+ sm->oki = sm->lki;
+ sm->oan = sm->lan;
+ sm->otx = sm->ltx;
+ sm->orx = sm->lrx;
+ ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+ sm->otx, sm->orx);
+
+ sm->lki = os_malloc(sizeof(*sm->lki));
+ if (!sm->lki) {
+ wpa_printf(MSG_ERROR, "CP-%s: Out of memory", __func__);
+ return;
+ }
+ os_memcpy(sm->lki, &sm->distributed_ki, sizeof(*sm->lki));
+ sm->lan = sm->distributed_an;
+ sm->ltx = FALSE;
+ sm->lrx = FALSE;
+ ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+ sm->ltx, sm->lrx);
+ ieee802_1x_kay_create_sas(sm->kay, sm->lki);
+ ieee802_1x_kay_enable_rx_sas(sm->kay, sm->lki);
+ sm->new_sak = FALSE;
+ sm->all_receiving = FALSE;
+}
+
+
+SM_STATE(CP, RECEIVING)
+{
+ SM_ENTRY(CP, RECEIVING);
+
+ sm->lrx = TRUE;
+ ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+ sm->ltx, sm->lrx);
+ sm->transmit_when = sm->transmit_delay;
+ eloop_cancel_timeout(ieee802_1x_cp_transmit_when_timeout, sm, NULL);
+ eloop_register_timeout(sm->transmit_when / 1000, 0,
+ ieee802_1x_cp_transmit_when_timeout, sm, NULL);
+ /* the electedSelf have been set before CP entering to RECEIVING
+ * but the CP will transmit from RECEIVING to READY under
+ * the !electedSelf when KaY is not key server */
+ ieee802_1x_cp_sm_step(sm);
+ sm->using_receive_sas = FALSE;
+ sm->server_transmitting = FALSE;
+}
+
+
+SM_STATE(CP, READY)
+{
+ SM_ENTRY(CP, READY);
+
+ ieee802_1x_kay_enable_new_info(sm->kay);
+}
+
+
+SM_STATE(CP, TRANSMIT)
+{
+ SM_ENTRY(CP, TRANSMIT);
+
+ sm->controlled_port_enabled = TRUE;
+ secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+ sm->ltx = TRUE;
+ ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+ sm->ltx, sm->lrx);
+ ieee802_1x_kay_enable_tx_sas(sm->kay, sm->lki);
+ sm->all_receiving = FALSE;
+ sm->server_transmitting = FALSE;
+}
+
+
+SM_STATE(CP, TRANSMITTING)
+{
+ SM_ENTRY(CP, TRANSMITTING);
+ sm->retire_when = sm->orx ? sm->retire_delay : 0;
+ sm->otx = FALSE;
+ ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+ sm->otx, sm->orx);
+ ieee802_1x_kay_enable_new_info(sm->kay);
+ eloop_cancel_timeout(ieee802_1x_cp_retire_when_timeout, sm, NULL);
+ eloop_register_timeout(sm->retire_when / 1000, 0,
+ ieee802_1x_cp_retire_when_timeout, sm, NULL);
+ sm->using_transmit_sa = FALSE;
+}
+
+
+SM_STATE(CP, ABANDON)
+{
+ SM_ENTRY(CP, ABANDON);
+ sm->lrx = FALSE;
+ ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+ sm->ltx, sm->lrx);
+ ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
+
+ os_free(sm->lki);
+ sm->lki = NULL;
+ ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+ sm->ltx, sm->lrx);
+ sm->new_sak = FALSE;
+}
+
+
+SM_STATE(CP, RETIRE)
+{
+ SM_ENTRY(CP, RETIRE);
+ /* RETIRE state machine not keep with Figure 12-2 in
+ * IEEE Std 802.1X-2010 */
+ os_free(sm->oki);
+ sm->oki = NULL;
+ sm->orx = FALSE;
+ sm->otx = FALSE;
+ ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+ sm->otx, sm->orx);
+}
+
+
+/**
+ * CP state machine handler entry
+ */
+SM_STEP(CP)
+{
+ if (!sm->port_enabled)
+ SM_ENTER(CP, INIT);
+
+ switch (sm->CP_state) {
+ case CP_BEGIN:
+ SM_ENTER(CP, INIT);
+ break;
+
+ case CP_INIT:
+ SM_ENTER(CP, CHANGE);
+ break;
+
+ case CP_CHANGE:
+ if (sm->connect == UNAUTHENTICATED)
+ SM_ENTER(CP, ALLOWED);
+ else if (sm->connect == AUTHENTICATED)
+ SM_ENTER(CP, AUTHENTICATED);
+ else if (sm->connect == SECURE)
+ SM_ENTER(CP, SECURED);
+ break;
+
+ case CP_ALLOWED:
+ if (sm->connect != UNAUTHENTICATED)
+ SM_ENTER(CP, CHANGE);
+ break;
+
+ case CP_AUTHENTICATED:
+ if (sm->connect != AUTHENTICATED)
+ SM_ENTER(CP, CHANGE);
+ break;
+
+ case CP_SECURED:
+ if (changed_connect(sm))
+ SM_ENTER(CP, CHANGE);
+ else if (sm->new_sak)
+ SM_ENTER(CP, RECEIVE);
+ break;
+
+ case CP_RECEIVE:
+ if (sm->using_receive_sas)
+ SM_ENTER(CP, RECEIVING);
+ break;
+
+ case CP_RECEIVING:
+ if (sm->new_sak || changed_connect(sm))
+ SM_ENTER(CP, ABANDON);
+ if (!sm->elected_self)
+ SM_ENTER(CP, READY);
+ if (sm->elected_self &&
+ (sm->all_receiving || !sm->transmit_when))
+ SM_ENTER(CP, TRANSMIT);
+ break;
+
+ case CP_TRANSMIT:
+ if (sm->using_transmit_sa)
+ SM_ENTER(CP, TRANSMITTING);
+ break;
+
+ case CP_TRANSMITTING:
+ if (!sm->retire_when || changed_connect(sm))
+ SM_ENTER(CP, RETIRE);
+ break;
+
+ case CP_RETIRE:
+ if (changed_connect(sm))
+ SM_ENTER(CP, CHANGE);
+ else if (sm->new_sak)
+ SM_ENTER(CP, RECEIVE);
+ break;
+
+ case CP_READY:
+ if (sm->new_sak || changed_connect(sm))
+ SM_ENTER(CP, RECEIVE);
+ if (sm->server_transmitting)
+ SM_ENTER(CP, TRANSMIT);
+ break;
+ case CP_ABANDON:
+ if (changed_connect(sm))
+ SM_ENTER(CP, RETIRE);
+ else if (sm->new_sak)
+ SM_ENTER(CP, RECEIVE);
+ break;
+ default:
+ wpa_printf(MSG_ERROR, "CP: the state machine is not defined");
+ break;
+ }
+}
+
+
+/**
+ * ieee802_1x_cp_sm_init -
+ */
+struct ieee802_1x_cp_sm * ieee802_1x_cp_sm_init(
+ struct ieee802_1x_kay *kay,
+ struct ieee802_1x_cp_conf *pcp_conf)
+{
+ struct ieee802_1x_cp_sm *sm;
+
+ sm = os_zalloc(sizeof(*sm));
+ if (sm == NULL) {
+ wpa_printf(MSG_ERROR, "CP-%s: out of memory", __func__);
+ return NULL;
+ }
+
+ sm->kay = kay;
+
+ sm->port_valid = FALSE;
+
+ sm->chgd_server = FALSE;
+
+ sm->protect_frames = pcp_conf->protect;
+ sm->validate_frames = pcp_conf->validate;
+ sm->replay_protect = pcp_conf->replay_protect;
+ sm->replay_window = pcp_conf->replay_window;
+
+ sm->controlled_port_enabled = FALSE;
+
+ sm->lki = NULL;
+ sm->lrx = FALSE;
+ sm->ltx = FALSE;
+ sm->oki = NULL;
+ sm->orx = FALSE;
+ sm->otx = FALSE;
+
+ sm->cipher_suite = os_zalloc(CS_ID_LEN);
+ sm->current_cipher_suite = os_zalloc(CS_ID_LEN);
+ if (!sm->cipher_suite || !sm->current_cipher_suite) {
+ wpa_printf(MSG_ERROR, "CP-%s: out of memory", __func__);
+ os_free(sm->cipher_suite);
+ os_free(sm->current_cipher_suite);
+ os_free(sm);
+ return NULL;
+ }
+ os_memcpy(sm->current_cipher_suite, default_cs_id, CS_ID_LEN);
+ os_memcpy(sm->cipher_suite, default_cs_id, CS_ID_LEN);
+ sm->cipher_offset = CONFIDENTIALITY_OFFSET_0;
+ sm->confidentiality_offset = sm->cipher_offset;
+ sm->transmit_delay = MKA_LIFE_TIME;
+ sm->retire_delay = MKA_SAK_RETIRE_TIME;
+ sm->CP_state = CP_BEGIN;
+ sm->changed = FALSE;
+ sm->authorization_data = NULL;
+
+ wpa_printf(MSG_DEBUG, "CP: state machine created");
+
+ secy_cp_control_protect_frames(sm->kay, sm->protect_frames);
+ secy_cp_control_validate_frames(sm->kay, sm->validate_frames);
+ secy_cp_control_replay(sm->kay, sm->replay_protect, sm->replay_window);
+ secy_cp_control_enable_port(sm->kay, sm->controlled_port_enabled);
+ secy_cp_control_confidentiality_offset(sm->kay,
+ sm->confidentiality_offset);
+
+ SM_ENTER(CP, INIT);
+ SM_STEP_RUN(CP);
+
+ return sm;
+}
+
+
+static void ieee802_1x_cp_step_run(struct ieee802_1x_cp_sm *sm)
+{
+ enum cp_states prev_state;
+ int i;
+
+ for (i = 0; i < 100; i++) {
+ prev_state = sm->CP_state;
+ SM_STEP_RUN(CP);
+ if (prev_state == sm->CP_state)
+ break;
+ }
+}
+
+
+static void ieee802_1x_cp_step_cb(void *eloop_ctx, void *timeout_ctx)
+{
+ struct ieee802_1x_cp_sm *sm = eloop_ctx;
+ ieee802_1x_cp_step_run(sm);
+}
+
+
+/**
+ * ieee802_1x_cp_sm_deinit -
+ */
+void ieee802_1x_cp_sm_deinit(struct ieee802_1x_cp_sm *sm)
+{
+ wpa_printf(MSG_DEBUG, "CP: state machine removed");
+ if (!sm)
+ return;
+
+ eloop_cancel_timeout(ieee802_1x_cp_retire_when_timeout, sm, NULL);
+ eloop_cancel_timeout(ieee802_1x_cp_transmit_when_timeout, sm, NULL);
+ eloop_cancel_timeout(ieee802_1x_cp_step_cb, sm, NULL);
+ os_free(sm->lki);
+ os_free(sm->oki);
+ os_free(sm->cipher_suite);
+ os_free(sm->current_cipher_suite);
+ os_free(sm->authorization_data);
+ os_free(sm);
+}
+
+
+/**
+ * ieee802_1x_cp_connect_pending
+ */
+void ieee802_1x_cp_connect_pending(void *cp_ctx)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+
+ sm->connect = PENDING;
+}
+
+
+/**
+ * ieee802_1x_cp_connect_unauthenticated
+ */
+void ieee802_1x_cp_connect_unauthenticated(void *cp_ctx)
+{
+ struct ieee802_1x_cp_sm *sm = (struct ieee802_1x_cp_sm *)cp_ctx;
+
+ sm->connect = UNAUTHENTICATED;
+}
+
+
+/**
+ * ieee802_1x_cp_connect_authenticated
+ */
+void ieee802_1x_cp_connect_authenticated(void *cp_ctx)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+
+ sm->connect = AUTHENTICATED;
+}
+
+
+/**
+ * ieee802_1x_cp_connect_secure
+ */
+void ieee802_1x_cp_connect_secure(void *cp_ctx)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+
+ sm->connect = SECURE;
+}
+
+
+/**
+ * ieee802_1x_cp_set_chgdserver -
+ */
+void ieee802_1x_cp_signal_chgdserver(void *cp_ctx)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+
+ sm->chgd_server = TRUE;
+}
+
+
+/**
+ * ieee802_1x_cp_set_electedself -
+ */
+void ieee802_1x_cp_set_electedself(void *cp_ctx, Boolean status)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ sm->elected_self = status;
+}
+
+
+/**
+ * ieee802_1x_cp_set_authorizationdata -
+ */
+void ieee802_1x_cp_set_authorizationdata(void *cp_ctx, u8 *pdata, int len)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ os_free(sm->authorization_data);
+ sm->authorization_data = os_zalloc(len);
+ if (sm->authorization_data)
+ os_memcpy(sm->authorization_data, pdata, len);
+}
+
+
+/**
+ * ieee802_1x_cp_set_ciphersuite -
+ */
+void ieee802_1x_cp_set_ciphersuite(void *cp_ctx, void *pid)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ os_memcpy(sm->cipher_suite, pid, CS_ID_LEN);
+}
+
+
+/**
+ * ieee802_1x_cp_set_offset -
+ */
+void ieee802_1x_cp_set_offset(void *cp_ctx, enum confidentiality_offset offset)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ sm->cipher_offset = offset;
+}
+
+
+/**
+ * ieee802_1x_cp_signal_newsak -
+ */
+void ieee802_1x_cp_signal_newsak(void *cp_ctx)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ sm->new_sak = TRUE;
+}
+
+
+/**
+ * ieee802_1x_cp_set_distributedki -
+ */
+void ieee802_1x_cp_set_distributedki(void *cp_ctx,
+ const struct ieee802_1x_mka_ki *dki)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ os_memcpy(&sm->distributed_ki, dki, sizeof(struct ieee802_1x_mka_ki));
+}
+
+
+/**
+ * ieee802_1x_cp_set_distributedan -
+ */
+void ieee802_1x_cp_set_distributedan(void *cp_ctx, u8 an)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ sm->distributed_an = an;
+}
+
+
+/**
+ * ieee802_1x_cp_set_usingreceivesas -
+ */
+void ieee802_1x_cp_set_usingreceivesas(void *cp_ctx, Boolean status)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ sm->using_receive_sas = status;
+}
+
+
+/**
+ * ieee802_1x_cp_set_allreceiving -
+ */
+void ieee802_1x_cp_set_allreceiving(void *cp_ctx, Boolean status)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ sm->all_receiving = status;
+}
+
+
+/**
+ * ieee802_1x_cp_set_servertransmitting -
+ */
+void ieee802_1x_cp_set_servertransmitting(void *cp_ctx, Boolean status)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ sm->server_transmitting = status;
+}
+
+
+/**
+ * ieee802_1x_cp_set_usingtransmitsas -
+ */
+void ieee802_1x_cp_set_usingtransmitas(void *cp_ctx, Boolean status)
+{
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ sm->using_transmit_sa = status;
+}
+
+
+/**
+ * ieee802_1x_cp_sm_step - Advance EAPOL state machines
+ * @sm: EAPOL state machine
+ *
+ * This function is called to advance CP state machines after any change
+ * that could affect their state.
+ */
+void ieee802_1x_cp_sm_step(void *cp_ctx)
+{
+ /*
+ * Run ieee802_1x_cp_step_run from a registered timeout
+ * to make sure that other possible timeouts/events are processed
+ * and to avoid long function call chains.
+ */
+ struct ieee802_1x_cp_sm *sm = cp_ctx;
+ eloop_cancel_timeout(ieee802_1x_cp_step_cb, sm, NULL);
+ eloop_register_timeout(0, 0, ieee802_1x_cp_step_cb, sm, NULL);
+}
+
+
+static void ieee802_1x_cp_retire_when_timeout(void *eloop_ctx,
+ void *timeout_ctx)
+{
+ struct ieee802_1x_cp_sm *sm = eloop_ctx;
+ sm->retire_when = 0;
+ ieee802_1x_cp_step_run(sm);
+}
+
+
+static void
+ieee802_1x_cp_transmit_when_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+ struct ieee802_1x_cp_sm *sm = eloop_ctx;
+ sm->transmit_when = 0;
+ ieee802_1x_cp_step_run(sm);
+}
diff --git a/src/pae/ieee802_1x_cp.h b/src/pae/ieee802_1x_cp.h
new file mode 100644
index 0000000..773c930
--- /dev/null
+++ b/src/pae/ieee802_1x_cp.h
@@ -0,0 +1,50 @@
+/*
+ * IEEE Std 802.1X-2010 Controlled Port of PAE state machine - CP state machine
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_CP_H
+#define IEEE802_1X_CP_H
+
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+
+struct ieee802_1x_cp_sm;
+struct ieee802_1x_kay;
+struct ieee802_1x_mka_ki;
+
+struct ieee802_1x_cp_conf {
+ Boolean protect;
+ Boolean replay_protect;
+ enum validate_frames validate;
+ u32 replay_window;
+};
+
+
+struct ieee802_1x_cp_sm *
+ieee802_1x_cp_sm_init(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_cp_conf *pcp_conf);
+void ieee802_1x_cp_sm_deinit(struct ieee802_1x_cp_sm *sm);
+void ieee802_1x_cp_sm_step(void *cp_ctx);
+void ieee802_1x_cp_connect_pending(void *cp_ctx);
+void ieee802_1x_cp_connect_unauthenticated(void *cp_ctx);
+void ieee802_1x_cp_connect_authenticated(void *cp_ctx);
+void ieee802_1x_cp_connect_secure(void *cp_ctx);
+void ieee802_1x_cp_signal_chgdserver(void *cp_ctx);
+void ieee802_1x_cp_set_electedself(void *cp_ctx, Boolean status);
+void ieee802_1x_cp_set_authorizationdata(void *cp_ctx, u8 *pdata, int len);
+void ieee802_1x_cp_set_ciphersuite(void *cp_ctx, void *pid);
+void ieee802_1x_cp_set_offset(void *cp_ctx, enum confidentiality_offset offset);
+void ieee802_1x_cp_signal_newsak(void *cp_ctx);
+void ieee802_1x_cp_set_distributedki(void *cp_ctx,
+ const struct ieee802_1x_mka_ki *dki);
+void ieee802_1x_cp_set_distributedan(void *cp_ctx, u8 an);
+void ieee802_1x_cp_set_usingreceivesas(void *cp_ctx, Boolean status);
+void ieee802_1x_cp_set_allreceiving(void *cp_ctx, Boolean status);
+void ieee802_1x_cp_set_servertransmitting(void *cp_ctx, Boolean status);
+void ieee802_1x_cp_set_usingtransmitas(void *cp_ctx, Boolean status);
+
+#endif /* IEEE802_1X_CP_H */
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
new file mode 100644
index 0000000..fb8a8ca
--- /dev/null
+++ b/src/pae/ieee802_1x_kay.c
@@ -0,0 +1,3526 @@
+/*
+ * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include <time.h>
+#include "includes.h"
+#include "common.h"
+#include "list.h"
+#include "eloop.h"
+#include "wpabuf.h"
+#include "state_machine.h"
+#include "l2_packet/l2_packet.h"
+#include "common/eapol_common.h"
+#include "crypto/aes_wrap.h"
+#include "ieee802_1x_cp.h"
+#include "ieee802_1x_key.h"
+#include "ieee802_1x_kay.h"
+#include "ieee802_1x_kay_i.h"
+#include "ieee802_1x_secy_ops.h"
+
+
+#define DEFAULT_SA_KEY_LEN 16
+#define DEFAULT_ICV_LEN 16
+#define MAX_ICV_LEN 32 /* 32 bytes, 256 bits */
+
+#define PENDING_PN_EXHAUSTION 0xC0000000
+
+/* IEEE Std 802.1X-2010, Table 9-1 - MKA Algorithm Agility */
+#define MKA_ALGO_AGILITY_2009 { 0x00, 0x80, 0xC2, 0x01 }
+static u8 mka_algo_agility[4] = MKA_ALGO_AGILITY_2009;
+
+/* IEEE802.1AE-2006 Table 14-1 MACsec Cipher Suites */
+static struct macsec_ciphersuite cipher_suite_tbl[] = {
+ /* GCM-AES-128 */
+ {
+ CS_ID_GCM_AES_128,
+ CS_NAME_GCM_AES_128,
+ MACSEC_CAP_INTEG_AND_CONF_0_30_50,
+ 16,
+
+ 0 /* index */
+ },
+};
+#define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
+#define DEFAULT_CS_INDEX 0
+
+static struct mka_alg mka_alg_tbl[] = {
+ {
+ MKA_ALGO_AGILITY_2009,
+ /* 128-bit CAK, KEK, ICK, ICV */
+ 16, 16, 16, 16,
+ ieee802_1x_cak_128bits_aes_cmac,
+ ieee802_1x_ckn_128bits_aes_cmac,
+ ieee802_1x_kek_128bits_aes_cmac,
+ ieee802_1x_ick_128bits_aes_cmac,
+ ieee802_1x_icv_128bits_aes_cmac,
+
+ 1, /* index */
+ },
+};
+#define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
+
+
+static int is_ki_equal(struct ieee802_1x_mka_ki *ki1,
+ struct ieee802_1x_mka_ki *ki2)
+{
+ return os_memcmp(ki1->mi, ki2->mi, MI_LEN) == 0 &&
+ ki1->kn == ki2->kn;
+}
+
+
+struct mka_param_body_handler {
+ int (*body_tx)(struct ieee802_1x_mka_participant *participant,
+ struct wpabuf *buf);
+ int (*body_rx)(struct ieee802_1x_mka_participant *participant,
+ const u8 *mka_msg, size_t msg_len);
+ int (*body_length)(struct ieee802_1x_mka_participant *participant);
+ Boolean (*body_present)(struct ieee802_1x_mka_participant *participant);
+};
+
+
+static void set_mka_param_body_len(void *body, unsigned int len)
+{
+ struct ieee802_1x_mka_hdr *hdr = body;
+ hdr->length = (len >> 8) & 0x0f;
+ hdr->length1 = len & 0xff;
+}
+
+
+static unsigned int get_mka_param_body_len(const void *body)
+{
+ const struct ieee802_1x_mka_hdr *hdr = body;
+ return (hdr->length << 8) | hdr->length1;
+}
+
+
+static int get_mka_param_body_type(const void *body)
+{
+ const struct ieee802_1x_mka_hdr *hdr = body;
+ return hdr->type;
+}
+
+
+/**
+ * ieee802_1x_mka_dump_basic_body -
+ */
+static void
+ieee802_1x_mka_dump_basic_body(struct ieee802_1x_mka_basic_body *body)
+{
+ size_t body_len;
+
+ if (!body)
+ return;
+
+ body_len = get_mka_param_body_len(body);
+ wpa_printf(MSG_DEBUG, "*** MKA Basic Parameter set ***");
+ wpa_printf(MSG_DEBUG, "\tVersion.......: %d", body->version);
+ wpa_printf(MSG_DEBUG, "\tPriority......: %d", body->priority);
+ wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server);
+ wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired);
+ wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capbility);
+ wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
+ wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR,
+ MAC2STR(body->actor_sci.addr));
+ wpa_printf(MSG_DEBUG, "\tSCI Port .....: %d",
+ be_to_host16(body->actor_sci.port));
+ wpa_hexdump(MSG_DEBUG, "\tMember Id.....:",
+ body->actor_mi, sizeof(body->actor_mi));
+ wpa_printf(MSG_DEBUG, "\tMessage Number: %d",
+ be_to_host32(body->actor_mn));
+ wpa_hexdump(MSG_DEBUG, "\tAlgo Agility..:",
+ body->algo_agility, sizeof(body->algo_agility));
+ wpa_hexdump_ascii(MSG_DEBUG, "\tCAK Name......:", body->ckn,
+ body_len + MKA_HDR_LEN - sizeof(*body));
+}
+
+
+/**
+ * ieee802_1x_mka_dump_peer_body -
+ */
+static void
+ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
+{
+ size_t body_len;
+ size_t i;
+ u8 *mi;
+ u32 mn;
+
+ if (body == NULL)
+ return;
+
+ body_len = get_mka_param_body_len(body);
+ if (body->type == MKA_LIVE_PEER_LIST) {
+ wpa_printf(MSG_DEBUG, "*** Live Peer List ***");
+ wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
+ } else if (body->type == MKA_POTENTIAL_PEER_LIST) {
+ wpa_printf(MSG_DEBUG, "*** Potential Live Peer List ***");
+ wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
+ }
+
+ for (i = 0; i < body_len; i += MI_LEN + sizeof(mn)) {
+ mi = body->peer + i;
+ os_memcpy(&mn, mi + MI_LEN, sizeof(mn));
+ wpa_hexdump_ascii(MSG_DEBUG, "\tMember Id.....:", mi, MI_LEN);
+ wpa_printf(MSG_DEBUG, "\tMessage Number: %d", be_to_host32(mn));
+ }
+}
+
+
+/**
+ * ieee802_1x_mka_dump_dist_sak_body -
+ */
+static void
+ieee802_1x_mka_dump_dist_sak_body(struct ieee802_1x_mka_dist_sak_body *body)
+{
+ size_t body_len;
+
+ if (body == NULL)
+ return;
+
+ body_len = get_mka_param_body_len(body);
+ wpa_printf(MSG_INFO, "*** Distributed SAK ***");
+ wpa_printf(MSG_INFO, "\tDistributed AN........: %d", body->dan);
+ wpa_printf(MSG_INFO, "\tConfidentiality Offset: %d",
+ body->confid_offset);
+ wpa_printf(MSG_INFO, "\tBody Length...........: %d", (int) body_len);
+ if (!body_len)
+ return;
+
+ wpa_printf(MSG_INFO, "\tKey Number............: %d",
+ be_to_host32(body->kn));
+ wpa_hexdump(MSG_INFO, "\tAES Key Wrap of SAK...:", body->sak, 24);
+}
+
+
+static const char * yes_no(int val)
+{
+ return val ? "Yes" : "No";
+}
+
+
+/**
+ * ieee802_1x_mka_dump_sak_use_body -
+ */
+static void
+ieee802_1x_mka_dump_sak_use_body(struct ieee802_1x_mka_sak_use_body *body)
+{
+ int body_len;
+
+ if (body == NULL)
+ return;
+
+ body_len = get_mka_param_body_len(body);
+ wpa_printf(MSG_DEBUG, "*** MACsec SAK Use ***");
+ wpa_printf(MSG_DEBUG, "\tLatest Key AN....: %d", body->lan);
+ wpa_printf(MSG_DEBUG, "\tLatest Key Tx....: %s", yes_no(body->ltx));
+ wpa_printf(MSG_DEBUG, "\tLatest Key Rx....: %s", yes_no(body->lrx));
+ wpa_printf(MSG_DEBUG, "\tOld Key AN....: %d", body->oan);
+ wpa_printf(MSG_DEBUG, "\tOld Key Tx....: %s", yes_no(body->otx));
+ wpa_printf(MSG_DEBUG, "\tOld Key Rx....: %s", yes_no(body->orx));
+ wpa_printf(MSG_DEBUG, "\tPlain Key Tx....: %s", yes_no(body->ptx));
+ wpa_printf(MSG_DEBUG, "\tPlain Key Rx....: %s", yes_no(body->prx));
+ wpa_printf(MSG_DEBUG, "\tDelay Protect....: %s",
+ yes_no(body->delay_protect));
+ wpa_printf(MSG_DEBUG, "\tBody Length......: %d", body_len);
+ if (!body_len)
+ return;
+
+ wpa_hexdump(MSG_DEBUG, "\tKey Server MI....:",
+ body->lsrv_mi, sizeof(body->lsrv_mi));
+ wpa_printf(MSG_DEBUG, "\tKey Number.......: %u",
+ be_to_host32(body->lkn));
+ wpa_printf(MSG_DEBUG, "\tLowest PN........: %u",
+ be_to_host32(body->llpn));
+ wpa_hexdump_ascii(MSG_DEBUG, "\tOld Key Server MI....:",
+ body->osrv_mi, sizeof(body->osrv_mi));
+ wpa_printf(MSG_DEBUG, "\tOld Key Number.......: %u",
+ be_to_host32(body->okn));
+ wpa_printf(MSG_DEBUG, "\tOld Lowest PN........: %u",
+ be_to_host32(body->olpn));
+}
+
+
+/**
+ * ieee802_1x_kay_get_participant -
+ */
+static struct ieee802_1x_mka_participant *
+ieee802_1x_kay_get_participant(struct ieee802_1x_kay *kay, const u8 *ckn)
+{
+ struct ieee802_1x_mka_participant *participant;
+
+ dl_list_for_each(participant, &kay->participant_list,
+ struct ieee802_1x_mka_participant, list) {
+ if (os_memcmp(participant->ckn.name, ckn,
+ participant->ckn.len) == 0)
+ return participant;
+ }
+
+ wpa_printf(MSG_DEBUG, "KaY: participant is not found");
+
+ return NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_get_principal_participant -
+ */
+static struct ieee802_1x_mka_participant *
+ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay)
+{
+ struct ieee802_1x_mka_participant *participant;
+
+ dl_list_for_each(participant, &kay->participant_list,
+ struct ieee802_1x_mka_participant, list) {
+ if (participant->principal)
+ return participant;
+ }
+
+ wpa_printf(MSG_DEBUG, "KaY: principal participant is not founded");
+ return NULL;
+}
+
+
+static struct ieee802_1x_kay_peer * get_peer_mi(struct dl_list *peers,
+ const u8 *mi)
+{
+ struct ieee802_1x_kay_peer *peer;
+
+ dl_list_for_each(peer, peers, struct ieee802_1x_kay_peer, list) {
+ if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
+ return peer;
+ }
+
+ return NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_is_in_potential_peer
+ */
+static Boolean
+ieee802_1x_kay_is_in_potential_peer(
+ struct ieee802_1x_mka_participant *participant, const u8 *mi)
+{
+ return get_peer_mi(&participant->potential_peers, mi) != NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_is_in_live_peer
+ */
+static Boolean
+ieee802_1x_kay_is_in_live_peer(
+ struct ieee802_1x_mka_participant *participant, const u8 *mi)
+{
+ return get_peer_mi(&participant->live_peers, mi) != NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_is_in_peer
+ */
+static Boolean
+ieee802_1x_kay_is_in_peer(struct ieee802_1x_mka_participant *participant,
+ const u8 *mi)
+{
+ return ieee802_1x_kay_is_in_live_peer(participant, mi) ||
+ ieee802_1x_kay_is_in_potential_peer(participant, mi);
+}
+
+
+/**
+ * ieee802_1x_kay_get_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
+ const u8 *mi)
+{
+ struct ieee802_1x_kay_peer *peer;
+
+ peer = get_peer_mi(&participant->live_peers, mi);
+ if (peer)
+ return peer;
+
+ return get_peer_mi(&participant->potential_peers, mi);
+}
+
+
+/**
+ * ieee802_1x_kay_get_live_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_get_live_peer(struct ieee802_1x_mka_participant *participant,
+ const u8 *mi)
+{
+ return get_peer_mi(&participant->live_peers, mi);
+}
+
+
+/**
+ * ieee802_1x_kay_get_cipher_suite
+ */
+static struct macsec_ciphersuite *
+ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
+ u8 *cs_id)
+{
+ unsigned int i;
+
+ for (i = 0; i < CS_TABLE_SIZE; i++) {
+ if (os_memcmp(cipher_suite_tbl[i].id, cs_id, CS_ID_LEN) == 0)
+ break;
+ }
+ if (i >= CS_TABLE_SIZE)
+ return NULL;
+
+ return &cipher_suite_tbl[i];
+}
+
+
+/**
+ * ieee802_1x_kay_get_peer_sci
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_get_peer_sci(struct ieee802_1x_mka_participant *participant,
+ const struct ieee802_1x_mka_sci *sci)
+{
+ struct ieee802_1x_kay_peer *peer;
+
+ dl_list_for_each(peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list) {
+ if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
+ return peer;
+ }
+
+ dl_list_for_each(peer, &participant->potential_peers,
+ struct ieee802_1x_kay_peer, list) {
+ if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
+ return peer;
+ }
+
+ return NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_init_receive_sa -
+ */
+static struct receive_sa *
+ieee802_1x_kay_init_receive_sa(struct receive_sc *psc, u8 an, u32 lowest_pn,
+ struct data_key *key)
+{
+ struct receive_sa *psa;
+
+ if (!psc || !key)
+ return NULL;
+
+ psa = os_zalloc(sizeof(*psa));
+ if (!psa) {
+ wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+ return NULL;
+ }
+
+ psa->pkey = key;
+ psa->lowest_pn = lowest_pn;
+ psa->next_pn = lowest_pn;
+ psa->an = an;
+ psa->sc = psc;
+
+ os_get_time(&psa->created_time);
+ psa->in_use = FALSE;
+
+ dl_list_add(&psc->sa_list, &psa->list);
+ wpa_printf(MSG_DEBUG,
+ "KaY: Create receive SA(AN: %d lowest_pn: %u of SC(channel: %d)",
+ (int) an, lowest_pn, psc->channel);
+
+ return psa;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit_receive_sa -
+ */
+static void ieee802_1x_kay_deinit_receive_sa(struct receive_sa *psa)
+{
+ psa->pkey = NULL;
+ wpa_printf(MSG_DEBUG,
+ "KaY: Delete receive SA(an: %d) of SC(channel: %d)",
+ psa->an, psa->sc->channel);
+ dl_list_del(&psa->list);
+ os_free(psa);
+}
+
+
+/**
+ * ieee802_1x_kay_init_receive_sc -
+ */
+static struct receive_sc *
+ieee802_1x_kay_init_receive_sc(const struct ieee802_1x_mka_sci *psci,
+ int channel)
+{
+ struct receive_sc *psc;
+
+ if (!psci)
+ return NULL;
+
+ psc = os_zalloc(sizeof(*psc));
+ if (!psc) {
+ wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+ return NULL;
+ }
+
+ os_memcpy(&psc->sci, psci, sizeof(psc->sci));
+ psc->channel = channel;
+
+ os_get_time(&psc->created_time);
+ psc->receiving = FALSE;
+
+ dl_list_init(&psc->sa_list);
+ wpa_printf(MSG_DEBUG, "KaY: Create receive SC(channel: %d)", channel);
+ wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)psci, sizeof(*psci));
+
+ return psc;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit_receive_sc -
+ **/
+static void
+ieee802_1x_kay_deinit_receive_sc(
+ struct ieee802_1x_mka_participant *participant, struct receive_sc *psc)
+{
+ struct receive_sa *psa, *pre_sa;
+
+ wpa_printf(MSG_DEBUG, "KaY: Delete receive SC(channel: %d)",
+ psc->channel);
+ dl_list_for_each_safe(psa, pre_sa, &psc->sa_list, struct receive_sa,
+ list) {
+ secy_disable_receive_sa(participant->kay, psa);
+ ieee802_1x_kay_deinit_receive_sa(psa);
+ }
+ dl_list_del(&psc->list);
+ os_free(psc);
+}
+
+
+/**
+ * ieee802_1x_kay_create_live_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant,
+ u8 *mi, u32 mn)
+{
+ struct ieee802_1x_kay_peer *peer;
+ struct receive_sc *rxsc;
+ u32 sc_ch = 0;
+
+ peer = os_zalloc(sizeof(*peer));
+ if (peer == NULL) {
+ wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
+ return NULL;
+ }
+
+ os_memcpy(peer->mi, mi, MI_LEN);
+ peer->mn = mn;
+ peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ peer->sak_used = FALSE;
+ os_memcpy(&peer->sci, &participant->current_peer_sci,
+ sizeof(peer->sci));
+ dl_list_add(&participant->live_peers, &peer->list);
+
+ secy_get_available_receive_sc(participant->kay, &sc_ch);
+
+ rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
+ if (!rxsc)
+ return NULL;
+
+ dl_list_add(&participant->rxsc_list, &rxsc->list);
+ secy_create_receive_sc(participant->kay, rxsc);
+
+ wpa_printf(MSG_DEBUG, "KaY: Live peer created");
+ wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
+ wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+ wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
+ wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
+
+ return peer;
+}
+
+
+/**
+ * ieee802_1x_kay_create_potential_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_create_potential_peer(
+ struct ieee802_1x_mka_participant *participant, const u8 *mi, u32 mn)
+{
+ struct ieee802_1x_kay_peer *peer;
+
+ peer = os_zalloc(sizeof(*peer));
+ if (peer == NULL) {
+ wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
+ return NULL;
+ }
+
+ os_memcpy(peer->mi, mi, MI_LEN);
+ peer->mn = mn;
+ peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ peer->sak_used = FALSE;
+
+ dl_list_add(&participant->potential_peers, &peer->list);
+
+ wpa_printf(MSG_DEBUG, "KaY: potential peer created");
+ wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
+ wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+ wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
+ wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
+
+ return peer;
+}
+
+
+/**
+ * ieee802_1x_kay_move_live_peer
+ */
+static struct ieee802_1x_kay_peer *
+ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
+ u8 *mi, u32 mn)
+{
+ struct ieee802_1x_kay_peer *peer;
+ struct receive_sc *rxsc;
+ u32 sc_ch = 0;
+
+ dl_list_for_each(peer, &participant->potential_peers,
+ struct ieee802_1x_kay_peer, list) {
+ if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
+ break;
+ }
+
+ os_memcpy(&peer->sci, &participant->current_peer_sci,
+ sizeof(peer->sci));
+ peer->mn = mn;
+ peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+
+ wpa_printf(MSG_DEBUG, "KaY: move potential peer to live peer");
+ wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
+ wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+ wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
+ wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
+
+ dl_list_del(&peer->list);
+ dl_list_add_tail(&participant->live_peers, &peer->list);
+
+ secy_get_available_receive_sc(participant->kay, &sc_ch);
+
+ rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
+ if (!rxsc)
+ return NULL;
+
+ dl_list_add(&participant->rxsc_list, &rxsc->list);
+ secy_create_receive_sc(participant->kay, rxsc);
+
+ return peer;
+}
+
+
+
+/**
+ * ieee802_1x_mka_basic_body_present -
+ */
+static Boolean
+ieee802_1x_mka_basic_body_present(
+ struct ieee802_1x_mka_participant *participant)
+{
+ return TRUE;
+}
+
+
+/**
+ * ieee802_1x_mka_basic_body_length -
+ */
+static int
+ieee802_1x_mka_basic_body_length(struct ieee802_1x_mka_participant *participant)
+{
+ int length;
+
+ length = sizeof(struct ieee802_1x_mka_basic_body);
+ length += participant->ckn.len;
+ return (length + 0x3) & ~0x3;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_basic_body
+ */
+static int
+ieee802_1x_mka_encode_basic_body(
+ struct ieee802_1x_mka_participant *participant,
+ struct wpabuf *buf)
+{
+ struct ieee802_1x_mka_basic_body *body;
+ struct ieee802_1x_kay *kay = participant->kay;
+ unsigned int length = ieee802_1x_mka_basic_body_length(participant);
+
+ body = wpabuf_put(buf, length);
+
+ body->version = kay->mka_version;
+ body->priority = kay->actor_priority;
+ if (participant->is_elected)
+ body->key_server = participant->is_key_server;
+ else
+ body->key_server = participant->can_be_key_server;
+
+ body->macsec_desired = kay->macsec_desired;
+ body->macsec_capbility = kay->macsec_capable;
+ set_mka_param_body_len(body, length - MKA_HDR_LEN);
+
+ os_memcpy(body->actor_sci.addr, kay->actor_sci.addr,
+ sizeof(kay->actor_sci.addr));
+ body->actor_sci.port = host_to_be16(kay->actor_sci.port);
+
+ os_memcpy(body->actor_mi, participant->mi, sizeof(body->actor_mi));
+ participant->mn = participant->mn + 1;
+ body->actor_mn = host_to_be32(participant->mn);
+ os_memcpy(body->algo_agility, participant->kay->algo_agility,
+ sizeof(body->algo_agility));
+
+ os_memcpy(body->ckn, participant->ckn.name, participant->ckn.len);
+
+ ieee802_1x_mka_dump_basic_body(body);
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_basic_body -
+ */
+static struct ieee802_1x_mka_participant *
+ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
+ size_t msg_len)
+{
+ struct ieee802_1x_mka_participant *participant;
+ const struct ieee802_1x_mka_basic_body *body;
+ struct ieee802_1x_kay_peer *peer;
+
+ body = (const struct ieee802_1x_mka_basic_body *) mka_msg;
+
+ if (body->version > MKA_VERSION_ID) {
+ wpa_printf(MSG_DEBUG,
+ "KaY: peer's version(%d) greater than mka current version(%d)",
+ body->version, MKA_VERSION_ID);
+ }
+ if (kay->is_obliged_key_server && body->key_server) {
+ wpa_printf(MSG_DEBUG, "I must be as key server");
+ return NULL;
+ }
+
+ participant = ieee802_1x_kay_get_participant(kay, body->ckn);
+ if (!participant) {
+ wpa_printf(MSG_DEBUG, "Peer is not included in my CA");
+ return NULL;
+ }
+
+ /* If the peer's MI is my MI, I will choose new MI */
+ if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
+ os_get_random(participant->mi, sizeof(participant->mi));
+ participant->mn = 0;
+ }
+
+ os_memcpy(participant->current_peer_id.mi, body->actor_mi, MI_LEN);
+ participant->current_peer_id.mn = be_to_host32(body->actor_mn);
+ os_memcpy(participant->current_peer_sci.addr, body->actor_sci.addr,
+ sizeof(participant->current_peer_sci.addr));
+ participant->current_peer_sci.port = be_to_host16(body->actor_sci.port);
+
+ /* handler peer */
+ peer = ieee802_1x_kay_get_peer(participant, body->actor_mi);
+ if (!peer) {
+ /* Check duplicated SCI */
+ /* TODO: What policy should be applied to detect duplicated SCI
+ * is active attacker or a valid peer whose MI is be changed?
+ */
+ peer = ieee802_1x_kay_get_peer_sci(participant,
+ &body->actor_sci);
+ if (peer) {
+ wpa_printf(MSG_WARNING,
+ "KaY: duplicated SCI detected, Maybe active attacker");
+ dl_list_del(&peer->list);
+ os_free(peer);
+ }
+
+ peer = ieee802_1x_kay_create_potential_peer(
+ participant, body->actor_mi,
+ be_to_host32(body->actor_mn));
+ if (!peer)
+ return NULL;
+
+ peer->macsec_desired = body->macsec_desired;
+ peer->macsec_capbility = body->macsec_capbility;
+ peer->is_key_server = (Boolean) body->key_server;
+ peer->key_server_priority = body->priority;
+ } else if (peer->mn < be_to_host32(body->actor_mn)) {
+ peer->mn = be_to_host32(body->actor_mn);
+ peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ peer->macsec_desired = body->macsec_desired;
+ peer->macsec_capbility = body->macsec_capbility;
+ peer->is_key_server = (Boolean) body->key_server;
+ peer->key_server_priority = body->priority;
+ } else {
+ wpa_printf(MSG_WARNING, "KaY: The peer MN have received");
+ return NULL;
+ }
+
+ return participant;
+}
+
+
+/**
+ * ieee802_1x_mka_live_peer_body_present
+ */
+static Boolean
+ieee802_1x_mka_live_peer_body_present(
+ struct ieee802_1x_mka_participant *participant)
+{
+ return !dl_list_empty(&participant->live_peers);
+}
+
+
+/**
+ * ieee802_1x_kay_get_live_peer_length
+ */
+static int
+ieee802_1x_mka_get_live_peer_length(
+ struct ieee802_1x_mka_participant *participant)
+{
+ int len = MKA_HDR_LEN;
+ struct ieee802_1x_kay_peer *peer;
+
+ dl_list_for_each(peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list)
+ len += sizeof(struct ieee802_1x_mka_peer_id);
+
+ return (len + 0x3) & ~0x3;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_live_peer_body -
+ */
+static int
+ieee802_1x_mka_encode_live_peer_body(
+ struct ieee802_1x_mka_participant *participant,
+ struct wpabuf *buf)
+{
+ struct ieee802_1x_mka_peer_body *body;
+ struct ieee802_1x_kay_peer *peer;
+ unsigned int length;
+ struct ieee802_1x_mka_peer_id *body_peer;
+
+ length = ieee802_1x_mka_get_live_peer_length(participant);
+ body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
+
+ body->type = MKA_LIVE_PEER_LIST;
+ set_mka_param_body_len(body, length - MKA_HDR_LEN);
+
+ dl_list_for_each(peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list) {
+ body_peer = wpabuf_put(buf,
+ sizeof(struct ieee802_1x_mka_peer_id));
+ os_memcpy(body_peer->mi, peer->mi, MI_LEN);
+ body_peer->mn = host_to_be32(peer->mn);
+ body_peer++;
+ }
+
+ ieee802_1x_mka_dump_peer_body(body);
+ return 0;
+}
+
+/**
+ * ieee802_1x_mka_potential_peer_body_present
+ */
+static Boolean
+ieee802_1x_mka_potential_peer_body_present(
+ struct ieee802_1x_mka_participant *participant)
+{
+ return !dl_list_empty(&participant->potential_peers);
+}
+
+
+/**
+ * ieee802_1x_kay_get_potential_peer_length
+ */
+static int
+ieee802_1x_mka_get_potential_peer_length(
+ struct ieee802_1x_mka_participant *participant)
+{
+ int len = MKA_HDR_LEN;
+ struct ieee802_1x_kay_peer *peer;
+
+ dl_list_for_each(peer, &participant->potential_peers,
+ struct ieee802_1x_kay_peer, list)
+ len += sizeof(struct ieee802_1x_mka_peer_id);
+
+ return (len + 0x3) & ~0x3;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_potential_peer_body -
+ */
+static int
+ieee802_1x_mka_encode_potential_peer_body(
+ struct ieee802_1x_mka_participant *participant,
+ struct wpabuf *buf)
+{
+ struct ieee802_1x_mka_peer_body *body;
+ struct ieee802_1x_kay_peer *peer;
+ unsigned int length;
+ struct ieee802_1x_mka_peer_id *body_peer;
+
+ length = ieee802_1x_mka_get_potential_peer_length(participant);
+ body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
+
+ body->type = MKA_POTENTIAL_PEER_LIST;
+ set_mka_param_body_len(body, length - MKA_HDR_LEN);
+
+ dl_list_for_each(peer, &participant->potential_peers,
+ struct ieee802_1x_kay_peer, list) {
+ body_peer = wpabuf_put(buf,
+ sizeof(struct ieee802_1x_mka_peer_id));
+ os_memcpy(body_peer->mi, peer->mi, MI_LEN);
+ body_peer->mn = host_to_be32(peer->mn);
+ body_peer++;
+ }
+
+ ieee802_1x_mka_dump_peer_body(body);
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_i_in_peerlist -
+ */
+static Boolean
+ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
+ const u8 *mka_msg, size_t msg_len)
+{
+ Boolean included = FALSE;
+ struct ieee802_1x_mka_hdr *hdr;
+ size_t body_len;
+ size_t left_len;
+ int body_type;
+ u32 peer_mn;
+ const u8 *peer_mi;
+ const u8 *pos;
+ size_t i;
+
+ pos = mka_msg;
+ left_len = msg_len;
+ while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
+ hdr = (struct ieee802_1x_mka_hdr *) pos;
+ body_len = get_mka_param_body_len(hdr);
+ body_type = get_mka_param_body_type(hdr);
+
+ if (body_type != MKA_LIVE_PEER_LIST &&
+ body_type != MKA_POTENTIAL_PEER_LIST)
+ goto SKIP_PEER;
+
+ ieee802_1x_mka_dump_peer_body(
+ (struct ieee802_1x_mka_peer_body *)pos);
+
+ if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
+ wpa_printf(MSG_ERROR,
+ "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
+ (int) left_len, (int) MKA_HDR_LEN,
+ (int) body_len, DEFAULT_ICV_LEN);
+ goto SKIP_PEER;
+ }
+
+ if ((body_len % 16) != 0) {
+ wpa_printf(MSG_ERROR,
+ "KaY: MKA Peer Packet Body Length (%d bytes) should multiple of 16 octets",
+ (int) body_len);
+ goto SKIP_PEER;
+ }
+
+ for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
+ peer_mi = MKA_HDR_LEN + pos + i;
+ os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
+ peer_mn = be_to_host32(peer_mn);
+ if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0 &&
+ peer_mn == participant->mn) {
+ included = TRUE;
+ break;
+ }
+ }
+
+ if (included)
+ return TRUE;
+
+SKIP_PEER:
+ left_len -= body_len + MKA_HDR_LEN;
+ pos += body_len + MKA_HDR_LEN;
+ }
+
+ return FALSE;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_live_peer_body -
+ */
+static int ieee802_1x_mka_decode_live_peer_body(
+ struct ieee802_1x_mka_participant *participant,
+ const u8 *peer_msg, size_t msg_len)
+{
+ const struct ieee802_1x_mka_hdr *hdr;
+ struct ieee802_1x_kay_peer *peer;
+ size_t body_len;
+ u32 peer_mn;
+ const u8 *peer_mi;
+ size_t i;
+ Boolean is_included;
+
+ is_included = ieee802_1x_kay_is_in_live_peer(
+ participant, participant->current_peer_id.mi);
+
+ hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
+ body_len = get_mka_param_body_len(hdr);
+
+ for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
+ peer_mi = MKA_HDR_LEN + peer_msg + i;
+ os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
+ peer_mn = be_to_host32(peer_mn);
+
+ /* it is myself */
+ if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
+ /* My message id is used by other participant */
+ if (peer_mn > participant->mn) {
+ os_get_random(participant->mi,
+ sizeof(participant->mi));
+ participant->mn = 0;
+ }
+ continue;
+ }
+ if (!is_included)
+ continue;
+
+ peer = ieee802_1x_kay_get_peer(participant, peer_mi);
+ if (NULL != peer) {
+ peer->mn = peer_mn;
+ peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ } else {
+ if (!ieee802_1x_kay_create_potential_peer(
+ participant, peer_mi, peer_mn)) {
+ return -1;
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_potential_peer_body -
+ */
+static int
+ieee802_1x_mka_decode_potential_peer_body(
+ struct ieee802_1x_mka_participant *participant,
+ const u8 *peer_msg, size_t msg_len)
+{
+ struct ieee802_1x_mka_hdr *hdr;
+ size_t body_len;
+ u32 peer_mn;
+ const u8 *peer_mi;
+ size_t i;
+
+ hdr = (struct ieee802_1x_mka_hdr *) peer_msg;
+ body_len = get_mka_param_body_len(hdr);
+
+ for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
+ peer_mi = MKA_HDR_LEN + peer_msg + i;
+ os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
+ peer_mn = be_to_host32(peer_mn);
+
+ /* it is myself */
+ if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
+ /* My message id is used by other participant */
+ if (peer_mn > participant->mn) {
+ os_get_random(participant->mi,
+ sizeof(participant->mi));
+ participant->mn = 0;
+ }
+ continue;
+ }
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_sak_use_body_present
+ */
+static Boolean
+ieee802_1x_mka_sak_use_body_present(
+ struct ieee802_1x_mka_participant *participant)
+{
+ if (participant->to_use_sak)
+ return TRUE;
+ else
+ return FALSE;
+}
+
+
+/**
+ * ieee802_1x_mka_get_sak_use_length
+ */
+static int
+ieee802_1x_mka_get_sak_use_length(
+ struct ieee802_1x_mka_participant *participant)
+{
+ int length = MKA_HDR_LEN;
+
+ if (participant->kay->macsec_desired && participant->advised_desired)
+ length = sizeof(struct ieee802_1x_mka_sak_use_body);
+ else
+ length = MKA_HDR_LEN;
+
+ length = (length + 0x3) & ~0x3;
+
+ return length;
+}
+
+
+/**
+ *
+ */
+static u32
+ieee802_1x_mka_get_lpn(struct ieee802_1x_mka_participant *principal,
+ struct ieee802_1x_mka_ki *ki)
+{
+ struct receive_sa *rxsa;
+ struct receive_sc *rxsc;
+ u32 lpn = 0;
+
+ dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
+ dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
+ {
+ if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
+ secy_get_receive_lowest_pn(principal->kay,
+ rxsa);
+
+ lpn = lpn > rxsa->lowest_pn ?
+ lpn : rxsa->lowest_pn;
+ break;
+ }
+ }
+ }
+
+ if (lpn == 0)
+ lpn = 1;
+
+ return lpn;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_sak_use_body -
+ */
+static int
+ieee802_1x_mka_encode_sak_use_body(
+ struct ieee802_1x_mka_participant *participant,
+ struct wpabuf *buf)
+{
+ struct ieee802_1x_mka_sak_use_body *body;
+ unsigned int length;
+ u32 pn = 1;
+
+ length = ieee802_1x_mka_get_sak_use_length(participant);
+ body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_sak_use_body));
+
+ body->type = MKA_SAK_USE;
+ set_mka_param_body_len(body, length - MKA_HDR_LEN);
+
+ if (length == MKA_HDR_LEN) {
+ body->ptx = TRUE;
+ body->prx = TRUE;
+ body->lan = 0;
+ body->lrx = FALSE;
+ body->ltx = FALSE;
+ body->delay_protect = FALSE;
+ return 0;
+ }
+
+ /* data protect, lowest accept packet number */
+ body->delay_protect = participant->kay->macsec_replay_protect;
+ pn = ieee802_1x_mka_get_lpn(participant, &participant->lki);
+ if (pn > participant->kay->pn_exhaustion) {
+ wpa_printf(MSG_WARNING, "KaY: My LPN exhaustion");
+ if (participant->is_key_server)
+ participant->new_sak = TRUE;
+ }
+
+ body->llpn = host_to_be32(pn);
+ pn = ieee802_1x_mka_get_lpn(participant, &participant->oki);
+ body->olpn = host_to_be32(pn);
+
+ /* plain tx, plain rx */
+ if (participant->kay->macsec_protect)
+ body->ptx = FALSE;
+ else
+ body->ptx = TRUE;
+
+ if (participant->kay->macsec_validate == Strict)
+ body->prx = FALSE;
+ else
+ body->prx = TRUE;
+
+ /* latest key: rx, tx, key server member identifier key number */
+ body->lan = participant->lan;
+ os_memcpy(body->lsrv_mi, participant->lki.mi,
+ sizeof(body->lsrv_mi));
+ body->lkn = host_to_be32(participant->lki.kn);
+ body->lrx = participant->lrx;
+ body->ltx = participant->ltx;
+
+ /* old key: rx, tx, key server member identifier key number */
+ body->oan = participant->oan;
+ if (participant->oki.kn != participant->lki.kn &&
+ participant->oki.kn != 0) {
+ body->otx = TRUE;
+ body->orx = TRUE;
+ os_memcpy(body->osrv_mi, participant->oki.mi,
+ sizeof(body->osrv_mi));
+ body->okn = host_to_be32(participant->oki.kn);
+ } else {
+ body->otx = FALSE;
+ body->orx = FALSE;
+ }
+
+ /* set CP's variable */
+ if (body->ltx) {
+ if (!participant->kay->tx_enable)
+ participant->kay->tx_enable = TRUE;
+
+ if (!participant->kay->port_enable)
+ participant->kay->port_enable = TRUE;
+ }
+ if (body->lrx) {
+ if (!participant->kay->rx_enable)
+ participant->kay->rx_enable = TRUE;
+ }
+
+ ieee802_1x_mka_dump_sak_use_body(body);
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_sak_use_body -
+ */
+static int
+ieee802_1x_mka_decode_sak_use_body(
+ struct ieee802_1x_mka_participant *participant,
+ const u8 *mka_msg, size_t msg_len)
+{
+ struct ieee802_1x_mka_hdr *hdr;
+ struct ieee802_1x_mka_sak_use_body *body;
+ struct ieee802_1x_kay_peer *peer;
+ struct transmit_sa *txsa;
+ struct data_key *sa_key = NULL;
+ size_t body_len;
+ struct ieee802_1x_mka_ki ki;
+ u32 lpn;
+ Boolean all_receiving;
+ Boolean founded;
+
+ if (!participant->principal) {
+ wpa_printf(MSG_WARNING, "KaY: Participant is not principal");
+ return -1;
+ }
+ peer = ieee802_1x_kay_get_live_peer(participant,
+ participant->current_peer_id.mi);
+ if (!peer) {
+ wpa_printf(MSG_WARNING, "KaY: the peer is not my live peer");
+ return -1;
+ }
+
+ hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
+ body_len = get_mka_param_body_len(hdr);
+ body = (struct ieee802_1x_mka_sak_use_body *) mka_msg;
+ ieee802_1x_mka_dump_sak_use_body(body);
+
+ if ((body_len != 0) && (body_len < 40)) {
+ wpa_printf(MSG_ERROR,
+ "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 40, or more octets",
+ (int) body_len);
+ return -1;
+ }
+
+ /* TODO: what action should I take when peer does not support MACsec */
+ if (body_len == 0) {
+ wpa_printf(MSG_WARNING, "KaY: Peer does not support MACsec");
+ return 0;
+ }
+
+ /* TODO: when the plain tx or rx of peer is true, should I change
+ * the attribute of controlled port
+ */
+ if (body->prx)
+ wpa_printf(MSG_WARNING, "KaY: peer's plain rx are TRUE");
+
+ if (body->ptx)
+ wpa_printf(MSG_WARNING, "KaY: peer's plain tx are TRUE");
+
+ /* check latest key is valid */
+ if (body->ltx || body->lrx) {
+ founded = FALSE;
+ os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi));
+ ki.kn = ntohl(body->lkn);
+ dl_list_for_each(sa_key, &participant->sak_list,
+ struct data_key, list) {
+ if (is_ki_equal(&sa_key->key_identifier, &ki)) {
+ founded = TRUE;
+ break;
+ }
+ }
+ if (!founded) {
+ wpa_printf(MSG_WARNING, "KaY: Latest key is invalid");
+ return -1;
+ }
+ if (os_memcmp(participant->lki.mi, body->lsrv_mi,
+ sizeof(participant->lki.mi)) == 0 &&
+ ntohl(body->lkn) == participant->lki.kn &&
+ body->lan == participant->lan) {
+ peer->sak_used = TRUE;
+ }
+ if (body->ltx && peer->is_key_server) {
+ ieee802_1x_cp_set_servertransmitting(
+ participant->kay->cp, TRUE);
+ ieee802_1x_cp_sm_step(participant->kay->cp);
+ }
+ }
+
+ /* check old key is valid */
+ if (body->otx || body->orx) {
+ if (os_memcmp(participant->oki.mi, body->osrv_mi,
+ sizeof(participant->oki.mi)) != 0 ||
+ ntohl(body->okn) != participant->oki.kn ||
+ body->oan != participant->oan) {
+ wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
+ return -1;
+ }
+ }
+
+ /* TODO: how to set the MACsec hardware when delay_protect is true */
+ if (body->delay_protect && (!ntohl(body->llpn) || !ntohl(body->olpn))) {
+ wpa_printf(MSG_WARNING,
+ "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
+ return -1;
+ }
+
+ /* check all live peer have used the sak for receiving sa */
+ all_receiving = TRUE;
+ dl_list_for_each(peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list) {
+ if (!peer->sak_used) {
+ all_receiving = FALSE;
+ break;
+ }
+ }
+ if (all_receiving) {
+ participant->to_dist_sak = FALSE;
+ ieee802_1x_cp_set_allreceiving(participant->kay->cp, TRUE);
+ ieee802_1x_cp_sm_step(participant->kay->cp);
+ }
+
+ /* if i'm key server, and detects peer member pn exhaustion, rekey.*/
+ lpn = ntohl(body->llpn);
+ if (lpn > participant->kay->pn_exhaustion) {
+ if (participant->is_key_server) {
+ participant->new_sak = TRUE;
+ wpa_printf(MSG_WARNING, "KaY: Peer LPN exhaustion");
+ }
+ }
+
+ founded = FALSE;
+ dl_list_for_each(txsa, &participant->txsc->sa_list,
+ struct transmit_sa, list) {
+ if (sa_key != NULL && txsa->pkey == sa_key) {
+ founded = TRUE;
+ break;
+ }
+ }
+ if (!founded) {
+ wpa_printf(MSG_WARNING, "KaY: Can't find txsa");
+ return -1;
+ }
+
+ /* FIXME: Secy creates txsa with default npn. If MKA detected Latest Key
+ * npn is larger than txsa's npn, set it to txsa.
+ */
+ secy_get_transmit_next_pn(participant->kay, txsa);
+ if (lpn > txsa->next_pn) {
+ secy_set_transmit_next_pn(participant->kay, txsa);
+ wpa_printf(MSG_INFO, "KaY: update lpn =0x%x", lpn);
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_dist_sak_body_present
+ */
+static Boolean
+ieee802_1x_mka_dist_sak_body_present(
+ struct ieee802_1x_mka_participant *participant)
+{
+ if (!participant->to_dist_sak || !participant->new_key)
+ return FALSE;
+
+ return TRUE;
+}
+
+
+/**
+ * ieee802_1x_kay_get_dist_sak_length
+ */
+static int
+ieee802_1x_mka_get_dist_sak_length(
+ struct ieee802_1x_mka_participant *participant)
+{
+ int length;
+ int cs_index = participant->kay->macsec_csindex;
+
+ if (participant->advised_desired) {
+ length = sizeof(struct ieee802_1x_mka_dist_sak_body);
+ if (cs_index != DEFAULT_CS_INDEX)
+ length += CS_ID_LEN;
+
+ length += cipher_suite_tbl[cs_index].sak_len + 8;
+ } else {
+ length = MKA_HDR_LEN;
+ }
+ length = (length + 0x3) & ~0x3;
+
+ return length;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_dist_sak_body -
+ */
+static int
+ieee802_1x_mka_encode_dist_sak_body(
+ struct ieee802_1x_mka_participant *participant,
+ struct wpabuf *buf)
+{
+ struct ieee802_1x_mka_dist_sak_body *body;
+ struct data_key *sak;
+ unsigned int length;
+ int cs_index;
+ int sak_pos;
+
+ length = ieee802_1x_mka_get_dist_sak_length(participant);
+ body = wpabuf_put(buf, length);
+ body->type = MKA_DISTRIBUTED_SAK;
+ set_mka_param_body_len(body, length - MKA_HDR_LEN);
+ if (length == MKA_HDR_LEN) {
+ body->confid_offset = 0;
+ body->dan = 0;
+ return 0;
+ }
+
+ sak = participant->new_key;
+ body->confid_offset = sak->confidentiality_offset;
+ body->dan = sak->an;
+ body->kn = host_to_be32(sak->key_identifier.kn);
+ cs_index = participant->kay->macsec_csindex;
+ sak_pos = 0;
+ if (cs_index != DEFAULT_CS_INDEX) {
+ os_memcpy(body->sak, cipher_suite_tbl[cs_index].id, CS_ID_LEN);
+ sak_pos = CS_ID_LEN;
+ }
+ if (aes_wrap(participant->kek.key,
+ cipher_suite_tbl[cs_index].sak_len / 8,
+ sak->key, body->sak + sak_pos)) {
+ wpa_printf(MSG_ERROR, "KaY: AES wrap failed");
+ return -1;
+ }
+
+ ieee802_1x_mka_dump_dist_sak_body(body);
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_init_data_key -
+ */
+static struct data_key *
+ieee802_1x_kay_init_data_key(const struct key_conf *conf)
+{
+ struct data_key *pkey;
+
+ if (!conf)
+ return NULL;
+
+ pkey = os_zalloc(sizeof(*pkey));
+ if (pkey == NULL) {
+ wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+ return NULL;
+ }
+
+ pkey->key = os_zalloc(conf->key_len);
+ if (pkey->key == NULL) {
+ wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+ os_free(pkey);
+ return NULL;
+ }
+
+ os_memcpy(pkey->key, conf->key, conf->key_len);
+ os_memcpy(&pkey->key_identifier, &conf->ki,
+ sizeof(pkey->key_identifier));
+ pkey->confidentiality_offset = conf->offset;
+ pkey->an = conf->an;
+ pkey->transmits = conf->tx;
+ pkey->receives = conf->rx;
+ os_get_time(&pkey->created_time);
+
+ pkey->user = 1;
+
+ return pkey;
+}
+
+
+/**
+ * ieee802_1x_kay_decode_dist_sak_body -
+ */
+static int
+ieee802_1x_mka_decode_dist_sak_body(
+ struct ieee802_1x_mka_participant *participant,
+ const u8 *mka_msg, size_t msg_len)
+{
+ struct ieee802_1x_mka_hdr *hdr;
+ struct ieee802_1x_mka_dist_sak_body *body;
+ struct ieee802_1x_kay_peer *peer;
+ struct macsec_ciphersuite *cs;
+ size_t body_len;
+ struct key_conf *conf;
+ struct data_key *sa_key = NULL;
+ struct ieee802_1x_mka_ki sak_ki;
+ int sak_len;
+ u8 *wrap_sak;
+ u8 *unwrap_sak;
+
+ hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
+ body_len = get_mka_param_body_len(hdr);
+ if ((body_len != 0) && (body_len != 28) && (body_len < 36)) {
+ wpa_printf(MSG_ERROR,
+ "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 28, 36, or more octets",
+ (int) body_len);
+ return -1;
+ }
+
+ if (!participant->principal) {
+ wpa_printf(MSG_ERROR,
+ "KaY: I can't accept the distributed SAK as I am not principal");
+ return -1;
+ }
+ if (participant->is_key_server) {
+ wpa_printf(MSG_ERROR,
+ "KaY: I can't accept the distributed SAK as myself is key server ");
+ return -1;
+ }
+ if (!participant->kay->macsec_desired ||
+ participant->kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
+ wpa_printf(MSG_ERROR,
+ "KaY: I am not MACsec-desired or without MACsec capable");
+ return -1;
+ }
+
+ peer = ieee802_1x_kay_get_live_peer(participant,
+ participant->current_peer_id.mi);
+ if (!peer) {
+ wpa_printf(MSG_ERROR,
+ "KaY: The key server is not in my live peers list");
+ return -1;
+ }
+ if (os_memcmp(&participant->kay->key_server_sci,
+ &peer->sci, sizeof(struct ieee802_1x_mka_sci)) != 0) {
+ wpa_printf(MSG_ERROR, "KaY: The key server is not elected");
+ return -1;
+ }
+ if (body_len == 0) {
+ participant->kay->authenticated = TRUE;
+ participant->kay->secured = FALSE;
+ participant->kay->failed = FALSE;
+ participant->advised_desired = FALSE;
+ ieee802_1x_cp_connect_authenticated(participant->kay->cp);
+ ieee802_1x_cp_sm_step(participant->kay->cp);
+ wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
+ participant->to_use_sak = TRUE;
+ return 0;
+ }
+ participant->advised_desired = TRUE;
+ participant->kay->authenticated = FALSE;
+ participant->kay->secured = TRUE;
+ participant->kay->failed = FALSE;
+ ieee802_1x_cp_connect_secure(participant->kay->cp);
+ ieee802_1x_cp_sm_step(participant->kay->cp);
+
+ body = (struct ieee802_1x_mka_dist_sak_body *)mka_msg;
+ ieee802_1x_mka_dump_dist_sak_body(body);
+ dl_list_for_each(sa_key, &participant->sak_list, struct data_key, list)
+ {
+ if (os_memcmp(sa_key->key_identifier.mi,
+ participant->current_peer_id.mi, MI_LEN) == 0 &&
+ sa_key->key_identifier.kn == be_to_host32(body->kn)) {
+ wpa_printf(MSG_WARNING, "KaY:The Key has installed");
+ return 0;
+ }
+ }
+ if (body_len == 28) {
+ sak_len = DEFAULT_SA_KEY_LEN;
+ wrap_sak = body->sak;
+ participant->kay->macsec_csindex = DEFAULT_CS_INDEX;
+ } else {
+ cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
+ if (!cs) {
+ wpa_printf(MSG_ERROR,
+ "KaY: I can't support the Cipher Suite advised by key server");
+ return -1;
+ }
+ sak_len = cs->sak_len;
+ wrap_sak = body->sak + CS_ID_LEN;
+ participant->kay->macsec_csindex = cs->index;
+ }
+
+ unwrap_sak = os_zalloc(sak_len);
+ if (!unwrap_sak) {
+ wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+ return -1;
+ }
+ if (aes_unwrap(participant->kek.key, sak_len >> 3, wrap_sak,
+ unwrap_sak)) {
+ wpa_printf(MSG_ERROR, "KaY: AES unwrap failed");
+ os_free(unwrap_sak);
+ return -1;
+ }
+ wpa_hexdump(MSG_DEBUG, "\tAES Key Unwrap of SAK:", unwrap_sak, sak_len);
+
+ conf = os_zalloc(sizeof(*conf));
+ if (!conf) {
+ wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+ os_free(unwrap_sak);
+ return -1;
+ }
+ conf->key_len = sak_len;
+
+ conf->key = os_zalloc(conf->key_len);
+ if (!conf->key) {
+ wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+ os_free(unwrap_sak);
+ os_free(conf);
+ return -1;
+ }
+
+ os_memcpy(conf->key, unwrap_sak, conf->key_len);
+
+ os_memcpy(&sak_ki.mi, &participant->current_peer_id.mi,
+ sizeof(sak_ki.mi));
+ sak_ki.kn = be_to_host32(body->kn);
+
+ os_memcpy(conf->ki.mi, sak_ki.mi, MI_LEN);
+ conf->ki.kn = sak_ki.kn;
+ conf->an = body->dan;
+ conf->offset = body->confid_offset;
+ conf->rx = TRUE;
+ conf->tx = TRUE;
+
+ sa_key = ieee802_1x_kay_init_data_key(conf);
+ if (!sa_key) {
+ os_free(unwrap_sak);
+ os_free(conf->key);
+ os_free(conf);
+ return -1;
+ }
+
+ dl_list_add(&participant->sak_list, &sa_key->list);
+
+ ieee802_1x_cp_set_ciphersuite(
+ participant->kay->cp,
+ cipher_suite_tbl[participant->kay->macsec_csindex].id);
+ ieee802_1x_cp_sm_step(participant->kay->cp);
+ ieee802_1x_cp_set_offset(participant->kay->cp, body->confid_offset);
+ ieee802_1x_cp_sm_step(participant->kay->cp);
+ ieee802_1x_cp_set_distributedki(participant->kay->cp, &sak_ki);
+ ieee802_1x_cp_set_distributedan(participant->kay->cp, body->dan);
+ ieee802_1x_cp_signal_newsak(participant->kay->cp);
+ ieee802_1x_cp_sm_step(participant->kay->cp);
+
+ participant->to_use_sak = TRUE;
+
+ os_free(unwrap_sak);
+ os_free(conf->key);
+ os_free(conf);
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_icv_body_present
+ */
+static Boolean
+ieee802_1x_mka_icv_body_present(struct ieee802_1x_mka_participant *participant)
+{
+ return TRUE;
+}
+
+
+/**
+ * ieee802_1x_kay_get_icv_length
+ */
+static int
+ieee802_1x_mka_get_icv_length(struct ieee802_1x_mka_participant *participant)
+{
+ int length;
+
+ length = sizeof(struct ieee802_1x_mka_icv_body);
+ length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
+
+ return (length + 0x3) & ~0x3;
+}
+
+
+/**
+ * ieee802_1x_mka_encode_icv_body -
+ */
+static int
+ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
+ struct wpabuf *buf)
+{
+ struct ieee802_1x_mka_icv_body *body;
+ unsigned int length;
+ u8 cmac[MAX_ICV_LEN];
+
+ length = ieee802_1x_mka_get_icv_length(participant);
+ if (length != DEFAULT_ICV_LEN) {
+ body = wpabuf_put(buf, MKA_HDR_LEN);
+ body->type = MKA_ICV_INDICATOR;
+ set_mka_param_body_len(body, length - MKA_HDR_LEN);
+ }
+
+ if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
+ participant->ick.key, wpabuf_head(buf), buf->used, cmac)) {
+ wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
+ return -1;
+ }
+
+ if (length != DEFAULT_ICV_LEN) {
+ os_memcpy(wpabuf_put(buf, length - MKA_HDR_LEN), cmac,
+ length - MKA_HDR_LEN);
+ } else {
+ os_memcpy(wpabuf_put(buf, length), cmac, length);
+ }
+
+ return 0;
+}
+
+/**
+ * ieee802_1x_mka_decode_icv_body -
+ */
+static u8 *
+ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
+ const u8 *mka_msg, size_t msg_len)
+{
+ struct ieee802_1x_mka_hdr *hdr;
+ struct ieee802_1x_mka_icv_body *body;
+ size_t body_len;
+ size_t left_len;
+ int body_type;
+ const u8 *pos;
+
+ pos = mka_msg;
+ left_len = msg_len;
+ while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
+ hdr = (struct ieee802_1x_mka_hdr *) pos;
+ body_len = get_mka_param_body_len(hdr);
+ body_type = get_mka_param_body_type(hdr);
+
+ if (left_len < (body_len + MKA_HDR_LEN))
+ break;
+
+ if (body_type != MKA_ICV_INDICATOR) {
+ left_len -= MKA_HDR_LEN + body_len;
+ pos += MKA_HDR_LEN + body_len;
+ continue;
+ }
+
+ body = (struct ieee802_1x_mka_icv_body *)pos;
+ if (body_len
+ < mka_alg_tbl[participant->kay->mka_algindex].icv_len) {
+ return NULL;
+ }
+
+ return body->icv;
+ }
+
+ return (u8 *) (mka_msg + msg_len - DEFAULT_ICV_LEN);
+}
+
+
+/**
+ * ieee802_1x_mka_decode_dist_cak_body-
+ */
+static int
+ieee802_1x_mka_decode_dist_cak_body(
+ struct ieee802_1x_mka_participant *participant,
+ const u8 *mka_msg, size_t msg_len)
+{
+ struct ieee802_1x_mka_hdr *hdr;
+ size_t body_len;
+
+ hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
+ body_len = get_mka_param_body_len(hdr);
+ if (body_len < 28) {
+ wpa_printf(MSG_ERROR,
+ "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 28 or more octets",
+ (int) body_len);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_kmd_body -
+ */
+static int
+ieee802_1x_mka_decode_kmd_body(
+ struct ieee802_1x_mka_participant *participant,
+ const u8 *mka_msg, size_t msg_len)
+{
+ struct ieee802_1x_mka_hdr *hdr;
+ size_t body_len;
+
+ hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
+ body_len = get_mka_param_body_len(hdr);
+ if (body_len < 5) {
+ wpa_printf(MSG_ERROR,
+ "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 5 or more octets",
+ (int) body_len);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_mka_decode_announce_body -
+ */
+static int ieee802_1x_mka_decode_announce_body(
+ struct ieee802_1x_mka_participant *participant,
+ const u8 *mka_msg, size_t msg_len)
+{
+ return 0;
+}
+
+
+static struct mka_param_body_handler mak_body_handler[] = {
+ /* basic parameter set */
+ {
+ ieee802_1x_mka_encode_basic_body,
+ NULL,
+ ieee802_1x_mka_basic_body_length,
+ ieee802_1x_mka_basic_body_present
+ },
+
+ /* live peer list parameter set */
+ {
+ ieee802_1x_mka_encode_live_peer_body,
+ ieee802_1x_mka_decode_live_peer_body,
+ ieee802_1x_mka_get_live_peer_length,
+ ieee802_1x_mka_live_peer_body_present
+ },
+
+ /* potential peer list parameter set */
+ {
+ ieee802_1x_mka_encode_potential_peer_body,
+ ieee802_1x_mka_decode_potential_peer_body,
+ ieee802_1x_mka_get_potential_peer_length,
+ ieee802_1x_mka_potential_peer_body_present
+ },
+
+ /* sak use parameter set */
+ {
+ ieee802_1x_mka_encode_sak_use_body,
+ ieee802_1x_mka_decode_sak_use_body,
+ ieee802_1x_mka_get_sak_use_length,
+ ieee802_1x_mka_sak_use_body_present
+ },
+
+ /* distribute sak parameter set */
+ {
+ ieee802_1x_mka_encode_dist_sak_body,
+ ieee802_1x_mka_decode_dist_sak_body,
+ ieee802_1x_mka_get_dist_sak_length,
+ ieee802_1x_mka_dist_sak_body_present
+ },
+
+ /* distribute cak parameter set */
+ {
+ NULL,
+ ieee802_1x_mka_decode_dist_cak_body,
+ NULL,
+ NULL
+ },
+
+ /* kmd parameter set */
+ {
+ NULL,
+ ieee802_1x_mka_decode_kmd_body,
+ NULL,
+ NULL
+ },
+
+ /* announce parameter set */
+ {
+ NULL,
+ ieee802_1x_mka_decode_announce_body,
+ NULL,
+ NULL
+ },
+
+ /* icv parameter set */
+ {
+ ieee802_1x_mka_encode_icv_body,
+ NULL,
+ ieee802_1x_mka_get_icv_length,
+ ieee802_1x_mka_icv_body_present
+ },
+};
+
+
+/**
+ * ieee802_1x_kay_deinit_data_key -
+ */
+void ieee802_1x_kay_deinit_data_key(struct data_key *pkey)
+{
+ if (!pkey)
+ return;
+
+ pkey->user--;
+ if (pkey->user > 1)
+ return;
+
+ dl_list_del(&pkey->list);
+ os_free(pkey->key);
+ os_free(pkey);
+}
+
+
+/**
+ * ieee802_1x_kay_generate_new_sak -
+ */
+static int
+ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
+{
+ struct data_key *sa_key = NULL;
+ struct key_conf *conf;
+ struct ieee802_1x_kay_peer *peer;
+ struct ieee802_1x_kay *kay = participant->kay;
+ int ctx_len, ctx_offset;
+ u8 *context;
+
+ /* check condition for generating a fresh SAK:
+ * must have one live peer
+ * and MKA life time elapse since last distribution
+ * or potential peer is empty
+ */
+ if (dl_list_empty(&participant->live_peers)) {
+ wpa_printf(MSG_ERROR,
+ "KaY: Live peers list must not empty when generating fresh SAK");
+ return -1;
+ }
+
+ /* FIXME: A fresh SAK not generated until
+ * the live peer list contains at least one peer and
+ * MKA life time has elapsed since the prior SAK was first distributed,
+ * or the Key server's potential peer is empty
+ * but I can't understand the second item, so
+ * here only check first item and ingore
+ * && (!dl_list_empty(&participant->potential_peers))) {
+ */
+ if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
+ wpa_printf(MSG_ERROR,
+ "KaY: Life time have not elapsed since prior SAK distributed");
+ return -1;
+ }
+
+ conf = os_zalloc(sizeof(*conf));
+ if (!conf) {
+ wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+ return -1;
+ }
+ conf->key_len = cipher_suite_tbl[kay->macsec_csindex].sak_len;
+
+ conf->key = os_zalloc(conf->key_len);
+ if (!conf->key) {
+ os_free(conf);
+ wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
+ return -1;
+ }
+
+ ctx_len = conf->key_len + sizeof(kay->dist_kn);
+ dl_list_for_each(peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list)
+ ctx_len += sizeof(peer->mi);
+ ctx_len += sizeof(participant->mi);
+
+ context = os_zalloc(ctx_len);
+ if (!context) {
+ os_free(conf->key);
+ os_free(conf);
+ return -1;
+ }
+ ctx_offset = 0;
+ os_get_random(context + ctx_offset, conf->key_len);
+ ctx_offset += conf->key_len;
+ dl_list_for_each(peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list) {
+ os_memcpy(context + ctx_offset, peer->mi, sizeof(peer->mi));
+ ctx_offset += sizeof(peer->mi);
+ }
+ os_memcpy(context + ctx_offset, participant->mi,
+ sizeof(participant->mi));
+ ctx_offset += sizeof(participant->mi);
+ os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
+
+ if (conf->key_len == 16) {
+ ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
+ context, ctx_len, conf->key);
+ } else if (conf->key_len == 32) {
+ ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
+ context, ctx_len, conf->key);
+ } else {
+ wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
+ os_free(conf->key);
+ os_free(conf);
+ os_free(context);
+ return -1;
+ }
+ wpa_hexdump(MSG_DEBUG, "KaY: generated new SAK",
+ conf->key, conf->key_len);
+
+ os_memcpy(conf->ki.mi, participant->mi, MI_LEN);
+ conf->ki.kn = participant->kay->dist_kn;
+ conf->an = participant->kay->dist_an;
+ conf->offset = kay->macsec_confidentiality;
+ conf->rx = TRUE;
+ conf->tx = TRUE;
+
+ sa_key = ieee802_1x_kay_init_data_key(conf);
+ if (!sa_key) {
+ os_free(conf->key);
+ os_free(conf);
+ os_free(context);
+ return -1;
+ }
+ participant->new_key = sa_key;
+
+ dl_list_add(&participant->sak_list, &sa_key->list);
+ ieee802_1x_cp_set_ciphersuite(participant->kay->cp,
+ cipher_suite_tbl[kay->macsec_csindex].id);
+ ieee802_1x_cp_sm_step(kay->cp);
+ ieee802_1x_cp_set_offset(kay->cp, conf->offset);
+ ieee802_1x_cp_sm_step(kay->cp);
+ ieee802_1x_cp_set_distributedki(kay->cp, &conf->ki);
+ ieee802_1x_cp_set_distributedan(kay->cp, conf->an);
+ ieee802_1x_cp_signal_newsak(kay->cp);
+ ieee802_1x_cp_sm_step(kay->cp);
+
+ dl_list_for_each(peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list)
+ peer->sak_used = FALSE;
+
+ participant->kay->dist_kn++;
+ participant->kay->dist_an++;
+ if (participant->kay->dist_an > 3)
+ participant->kay->dist_an = 0;
+
+ participant->kay->dist_time = time(NULL);
+
+ os_free(conf->key);
+ os_free(conf);
+ os_free(context);
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_elect_key_server - elect the key server
+ * when to elect: whenever the live peers list changes
+ */
+static int
+ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
+{
+ struct ieee802_1x_kay_peer *peer;
+ struct ieee802_1x_kay_peer *key_server = NULL;
+ struct ieee802_1x_kay *kay = participant->kay;
+ Boolean i_is_key_server;
+ int i;
+
+ if (participant->is_obliged_key_server) {
+ participant->new_sak = TRUE;
+ participant->to_dist_sak = FALSE;
+ ieee802_1x_cp_set_electedself(kay->cp, TRUE);
+ return 0;
+ }
+
+ /* elect the key server among the peers */
+ dl_list_for_each(peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list) {
+ if (!peer->is_key_server)
+ continue;
+
+ if (!key_server) {
+ key_server = peer;
+ continue;
+ }
+
+ if (peer->key_server_priority <
+ key_server->key_server_priority) {
+ key_server = peer;
+ } else if (peer->key_server_priority ==
+ key_server->key_server_priority) {
+ for (i = 0; i < 6; i++) {
+ if (peer->sci.addr[i] <
+ key_server->sci.addr[i])
+ key_server = peer;
+ }
+ }
+ }
+
+ /* elect the key server between me and the above elected peer */
+ i_is_key_server = FALSE;
+ if (key_server && participant->can_be_key_server) {
+ if (kay->actor_priority
+ < key_server->key_server_priority) {
+ i_is_key_server = TRUE;
+ } else if (kay->actor_priority
+ == key_server->key_server_priority) {
+ for (i = 0; i < 6; i++) {
+ if (kay->actor_sci.addr[i]
+ < key_server->sci.addr[i]) {
+ i_is_key_server = TRUE;
+ }
+ }
+ }
+ }
+
+ if (!key_server && !i_is_key_server) {
+ participant->principal = FALSE;
+ participant->is_key_server = FALSE;
+ participant->is_elected = FALSE;
+ return 0;
+ }
+
+ if (i_is_key_server) {
+ ieee802_1x_cp_set_electedself(kay->cp, TRUE);
+ if (os_memcmp(&kay->key_server_sci, &kay->actor_sci,
+ sizeof(kay->key_server_sci))) {
+ ieee802_1x_cp_signal_chgdserver(kay->cp);
+ ieee802_1x_cp_sm_step(kay->cp);
+ }
+
+ participant->is_key_server = TRUE;
+ participant->principal = TRUE;
+ participant->new_sak = TRUE;
+ wpa_printf(MSG_DEBUG, "KaY: I is elected as key server");
+ participant->to_dist_sak = FALSE;
+ participant->is_elected = TRUE;
+
+ os_memcpy(&kay->key_server_sci, &kay->actor_sci,
+ sizeof(kay->key_server_sci));
+ kay->key_server_priority = kay->actor_priority;
+ }
+
+ if (key_server) {
+ ieee802_1x_cp_set_electedself(kay->cp, FALSE);
+ if (os_memcmp(&kay->key_server_sci, &key_server->sci,
+ sizeof(kay->key_server_sci))) {
+ ieee802_1x_cp_signal_chgdserver(kay->cp);
+ ieee802_1x_cp_sm_step(kay->cp);
+ }
+
+ participant->is_key_server = FALSE;
+ participant->principal = TRUE;
+ participant->is_elected = TRUE;
+
+ os_memcpy(&kay->key_server_sci, &key_server->sci,
+ sizeof(kay->key_server_sci));
+ kay->key_server_priority = key_server->key_server_priority;
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_decide_macsec_use - the key server determinate
+ * how to use MACsec: whether use MACsec and its capability
+ * protectFrames will be advised if the key server and one of its live peers are
+ * MACsec capable and one of those request MACsec protection
+ */
+static int
+ieee802_1x_kay_decide_macsec_use(
+ struct ieee802_1x_mka_participant *participant)
+{
+ struct ieee802_1x_kay *kay = participant->kay;
+ struct ieee802_1x_kay_peer *peer;
+ enum macsec_cap less_capability;
+ Boolean has_peer;
+
+ if (!participant->is_key_server)
+ return -1;
+
+ /* key server self is MACsec-desired and requesting MACsec */
+ if (!kay->macsec_desired) {
+ participant->advised_desired = FALSE;
+ return -1;
+ }
+ if (kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
+ participant->advised_desired = FALSE;
+ return -1;
+ }
+ less_capability = kay->macsec_capable;
+
+ /* at least one of peers is MACsec-desired and requesting MACsec */
+ has_peer = FALSE;
+ dl_list_for_each(peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list) {
+ if (!peer->macsec_desired)
+ continue;
+
+ if (peer->macsec_capbility == MACSEC_CAP_NOT_IMPLEMENTED)
+ continue;
+
+ less_capability = (less_capability < peer->macsec_capbility) ?
+ less_capability : peer->macsec_capbility;
+ has_peer = TRUE;
+ }
+
+ if (has_peer) {
+ participant->advised_desired = TRUE;
+ participant->advised_capability = less_capability;
+ kay->authenticated = FALSE;
+ kay->secured = TRUE;
+ kay->failed = FALSE;
+ ieee802_1x_cp_connect_secure(kay->cp);
+ ieee802_1x_cp_sm_step(kay->cp);
+ } else {
+ participant->advised_desired = FALSE;
+ participant->advised_capability = MACSEC_CAP_NOT_IMPLEMENTED;
+ participant->to_use_sak = FALSE;
+ kay->authenticated = TRUE;
+ kay->secured = FALSE;
+ kay->failed = FALSE;
+ kay->ltx_kn = 0;
+ kay->ltx_an = 0;
+ kay->lrx_kn = 0;
+ kay->lrx_an = 0;
+ kay->otx_kn = 0;
+ kay->otx_an = 0;
+ kay->orx_kn = 0;
+ kay->orx_an = 0;
+ ieee802_1x_cp_connect_authenticated(kay->cp);
+ ieee802_1x_cp_sm_step(kay->cp);
+ }
+
+ return 0;
+}
+
+static const u8 pae_group_addr[ETH_ALEN] = {
+ 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03
+};
+
+
+/**
+ * ieee802_1x_kay_encode_mkpdu -
+ */
+static int
+ieee802_1x_kay_encode_mkpdu(struct ieee802_1x_mka_participant *participant,
+ struct wpabuf *pbuf)
+{
+ unsigned int i;
+ struct ieee8023_hdr *ether_hdr;
+ struct ieee802_1x_hdr *eapol_hdr;
+
+ ether_hdr = wpabuf_put(pbuf, sizeof(*ether_hdr));
+ os_memcpy(ether_hdr->dest, pae_group_addr, sizeof(ether_hdr->dest));
+ os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr,
+ sizeof(ether_hdr->dest));
+ ether_hdr->ethertype = host_to_be16(ETH_P_EAPOL);
+
+ eapol_hdr = wpabuf_put(pbuf, sizeof(*eapol_hdr));
+ eapol_hdr->version = EAPOL_VERSION;
+ eapol_hdr->type = IEEE802_1X_TYPE_EAPOL_MKA;
+ eapol_hdr->length = host_to_be16(pbuf->size - pbuf->used);
+
+ for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
+ if (mak_body_handler[i].body_present &&
+ mak_body_handler[i].body_present(participant)) {
+ if (mak_body_handler[i].body_tx(participant, pbuf))
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+/**
+ * ieee802_1x_participant_send_mkpdu -
+ */
+static int
+ieee802_1x_participant_send_mkpdu(
+ struct ieee802_1x_mka_participant *participant)
+{
+ struct wpabuf *buf;
+ struct ieee802_1x_kay *kay = participant->kay;
+ size_t length = 0;
+ unsigned int i;
+
+ wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU");
+ length += sizeof(struct ieee802_1x_hdr) + sizeof(struct ieee8023_hdr);
+ for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
+ if (mak_body_handler[i].body_present &&
+ mak_body_handler[i].body_present(participant))
+ length += mak_body_handler[i].body_length(participant);
+ }
+
+ buf = wpabuf_alloc(length);
+ if (!buf) {
+ wpa_printf(MSG_ERROR, "KaY: out of memory");
+ return -1;
+ }
+
+ if (ieee802_1x_kay_encode_mkpdu(participant, buf)) {
+ wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail!");
+ return -1;
+ }
+
+ l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf));
+ wpabuf_free(buf);
+
+ kay->active = TRUE;
+ participant->active = TRUE;
+
+ return 0;
+}
+
+
+static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa);
+/**
+ * ieee802_1x_participant_timer -
+ */
+static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
+{
+ struct ieee802_1x_mka_participant *participant;
+ struct ieee802_1x_kay *kay;
+ struct ieee802_1x_kay_peer *peer, *pre_peer;
+ time_t now = time(NULL);
+ Boolean lp_changed;
+ struct receive_sc *rxsc, *pre_rxsc;
+ struct transmit_sa *txsa, *pre_txsa;
+
+ participant = (struct ieee802_1x_mka_participant *)eloop_ctx;
+ kay = participant->kay;
+ if (participant->cak_life) {
+ if (now > participant->cak_life) {
+ kay->authenticated = FALSE;
+ kay->secured = FALSE;
+ kay->failed = TRUE;
+ ieee802_1x_kay_delete_mka(kay, &participant->ckn);
+ return;
+ }
+ }
+
+ /* should delete MKA instance if there are not live peers
+ * when the MKA life elapsed since its creating */
+ if (participant->mka_life) {
+ if (dl_list_empty(&participant->live_peers)) {
+ if (now > participant->mka_life) {
+ kay->authenticated = FALSE;
+ kay->secured = FALSE;
+ kay->failed = TRUE;
+ ieee802_1x_kay_delete_mka(kay,
+ &participant->ckn);
+ return;
+ }
+ } else {
+ participant->mka_life = 0;
+ }
+ }
+
+ lp_changed = FALSE;
+ dl_list_for_each_safe(peer, pre_peer, &participant->live_peers,
+ struct ieee802_1x_kay_peer, list) {
+ if (now > peer->expire) {
+ wpa_printf(MSG_DEBUG, "KaY: Live peer removed");
+ wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
+ sizeof(peer->mi));
+ wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+ dl_list_for_each_safe(rxsc, pre_rxsc,
+ &participant->rxsc_list,
+ struct receive_sc, list) {
+ if (os_memcmp(&rxsc->sci, &peer->sci,
+ sizeof(rxsc->sci)) == 0) {
+ secy_delete_receive_sc(kay, rxsc);
+ ieee802_1x_kay_deinit_receive_sc(
+ participant, rxsc);
+ }
+ }
+ dl_list_del(&peer->list);
+ os_free(peer);
+ lp_changed = TRUE;
+ }
+ }
+
+ if (lp_changed) {
+ if (dl_list_empty(&participant->live_peers)) {
+ participant->advised_desired = FALSE;
+ participant->advised_capability =
+ MACSEC_CAP_NOT_IMPLEMENTED;
+ participant->to_use_sak = FALSE;
+ kay->authenticated = TRUE;
+ kay->secured = FALSE;
+ kay->failed = FALSE;
+ kay->ltx_kn = 0;
+ kay->ltx_an = 0;
+ kay->lrx_kn = 0;
+ kay->lrx_an = 0;
+ kay->otx_kn = 0;
+ kay->otx_an = 0;
+ kay->orx_kn = 0;
+ kay->orx_an = 0;
+ dl_list_for_each_safe(txsa, pre_txsa,
+ &participant->txsc->sa_list,
+ struct transmit_sa, list) {
+ secy_disable_transmit_sa(kay, txsa);
+ ieee802_1x_kay_deinit_transmit_sa(txsa);
+ }
+
+ ieee802_1x_cp_connect_authenticated(kay->cp);
+ ieee802_1x_cp_sm_step(kay->cp);
+ } else {
+ ieee802_1x_kay_elect_key_server(participant);
+ ieee802_1x_kay_decide_macsec_use(participant);
+ }
+ }
+
+ dl_list_for_each_safe(peer, pre_peer, &participant->potential_peers,
+ struct ieee802_1x_kay_peer, list) {
+ if (now > peer->expire) {
+ wpa_printf(MSG_DEBUG, "KaY: Potential peer removed");
+ wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
+ sizeof(peer->mi));
+ wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
+ dl_list_del(&peer->list);
+ os_free(peer);
+ }
+ }
+
+ if (participant->new_sak) {
+ if (!ieee802_1x_kay_generate_new_sak(participant))
+ participant->to_dist_sak = TRUE;
+
+ participant->new_sak = FALSE;
+ }
+
+ if (participant->retry_count < MAX_RETRY_CNT) {
+ ieee802_1x_participant_send_mkpdu(participant);
+ participant->retry_count++;
+ }
+
+ eloop_register_timeout(MKA_HELLO_TIME / 1000, 0,
+ ieee802_1x_participant_timer,
+ participant, NULL);
+}
+
+
+/**
+ * ieee802_1x_kay_init_transmit_sa -
+ */
+static struct transmit_sa *
+ieee802_1x_kay_init_transmit_sa(struct transmit_sc *psc, u8 an, u32 next_PN,
+ struct data_key *key)
+{
+ struct transmit_sa *psa;
+
+ key->tx_latest = TRUE;
+ key->rx_latest = TRUE;
+
+ psa = os_zalloc(sizeof(*psa));
+ if (!psa) {
+ wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+ return NULL;
+ }
+
+ if (key->confidentiality_offset >= CONFIDENTIALITY_OFFSET_0 &&
+ key->confidentiality_offset <= CONFIDENTIALITY_OFFSET_50)
+ psa->confidentiality = TRUE;
+ else
+ psa->confidentiality = FALSE;
+
+ psa->an = an;
+ psa->pkey = key;
+ psa->next_pn = next_PN;
+ psa->sc = psc;
+
+ os_get_time(&psa->created_time);
+ psa->in_use = FALSE;
+
+ dl_list_add(&psc->sa_list, &psa->list);
+ wpa_printf(MSG_DEBUG,
+ "KaY: Create transmit SA(an: %d, next_PN: %u) of SC(channel: %d)",
+ (int) an, next_PN, psc->channel);
+
+ return psa;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit_transmit_sa -
+ */
+static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa)
+{
+ psa->pkey = NULL;
+ wpa_printf(MSG_DEBUG,
+ "KaY: Delete transmit SA(an: %d) of SC(channel: %d)",
+ psa->an, psa->sc->channel);
+ dl_list_del(&psa->list);
+ os_free(psa);
+}
+
+
+/**
+ * init_transmit_sc -
+ */
+static struct transmit_sc *
+ieee802_1x_kay_init_transmit_sc(const struct ieee802_1x_mka_sci *sci,
+ int channel)
+{
+ struct transmit_sc *psc;
+
+ psc = os_zalloc(sizeof(*psc));
+ if (!psc) {
+ wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
+ return NULL;
+ }
+ os_memcpy(&psc->sci, sci, sizeof(psc->sci));
+ psc->channel = channel;
+
+ os_get_time(&psc->created_time);
+ psc->transmitting = FALSE;
+ psc->encoding_sa = FALSE;
+ psc->enciphering_sa = FALSE;
+
+ dl_list_init(&psc->sa_list);
+ wpa_printf(MSG_DEBUG, "KaY: Create transmit SC(channel: %d)", channel);
+ wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)sci , sizeof(*sci));
+
+ return psc;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit_transmit_sc -
+ */
+static void
+ieee802_1x_kay_deinit_transmit_sc(
+ struct ieee802_1x_mka_participant *participant, struct transmit_sc *psc)
+{
+ struct transmit_sa *psa, *tmp;
+
+ wpa_printf(MSG_DEBUG, "KaY: Delete transmit SC(channel: %d)",
+ psc->channel);
+ dl_list_for_each_safe(psa, tmp, &psc->sa_list, struct transmit_sa,
+ list) {
+ secy_disable_transmit_sa(participant->kay, psa);
+ ieee802_1x_kay_deinit_transmit_sa(psa);
+ }
+
+ os_free(psc);
+}
+
+
+/****************** Interface between CP and KAY *********************/
+/**
+ * ieee802_1x_kay_set_latest_sa_attr -
+ */
+int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *lki, u8 lan,
+ Boolean ltx, Boolean lrx)
+{
+ struct ieee802_1x_mka_participant *principal;
+
+ principal = ieee802_1x_kay_get_principal_participant(kay);
+ if (!principal)
+ return -1;
+
+ if (!lki)
+ os_memset(&principal->lki, 0, sizeof(principal->lki));
+ else
+ os_memcpy(&principal->lki, lki, sizeof(principal->lki));
+
+ principal->lan = lan;
+ principal->ltx = ltx;
+ principal->lrx = lrx;
+ if (!lki) {
+ kay->ltx_kn = 0;
+ kay->lrx_kn = 0;
+ } else {
+ kay->ltx_kn = lki->kn;
+ kay->lrx_kn = lki->kn;
+ }
+ kay->ltx_an = lan;
+ kay->lrx_an = lan;
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_set_old_sa_attr -
+ */
+int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *oki,
+ u8 oan, Boolean otx, Boolean orx)
+{
+ struct ieee802_1x_mka_participant *principal;
+
+ principal = ieee802_1x_kay_get_principal_participant(kay);
+ if (!principal)
+ return -1;
+
+ if (!oki)
+ os_memset(&principal->oki, 0, sizeof(principal->oki));
+ else
+ os_memcpy(&principal->oki, oki, sizeof(principal->oki));
+
+ principal->oan = oan;
+ principal->otx = otx;
+ principal->orx = orx;
+
+ if (!oki) {
+ kay->otx_kn = 0;
+ kay->orx_kn = 0;
+ } else {
+ kay->otx_kn = oki->kn;
+ kay->orx_kn = oki->kn;
+ }
+ kay->otx_an = oan;
+ kay->orx_an = oan;
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_create_sas -
+ */
+int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *lki)
+{
+ struct data_key *sa_key, *latest_sak;
+ struct ieee802_1x_mka_participant *principal;
+ struct receive_sc *rxsc;
+ struct receive_sa *rxsa;
+ struct transmit_sa *txsa;
+
+ principal = ieee802_1x_kay_get_principal_participant(kay);
+ if (!principal)
+ return -1;
+
+ latest_sak = NULL;
+ dl_list_for_each(sa_key, &principal->sak_list, struct data_key, list) {
+ if (is_ki_equal(&sa_key->key_identifier, lki)) {
+ sa_key->rx_latest = TRUE;
+ sa_key->tx_latest = TRUE;
+ latest_sak = sa_key;
+ principal->to_use_sak = TRUE;
+ } else {
+ sa_key->rx_latest = FALSE;
+ sa_key->tx_latest = FALSE;
+ }
+ }
+ if (!latest_sak) {
+ wpa_printf(MSG_ERROR, "lki related sak not found");
+ return -1;
+ }
+
+ dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
+ rxsa = ieee802_1x_kay_init_receive_sa(rxsc, latest_sak->an, 1,
+ latest_sak);
+ if (!rxsa)
+ return -1;
+
+ secy_create_receive_sa(kay, rxsa);
+ }
+
+ txsa = ieee802_1x_kay_init_transmit_sa(principal->txsc, latest_sak->an,
+ 1, latest_sak);
+ if (!txsa)
+ return -1;
+
+ secy_create_transmit_sa(kay, txsa);
+
+
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_delete_sas -
+ */
+int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *ki)
+{
+ struct data_key *sa_key, *pre_key;
+ struct transmit_sa *txsa, *pre_txsa;
+ struct receive_sa *rxsa, *pre_rxsa;
+ struct receive_sc *rxsc;
+ struct ieee802_1x_mka_participant *principal;
+
+ wpa_printf(MSG_DEBUG, "KaY: Entry into %s", __func__);
+ principal = ieee802_1x_kay_get_principal_participant(kay);
+ if (!principal)
+ return -1;
+
+ /* remove the transmit sa */
+ dl_list_for_each_safe(txsa, pre_txsa, &principal->txsc->sa_list,
+ struct transmit_sa, list) {
+ if (is_ki_equal(&txsa->pkey->key_identifier, ki)) {
+ secy_disable_transmit_sa(kay, txsa);
+ ieee802_1x_kay_deinit_transmit_sa(txsa);
+ }
+ }
+
+ /* remove the receive sa */
+ dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
+ dl_list_for_each_safe(rxsa, pre_rxsa, &rxsc->sa_list,
+ struct receive_sa, list) {
+ if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
+ secy_disable_receive_sa(kay, rxsa);
+ ieee802_1x_kay_deinit_receive_sa(rxsa);
+ }
+ }
+ }
+
+ /* remove the sak */
+ dl_list_for_each_safe(sa_key, pre_key, &principal->sak_list,
+ struct data_key, list) {
+ if (is_ki_equal(&sa_key->key_identifier, ki)) {
+ ieee802_1x_kay_deinit_data_key(sa_key);
+ break;
+ }
+ if (principal->new_key == sa_key)
+ principal->new_key = NULL;
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_enable_tx_sas -
+ */
+int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *lki)
+{
+ struct ieee802_1x_mka_participant *principal;
+ struct transmit_sa *txsa;
+
+ principal = ieee802_1x_kay_get_principal_participant(kay);
+ if (!principal)
+ return -1;
+
+ dl_list_for_each(txsa, &principal->txsc->sa_list, struct transmit_sa,
+ list) {
+ if (is_ki_equal(&txsa->pkey->key_identifier, lki)) {
+ txsa->in_use = TRUE;
+ secy_enable_transmit_sa(kay, txsa);
+ ieee802_1x_cp_set_usingtransmitas(
+ principal->kay->cp, TRUE);
+ ieee802_1x_cp_sm_step(principal->kay->cp);
+ }
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_enable_rx_sas -
+ */
+int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *lki)
+{
+ struct ieee802_1x_mka_participant *principal;
+ struct receive_sa *rxsa;
+ struct receive_sc *rxsc;
+
+ principal = ieee802_1x_kay_get_principal_participant(kay);
+ if (!principal)
+ return -1;
+
+ dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
+ dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
+ {
+ if (is_ki_equal(&rxsa->pkey->key_identifier, lki)) {
+ rxsa->in_use = TRUE;
+ secy_enable_receive_sa(kay, rxsa);
+ ieee802_1x_cp_set_usingreceivesas(
+ principal->kay->cp, TRUE);
+ ieee802_1x_cp_sm_step(principal->kay->cp);
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_enable_new_info -
+ */
+int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
+{
+ struct ieee802_1x_mka_participant *principal;
+
+ principal = ieee802_1x_kay_get_principal_participant(kay);
+ if (!principal)
+ return -1;
+
+ if (principal->retry_count < MAX_RETRY_CNT) {
+ ieee802_1x_participant_send_mkpdu(principal);
+ principal->retry_count++;
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_cp_conf -
+ */
+int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_cp_conf *pconf)
+{
+ pconf->protect = kay->macsec_protect;
+ pconf->replay_protect = kay->macsec_replay_protect;
+ pconf->validate = kay->macsec_validate;
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_alloc_cp_sm -
+ */
+static struct ieee802_1x_cp_sm *
+ieee802_1x_kay_alloc_cp_sm(struct ieee802_1x_kay *kay)
+{
+ struct ieee802_1x_cp_conf conf;
+
+ os_memset(&conf, 0, sizeof(conf));
+ conf.protect = kay->macsec_protect;
+ conf.replay_protect = kay->macsec_replay_protect;
+ conf.validate = kay->macsec_validate;
+ conf.replay_window = kay->macsec_replay_window;
+
+ return ieee802_1x_cp_sm_init(kay, &conf);
+}
+
+
+/**
+ * ieee802_1x_kay_mkpdu_sanity_check -
+ * sanity check specified in clause 11.11.2 of IEEE802.1X-2010
+ */
+static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
+ const u8 *buf, size_t len)
+{
+ struct ieee8023_hdr *eth_hdr;
+ struct ieee802_1x_hdr *eapol_hdr;
+ struct ieee802_1x_mka_hdr *mka_hdr;
+ struct ieee802_1x_mka_basic_body *body;
+ size_t mka_msg_len;
+ struct ieee802_1x_mka_participant *participant;
+ size_t body_len;
+ u8 icv[MAX_ICV_LEN];
+ u8 *msg_icv;
+
+ eth_hdr = (struct ieee8023_hdr *) buf;
+ eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
+ mka_hdr = (struct ieee802_1x_mka_hdr *) (eapol_hdr + 1);
+
+ /* destination address should be not individual address */
+ if (os_memcmp(eth_hdr->dest, pae_group_addr, ETH_ALEN) != 0) {
+ wpa_printf(MSG_MSGDUMP,
+ "KaY: ethernet destination address is not PAE group address");
+ return -1;
+ }
+
+ /* MKPDU should not less than 32 octets */
+ mka_msg_len = be_to_host16(eapol_hdr->length);
+ if (mka_msg_len < 32) {
+ wpa_printf(MSG_MSGDUMP, "KaY: MKPDU is less than 32 octets");
+ return -1;
+ }
+ /* MKPDU should multiple 4 octets */
+ if ((mka_msg_len % 4) != 0) {
+ wpa_printf(MSG_MSGDUMP,
+ "KaY: MKPDU is not multiple of 4 octets");
+ return -1;
+ }
+
+ body = (struct ieee802_1x_mka_basic_body *) mka_hdr;
+ ieee802_1x_mka_dump_basic_body(body);
+ body_len = get_mka_param_body_len(body);
+ /* EAPOL-MKA body should comprise basic parameter set and ICV */
+ if (mka_msg_len < MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN) {
+ wpa_printf(MSG_ERROR,
+ "KaY: Received EAPOL-MKA Packet Body Length (%d bytes) is less than the Basic Parameter Set Header Length (%d bytes) + the Basic Parameter Set Body Length (%d bytes) + %d bytes of ICV",
+ (int) mka_msg_len, (int) MKA_HDR_LEN,
+ (int) body_len, DEFAULT_ICV_LEN);
+ return -1;
+ }
+
+ /* CKN should be owned by I */
+ participant = ieee802_1x_kay_get_participant(kay, body->ckn);
+ if (!participant) {
+ wpa_printf(MSG_DEBUG, "CKN is not included in my CA");
+ return -1;
+ }
+
+ /* algorithm agility check */
+ if (os_memcmp(body->algo_agility, mka_algo_agility,
+ sizeof(body->algo_agility)) != 0) {
+ wpa_printf(MSG_ERROR,
+ "KaY: peer's algorithm agility not supported for me");
+ return -1;
+ }
+
+ /* ICV check */
+ /*
+ * The ICV will comprise the final octets of the packet body, whatever
+ * its size, not the fixed length 16 octets, indicated by the EAPOL
+ * packet body length.
+ */
+ if (mka_alg_tbl[kay->mka_algindex].icv_hash(
+ participant->ick.key,
+ buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
+ wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
+ return -1;
+ }
+ msg_icv = ieee802_1x_mka_decode_icv_body(participant, (u8 *) mka_hdr,
+ mka_msg_len);
+
+ if (msg_icv) {
+ if (os_memcmp(msg_icv, icv,
+ mka_alg_tbl[kay->mka_algindex].icv_len) != 0) {
+ wpa_printf(MSG_ERROR,
+ "KaY: Computed ICV is not equal to Received ICV");
+ return -1;
+ }
+ } else {
+ wpa_printf(MSG_ERROR, "KaY: No ICV");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_decode_mkpdu -
+ */
+static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
+ const u8 *buf, size_t len)
+{
+ struct ieee802_1x_mka_participant *participant;
+ struct ieee802_1x_mka_hdr *hdr;
+ size_t body_len;
+ size_t left_len;
+ int body_type;
+ int i;
+ const u8 *pos;
+ Boolean my_included;
+ Boolean handled[256];
+
+ if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len))
+ return -1;
+
+ /* handle basic parameter set */
+ pos = buf + sizeof(struct ieee8023_hdr) + sizeof(struct ieee802_1x_hdr);
+ left_len = len - sizeof(struct ieee8023_hdr) -
+ sizeof(struct ieee802_1x_hdr);
+ participant = ieee802_1x_mka_decode_basic_body(kay, pos, left_len);
+ if (!participant)
+ return -1;
+
+ /* to skip basic parameter set */
+ hdr = (struct ieee802_1x_mka_hdr *) pos;
+ body_len = get_mka_param_body_len(hdr);
+ pos += body_len + MKA_HDR_LEN;
+ left_len -= body_len + MKA_HDR_LEN;
+
+ /* check i am in the peer's peer list */
+ my_included = ieee802_1x_mka_i_in_peerlist(participant, pos, left_len);
+ if (my_included) {
+ /* accept the peer as live peer */
+ if (!ieee802_1x_kay_is_in_peer(
+ participant,
+ participant->current_peer_id.mi)) {
+ if (!ieee802_1x_kay_create_live_peer(
+ participant,
+ participant->current_peer_id.mi,
+ participant->current_peer_id.mn))
+ return -1;
+ ieee802_1x_kay_elect_key_server(participant);
+ ieee802_1x_kay_decide_macsec_use(participant);
+ }
+ if (ieee802_1x_kay_is_in_potential_peer(
+ participant, participant->current_peer_id.mi)) {
+ ieee802_1x_kay_move_live_peer(
+ participant, participant->current_peer_id.mi,
+ participant->current_peer_id.mn);
+ ieee802_1x_kay_elect_key_server(participant);
+ ieee802_1x_kay_decide_macsec_use(participant);
+ }
+ }
+
+ /*
+ * Handle other parameter set than basic parameter set.
+ * Each parameter set should be present only once.
+ */
+ for (i = 0; i < 256; i++)
+ handled[i] = FALSE;
+
+ handled[0] = TRUE;
+ while (left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN) {
+ hdr = (struct ieee802_1x_mka_hdr *) pos;
+ body_len = get_mka_param_body_len(hdr);
+ body_type = get_mka_param_body_type(hdr);
+
+ if (body_type == MKA_ICV_INDICATOR)
+ return 0;
+
+ if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
+ wpa_printf(MSG_ERROR,
+ "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
+ (int) left_len, (int) MKA_HDR_LEN,
+ (int) body_len, DEFAULT_ICV_LEN);
+ goto next_para_set;
+ }
+
+ if (handled[body_type])
+ goto next_para_set;
+
+ handled[body_type] = TRUE;
+ if (mak_body_handler[body_type].body_rx) {
+ mak_body_handler[body_type].body_rx
+ (participant, pos, left_len);
+ } else {
+ wpa_printf(MSG_ERROR,
+ "The type %d not supported in this MKA version %d",
+ body_type, MKA_VERSION_ID);
+ }
+
+next_para_set:
+ pos += body_len + MKA_HDR_LEN;
+ left_len -= body_len + MKA_HDR_LEN;
+ }
+
+ kay->active = TRUE;
+ participant->retry_count = 0;
+ participant->active = TRUE;
+
+ return 0;
+}
+
+
+
+static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
+ size_t len)
+{
+ struct ieee802_1x_kay *kay = ctx;
+ struct ieee8023_hdr *eth_hdr;
+ struct ieee802_1x_hdr *eapol_hdr;
+
+ /* must contain at least ieee8023_hdr + ieee802_1x_hdr */
+ if (len < sizeof(*eth_hdr) + sizeof(*eapol_hdr)) {
+ wpa_printf(MSG_MSGDUMP, "KaY: EAPOL frame too short (%lu)",
+ (unsigned long) len);
+ return;
+ }
+
+ eth_hdr = (struct ieee8023_hdr *) buf;
+ eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
+ if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
+ ntohs(eapol_hdr->length)) {
+ wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
+ (unsigned long) len,
+ (unsigned long) ntohs(eapol_hdr->length));
+ return;
+ }
+
+ if (eapol_hdr->version < EAPOL_VERSION) {
+ wpa_printf(MSG_MSGDUMP, "KaY: version %d does not support MKA",
+ eapol_hdr->version);
+ return;
+ }
+ if (ntohs(eth_hdr->ethertype) != ETH_P_PAE ||
+ eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
+ return;
+
+ wpa_hexdump(MSG_DEBUG, "RX EAPOL-MKA: ", buf, len);
+ if (dl_list_empty(&kay->participant_list)) {
+ wpa_printf(MSG_ERROR, "KaY: no MKA participant instance");
+ return;
+ }
+
+ ieee802_1x_kay_decode_mkpdu(kay, buf, len);
+}
+
+
+/**
+ * ieee802_1x_kay_init -
+ */
+struct ieee802_1x_kay *
+ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
+ const char *ifname, const u8 *addr)
+{
+ struct ieee802_1x_kay *kay;
+
+ kay = os_zalloc(sizeof(*kay));
+ if (!kay) {
+ wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
+ return NULL;
+ }
+
+ kay->ctx = ctx;
+
+ kay->enable = TRUE;
+ kay->active = FALSE;
+
+ kay->authenticated = FALSE;
+ kay->secured = FALSE;
+ kay->failed = FALSE;
+ kay->policy = policy;
+
+ os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
+ os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
+ kay->actor_sci.port = 0x0001;
+ kay->actor_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
+
+ /* While actor acts as a key server, shall distribute sakey */
+ kay->dist_kn = 1;
+ kay->dist_an = 0;
+ kay->dist_time = 0;
+
+ kay->pn_exhaustion = PENDING_PN_EXHAUSTION;
+ kay->macsec_csindex = DEFAULT_CS_INDEX;
+ kay->mka_algindex = DEFAULT_MKA_ALG_INDEX;
+ kay->mka_version = MKA_VERSION_ID;
+
+ os_memcpy(kay->algo_agility, mka_algo_agility,
+ sizeof(kay->algo_agility));
+
+ dl_list_init(&kay->participant_list);
+
+ if (policy == DO_NOT_SECURE) {
+ kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
+ kay->macsec_desired = FALSE;
+ kay->macsec_protect = FALSE;
+ kay->macsec_validate = FALSE;
+ kay->macsec_replay_protect = FALSE;
+ kay->macsec_replay_window = 0;
+ kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
+ } else {
+ kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
+ kay->macsec_desired = TRUE;
+ kay->macsec_protect = TRUE;
+ kay->macsec_validate = TRUE;
+ kay->macsec_replay_protect = FALSE;
+ kay->macsec_replay_window = 0;
+ kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
+ }
+
+ wpa_printf(MSG_DEBUG, "KaY: state machine created");
+
+ /* Initialize the SecY must be prio to CP, as CP will control SecY */
+ secy_init_macsec(kay);
+ secy_get_available_transmit_sc(kay, &kay->sc_ch);
+
+ wpa_printf(MSG_DEBUG, "KaY: secy init macsec done");
+
+ /* init CP */
+ kay->cp = ieee802_1x_kay_alloc_cp_sm(kay);
+ if (kay->cp == NULL) {
+ ieee802_1x_kay_deinit(kay);
+ return NULL;
+ }
+
+ if (policy == DO_NOT_SECURE) {
+ ieee802_1x_cp_connect_authenticated(kay->cp);
+ ieee802_1x_cp_sm_step(kay->cp);
+ } else {
+ kay->l2_mka = l2_packet_init(kay->if_name, NULL, ETH_P_PAE,
+ kay_l2_receive, kay, 1);
+ if (kay->l2_mka == NULL) {
+ wpa_printf(MSG_WARNING,
+ "KaY: Failed to initialize L2 packet processing for MKA packet");
+ ieee802_1x_kay_deinit(kay);
+ return NULL;
+ }
+ }
+
+ return kay;
+}
+
+
+/**
+ * ieee802_1x_kay_deinit -
+ */
+void
+ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay)
+{
+ struct ieee802_1x_mka_participant *participant;
+
+ if (!kay)
+ return;
+
+ wpa_printf(MSG_DEBUG, "KaY: state machine removed");
+
+ while (!dl_list_empty(&kay->participant_list)) {
+ participant = dl_list_entry(kay->participant_list.next,
+ struct ieee802_1x_mka_participant,
+ list);
+ ieee802_1x_kay_delete_mka(kay, &participant->ckn);
+ }
+
+ ieee802_1x_cp_sm_deinit(kay->cp);
+ secy_deinit_macsec(kay);
+
+ if (kay->l2_mka) {
+ l2_packet_deinit(kay->l2_mka);
+ kay->l2_mka = NULL;
+ }
+
+ os_free(kay->ctx);
+ os_free(kay);
+}
+
+
+/**
+ * ieee802_1x_kay_create_mka -
+ */
+struct ieee802_1x_mka_participant *
+ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
+ struct mka_key *cak, u32 life,
+ enum mka_created_mode mode, Boolean is_authenticator)
+{
+ struct ieee802_1x_mka_participant *participant;
+ unsigned int usecs;
+
+ if (!kay || !ckn || !cak) {
+ wpa_printf(MSG_ERROR, "KaY: ckn or cak is null");
+ return NULL;
+ }
+
+ if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
+ wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
+ return NULL;
+ }
+ if (ckn->len > MAX_CKN_LEN) {
+ wpa_printf(MSG_ERROR, "KaY: CKN is out of range(<=32 bytes)");
+ return NULL;
+ }
+ if (!kay->enable) {
+ wpa_printf(MSG_ERROR, "KaY: Now is at disable state");
+ return NULL;
+ }
+
+ participant = os_zalloc(sizeof(*participant));
+ if (!participant) {
+ wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
+ return NULL;
+ }
+
+ participant->ckn.len = ckn->len;
+ os_memcpy(participant->ckn.name, ckn->name, ckn->len);
+ participant->cak.len = cak->len;
+ os_memcpy(participant->cak.key, cak->key, cak->len);
+ if (life)
+ participant->cak_life = life + time(NULL);
+
+ switch (mode) {
+ case EAP_EXCHANGE:
+ if (is_authenticator) {
+ participant->is_obliged_key_server = TRUE;
+ participant->can_be_key_server = TRUE;
+ participant->is_key_server = TRUE;
+ participant->principal = TRUE;
+
+ os_memcpy(&kay->key_server_sci, &kay->actor_sci,
+ sizeof(kay->key_server_sci));
+ kay->key_server_priority = kay->actor_priority;
+ participant->is_elected = TRUE;
+ } else {
+ participant->is_obliged_key_server = FALSE;
+ participant->can_be_key_server = FALSE;
+ participant->is_key_server = FALSE;
+ participant->is_elected = TRUE;
+ }
+ break;
+
+ default:
+ participant->is_obliged_key_server = FALSE;
+ participant->can_be_key_server = TRUE;
+ participant->is_key_server = FALSE;
+ participant->is_elected = FALSE;
+ break;
+ }
+
+ participant->cached = FALSE;
+
+ participant->active = FALSE;
+ participant->participant = FALSE;
+ participant->retain = FALSE;
+ participant->activate = DEFAULT;
+
+ if (participant->is_key_server)
+ participant->principal = TRUE;
+
+ dl_list_init(&participant->live_peers);
+ dl_list_init(&participant->potential_peers);
+
+ participant->retry_count = 0;
+ participant->kay = kay;
+
+ os_get_random(participant->mi, sizeof(participant->mi));
+ participant->mn = 0;
+
+ participant->lrx = FALSE;
+ participant->ltx = FALSE;
+ participant->orx = FALSE;
+ participant->otx = FALSE;
+ participant->to_dist_sak = FALSE;
+ participant->to_use_sak = FALSE;
+ participant->new_sak = FALSE;
+ dl_list_init(&participant->sak_list);
+ participant->new_key = NULL;
+ dl_list_init(&participant->rxsc_list);
+ participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci,
+ kay->sc_ch);
+ secy_create_transmit_sc(kay, participant->txsc);
+
+ /* to derive KEK from CAK and CKN */
+ participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
+ if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
+ participant->ckn.name,
+ participant->ckn.len,
+ participant->kek.key)) {
+ wpa_printf(MSG_ERROR, "KaY: Derived KEK failed");
+ goto fail;
+ }
+ wpa_hexdump_key(MSG_DEBUG, "KaY: Derived KEK",
+ participant->kek.key, participant->kek.len);
+
+ /* to derive ICK from CAK and CKN */
+ participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
+ if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
+ participant->ckn.name,
+ participant->ckn.len,
+ participant->ick.key)) {
+ wpa_printf(MSG_ERROR, "KaY: Derived ICK failed");
+ goto fail;
+ }
+ wpa_hexdump_key(MSG_DEBUG, "KaY: Derived ICK",
+ participant->ick.key, participant->ick.len);
+
+ dl_list_add(&kay->participant_list, &participant->list);
+ wpa_hexdump(MSG_DEBUG, "KaY: Participant created:",
+ ckn->name, ckn->len);
+
+ usecs = os_random() % (MKA_HELLO_TIME * 1000);
+ eloop_register_timeout(0, usecs, ieee802_1x_participant_timer,
+ participant, NULL);
+ participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
+ usecs / 1000000;
+
+ return participant;
+
+fail:
+ os_free(participant);
+ return NULL;
+}
+
+
+/**
+ * ieee802_1x_kay_delete_mka -
+ */
+void
+ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
+{
+ struct ieee802_1x_mka_participant *participant;
+ struct ieee802_1x_kay_peer *peer;
+ struct data_key *sak;
+ struct receive_sc *rxsc;
+
+ if (!kay || !ckn)
+ return;
+
+ wpa_printf(MSG_DEBUG, "KaY: participant removed");
+
+ /* get the participant */
+ participant = ieee802_1x_kay_get_participant(kay, ckn->name);
+ if (!participant) {
+ wpa_hexdump(MSG_DEBUG, "KaY: participant is not found",
+ ckn->name, ckn->len);
+ return;
+ }
+
+ dl_list_del(&participant->list);
+
+ /* remove live peer */
+ while (!dl_list_empty(&participant->live_peers)) {
+ peer = dl_list_entry(participant->live_peers.next,
+ struct ieee802_1x_kay_peer, list);
+ dl_list_del(&peer->list);
+ os_free(peer);
+ }
+
+ /* remove potential peer */
+ while (!dl_list_empty(&participant->potential_peers)) {
+ peer = dl_list_entry(participant->potential_peers.next,
+ struct ieee802_1x_kay_peer, list);
+ dl_list_del(&peer->list);
+ os_free(peer);
+ }
+
+ /* remove sak */
+ while (!dl_list_empty(&participant->sak_list)) {
+ sak = dl_list_entry(participant->sak_list.next,
+ struct data_key, list);
+ dl_list_del(&sak->list);
+ os_free(sak->key);
+ os_free(sak);
+ }
+ while (!dl_list_empty(&participant->rxsc_list)) {
+ rxsc = dl_list_entry(participant->rxsc_list.next,
+ struct receive_sc, list);
+ secy_delete_receive_sc(kay, rxsc);
+ ieee802_1x_kay_deinit_receive_sc(participant, rxsc);
+ }
+ secy_delete_transmit_sc(kay, participant->txsc);
+ ieee802_1x_kay_deinit_transmit_sc(participant, participant->txsc);
+
+ os_memset(&participant->cak, 0, sizeof(participant->cak));
+ os_memset(&participant->kek, 0, sizeof(participant->kek));
+ os_memset(&participant->ick, 0, sizeof(participant->ick));
+ os_free(participant);
+}
+
+
+/**
+ * ieee802_1x_kay_mka_participate -
+ */
+void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
+ struct mka_key_name *ckn,
+ Boolean status)
+{
+ struct ieee802_1x_mka_participant *participant;
+
+ if (!kay || !ckn)
+ return;
+
+ participant = ieee802_1x_kay_get_participant(kay, ckn->name);
+ if (!participant)
+ return;
+
+ participant->active = status;
+}
+
+
+/**
+ * ieee802_1x_kay_new_sak -
+ */
+int
+ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay)
+{
+ struct ieee802_1x_mka_participant *participant;
+
+ if (!kay)
+ return -1;
+
+ participant = ieee802_1x_kay_get_principal_participant(kay);
+ if (!participant)
+ return -1;
+
+ participant->new_sak = TRUE;
+ wpa_printf(MSG_DEBUG, "KaY: new SAK signal");
+
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_kay_change_cipher_suite -
+ */
+int
+ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay, int cs_index)
+{
+ struct ieee802_1x_mka_participant *participant;
+
+ if (!kay)
+ return -1;
+
+ if ((unsigned int) cs_index >= CS_TABLE_SIZE) {
+ wpa_printf(MSG_ERROR,
+ "KaY: Configured cipher suite index is out of range");
+ return -1;
+ }
+ if (kay->macsec_csindex == cs_index)
+ return -2;
+
+ if (cs_index == 0)
+ kay->macsec_desired = FALSE;
+
+ kay->macsec_csindex = cs_index;
+ kay->macsec_capable = cipher_suite_tbl[kay->macsec_csindex].capable;
+
+ participant = ieee802_1x_kay_get_principal_participant(kay);
+ if (participant) {
+ wpa_printf(MSG_INFO, "KaY: Cipher Suite changed");
+ participant->new_sak = TRUE;
+ }
+
+ return 0;
+}
diff --git a/src/pae/ieee802_1x_kay.h b/src/pae/ieee802_1x_kay.h
new file mode 100644
index 0000000..064417e
--- /dev/null
+++ b/src/pae/ieee802_1x_kay.h
@@ -0,0 +1,194 @@
+/*
+ * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_KAY_H
+#define IEEE802_1X_KAY_H
+
+#include "utils/list.h"
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+
+struct macsec_init_params;
+struct ieee802_1x_cp_conf;
+
+#define MI_LEN 12
+#define MAX_KEY_LEN 32 /* 32 bytes, 256 bits */
+#define MAX_CKN_LEN 32 /* 32 bytes, 256 bits */
+
+/* MKA timer, unit: millisecond */
+#define MKA_HELLO_TIME 2000
+#define MKA_LIFE_TIME 6000
+#define MKA_SAK_RETIRE_TIME 3000
+
+struct ieee802_1x_mka_ki {
+ u8 mi[MI_LEN];
+ u32 kn;
+};
+
+struct ieee802_1x_mka_sci {
+ u8 addr[ETH_ALEN];
+ u16 port;
+};
+
+struct mka_key {
+ u8 key[MAX_KEY_LEN];
+ size_t len;
+};
+
+struct mka_key_name {
+ u8 name[MAX_CKN_LEN];
+ size_t len;
+};
+
+enum mka_created_mode {
+ PSK,
+ EAP_EXCHANGE,
+ DISTRIBUTED,
+ CACHED,
+};
+
+struct ieee802_1x_kay_ctx {
+ /* pointer to arbitrary upper level context */
+ void *ctx;
+
+ /* abstract wpa driver interface */
+ int (*macsec_init)(void *ctx, struct macsec_init_params *params);
+ int (*macsec_deinit)(void *ctx);
+ int (*enable_protect_frames)(void *ctx, Boolean enabled);
+ int (*set_replay_protect)(void *ctx, Boolean enabled, u32 window);
+ int (*set_current_cipher_suite)(void *ctx, const u8 *cs, size_t cs_len);
+ int (*enable_controlled_port)(void *ctx, Boolean enabled);
+ int (*get_receive_lowest_pn)(void *ctx, u32 channel, u8 an,
+ u32 *lowest_pn);
+ int (*get_transmit_next_pn)(void *ctx, u32 channel, u8 an,
+ u32 *next_pn);
+ int (*set_transmit_next_pn)(void *ctx, u32 channel, u8 an, u32 next_pn);
+ int (*get_available_receive_sc)(void *ctx, u32 *channel);
+ int (*create_receive_sc)(void *ctx, u32 channel,
+ struct ieee802_1x_mka_sci *sci,
+ enum validate_frames vf,
+ enum confidentiality_offset co);
+ int (*delete_receive_sc)(void *ctx, u32 channel);
+ int (*create_receive_sa)(void *ctx, u32 channel, u8 an, u32 lowest_pn,
+ const u8 *sak);
+ int (*enable_receive_sa)(void *ctx, u32 channel, u8 an);
+ int (*disable_receive_sa)(void *ctx, u32 channel, u8 an);
+ int (*get_available_transmit_sc)(void *ctx, u32 *channel);
+ int (*create_transmit_sc)(void *ctx, u32 channel,
+ const struct ieee802_1x_mka_sci *sci,
+ enum confidentiality_offset co);
+ int (*delete_transmit_sc)(void *ctx, u32 channel);
+ int (*create_transmit_sa)(void *ctx, u32 channel, u8 an, u32 next_pn,
+ Boolean confidentiality, const u8 *sak);
+ int (*enable_transmit_sa)(void *ctx, u32 channel, u8 an);
+ int (*disable_transmit_sa)(void *ctx, u32 channel, u8 an);
+};
+
+struct ieee802_1x_kay {
+ Boolean enable;
+ Boolean active;
+
+ Boolean authenticated;
+ Boolean secured;
+ Boolean failed;
+
+ struct ieee802_1x_mka_sci actor_sci;
+ u8 actor_priority;
+ struct ieee802_1x_mka_sci key_server_sci;
+ u8 key_server_priority;
+
+ enum macsec_cap macsec_capable;
+ Boolean macsec_desired;
+ Boolean macsec_protect;
+ Boolean macsec_replay_protect;
+ u32 macsec_replay_window;
+ enum validate_frames macsec_validate;
+ enum confidentiality_offset macsec_confidentiality;
+
+ u32 ltx_kn;
+ u8 ltx_an;
+ u32 lrx_kn;
+ u8 lrx_an;
+
+ u32 otx_kn;
+ u8 otx_an;
+ u32 orx_kn;
+ u8 orx_an;
+
+ /* not defined in IEEE802.1X */
+ struct ieee802_1x_kay_ctx *ctx;
+ Boolean is_key_server;
+ Boolean is_obliged_key_server;
+ char if_name[IFNAMSIZ];
+
+ int macsec_csindex; /* MACsec cipher suite table index */
+ int mka_algindex; /* MKA alg table index */
+
+ u32 dist_kn;
+ u8 dist_an;
+ time_t dist_time;
+
+ u8 mka_version;
+ u8 algo_agility[4];
+ u32 sc_ch;
+
+ u32 pn_exhaustion;
+ Boolean port_enable;
+ Boolean rx_enable;
+ Boolean tx_enable;
+
+ struct dl_list participant_list;
+ enum macsec_policy policy;
+
+ struct ieee802_1x_cp_sm *cp;
+
+ struct l2_packet_data *l2_mka;
+
+ enum validate_frames vf;
+ enum confidentiality_offset co;
+};
+
+
+struct ieee802_1x_kay *
+ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
+ const char *ifname, const u8 *addr);
+void ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay);
+
+struct ieee802_1x_mka_participant *
+ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
+ struct mka_key_name *ckn, struct mka_key *cak,
+ u32 life, enum mka_created_mode mode,
+ Boolean is_authenticator);
+void ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay,
+ struct mka_key_name *ckn);
+void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
+ struct mka_key_name *ckn,
+ Boolean status);
+int ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay);
+int ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,
+ int cs_index);
+
+int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *lki, u8 lan,
+ Boolean ltx, Boolean lrx);
+int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *oki,
+ u8 oan, Boolean otx, Boolean orx);
+int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *lki);
+int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *ki);
+int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *lki);
+int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_mka_ki *lki);
+int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay);
+int ieee802_1x_kay_cp_conf(struct ieee802_1x_kay *kay,
+ struct ieee802_1x_cp_conf *pconf);
+
+#endif /* IEEE802_1X_KAY_H */
diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
new file mode 100644
index 0000000..bdad3a5
--- /dev/null
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -0,0 +1,419 @@
+/*
+ * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_KAY_I_H
+#define IEEE802_1X_KAY_I_H
+
+#include "utils/list.h"
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+
+#define MKA_VERSION_ID 1
+
+/* IEEE Std 802.1X-2010, 11.11.1, Table 11-7 */
+enum mka_packet_type {
+ MKA_BASIC_PARAMETER_SET = MKA_VERSION_ID,
+ MKA_LIVE_PEER_LIST = 1,
+ MKA_POTENTIAL_PEER_LIST = 2,
+ MKA_SAK_USE = 3,
+ MKA_DISTRIBUTED_SAK = 4,
+ MKA_DISTRIBUTED_CAK = 5,
+ MKA_KMD = 6,
+ MKA_ANNOUNCEMENT = 7,
+ MKA_ICV_INDICATOR = 255
+};
+
+#define ICV_LEN 16 /* 16 bytes */
+#define SAK_WRAPPED_LEN 24
+/* KN + Wrapper SAK */
+#define DEFAULT_DIS_SAK_BODY_LENGTH (SAK_WRAPPED_LEN + 4)
+#define MAX_RETRY_CNT 5
+
+struct ieee802_1x_kay;
+
+struct ieee802_1x_mka_peer_id {
+ u8 mi[MI_LEN];
+ u32 mn;
+};
+
+struct ieee802_1x_kay_peer {
+ struct ieee802_1x_mka_sci sci;
+ u8 mi[MI_LEN];
+ u32 mn;
+ time_t expire;
+ Boolean is_key_server;
+ u8 key_server_priority;
+ Boolean macsec_desired;
+ enum macsec_cap macsec_capbility;
+ Boolean sak_used;
+ struct dl_list list;
+};
+
+struct key_conf {
+ u8 *key;
+ struct ieee802_1x_mka_ki ki;
+ enum confidentiality_offset offset;
+ u8 an;
+ Boolean tx;
+ Boolean rx;
+ int key_len; /* unit: byte */
+};
+
+struct data_key {
+ u8 *key;
+ int key_len;
+ struct ieee802_1x_mka_ki key_identifier;
+ enum confidentiality_offset confidentiality_offset;
+ u8 an;
+ Boolean transmits;
+ Boolean receives;
+ struct os_time created_time;
+ u32 next_pn;
+
+ /* not defined data */
+ Boolean rx_latest;
+ Boolean tx_latest;
+
+ int user; /* FIXME: to indicate if it can be delete safely */
+
+ struct dl_list list;
+};
+
+/* TransmitSC in IEEE Std 802.1AE-2006, Figure 10-6 */
+struct transmit_sc {
+ struct ieee802_1x_mka_sci sci; /* const SCI sci */
+ Boolean transmitting; /* bool transmitting (read only) */
+
+ struct os_time created_time; /* Time createdTime */
+
+ u8 encoding_sa; /* AN encodingSA (read only) */
+ u8 enciphering_sa; /* AN encipheringSA (read only) */
+
+ /* not defined data */
+ unsigned int channel;
+
+ struct dl_list list;
+ struct dl_list sa_list;
+};
+
+/* TransmitSA in IEEE Std 802.1AE-2006, Figure 10-6 */
+struct transmit_sa {
+ Boolean in_use; /* bool inUse (read only) */
+ u32 next_pn; /* PN nextPN (read only) */
+ struct os_time created_time; /* Time createdTime */
+
+ Boolean enable_transmit; /* bool EnableTransmit */
+
+ u8 an;
+ Boolean confidentiality;
+ struct data_key *pkey;
+
+ struct transmit_sc *sc;
+ struct dl_list list; /* list entry in struct transmit_sc::sa_list */
+};
+
+/* ReceiveSC in IEEE Std 802.1AE-2006, Figure 10-6 */
+struct receive_sc {
+ struct ieee802_1x_mka_sci sci; /* const SCI sci */
+ Boolean receiving; /* bool receiving (read only) */
+
+ struct os_time created_time; /* Time createdTime */
+
+ unsigned int channel;
+
+ struct dl_list list;
+ struct dl_list sa_list;
+};
+
+/* ReceiveSA in IEEE Std 802.1AE-2006, Figure 10-6 */
+struct receive_sa {
+ Boolean enable_receive; /* bool enableReceive */
+ Boolean in_use; /* bool inUse (read only) */
+
+ u32 next_pn; /* PN nextPN (read only) */
+ u32 lowest_pn; /* PN lowestPN (read only) */
+ u8 an;
+ struct os_time created_time;
+
+ struct data_key *pkey;
+ struct receive_sc *sc; /* list entry in struct receive_sc::sa_list */
+
+ struct dl_list list;
+};
+
+struct macsec_ciphersuite {
+ u8 id[CS_ID_LEN];
+ char name[32];
+ enum macsec_cap capable;
+ int sak_len; /* unit: byte */
+
+ u32 index;
+};
+
+struct mka_alg {
+ u8 parameter[4];
+ size_t cak_len;
+ size_t kek_len;
+ size_t ick_len;
+ size_t icv_len;
+
+ int (*cak_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2, u8 *cak);
+ int (*ckn_trfm)(const u8 *msk, const u8 *mac1, const u8 *mac2,
+ const u8 *sid, size_t sid_len, u8 *ckn);
+ int (*kek_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *kek);
+ int (*ick_trfm)(const u8 *cak, const u8 *ckn, size_t ckn_len, u8 *ick);
+ int (*icv_hash)(const u8 *ick, const u8 *msg, size_t msg_len, u8 *icv);
+
+ int index; /* index for configuring */
+};
+
+#define DEFAULT_MKA_ALG_INDEX 0
+
+/* See IEEE Std 802.1X-2010, 9.16 MKA management */
+struct ieee802_1x_mka_participant {
+ /* used for active and potential participant */
+ struct mka_key_name ckn;
+ struct mka_key cak;
+ Boolean cached;
+
+ /* used by management to monitor and control activation */
+ Boolean active;
+ Boolean participant;
+ Boolean retain;
+
+ enum { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;
+
+ /* used for active participant */
+ Boolean principal;
+ struct dl_list live_peers;
+ struct dl_list potential_peers;
+
+ /* not defined in IEEE 802.1X */
+ struct dl_list list;
+
+ struct mka_key kek;
+ struct mka_key ick;
+
+ struct ieee802_1x_mka_ki lki;
+ u8 lan;
+ Boolean ltx;
+ Boolean lrx;
+
+ struct ieee802_1x_mka_ki oki;
+ u8 oan;
+ Boolean otx;
+ Boolean orx;
+
+ Boolean is_key_server;
+ Boolean is_obliged_key_server;
+ Boolean can_be_key_server;
+ Boolean is_elected;
+
+ struct dl_list sak_list;
+ struct dl_list rxsc_list;
+
+ struct transmit_sc *txsc;
+
+ u8 mi[MI_LEN];
+ u32 mn;
+
+ struct ieee802_1x_mka_peer_id current_peer_id;
+ struct ieee802_1x_mka_sci current_peer_sci;
+ time_t cak_life;
+ time_t mka_life;
+ Boolean to_dist_sak;
+ Boolean to_use_sak;
+ Boolean new_sak;
+
+ Boolean advised_desired;
+ enum macsec_cap advised_capability;
+
+ struct data_key *new_key;
+ u32 retry_count;
+
+ struct ieee802_1x_kay *kay;
+};
+
+struct ieee802_1x_mka_hdr {
+ /* octet 1 */
+ u32 type:8;
+ /* octet 2 */
+ u32 reserve:8;
+ /* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u32 length:4;
+ u32 reserve1:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u32 reserve1:4;
+ u32 length:4;
+#else
+#error "Please fix <bits/endian.h>"
+#endif
+ /* octet 4 */
+ u32 length1:8;
+};
+
+#define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr)
+
+struct ieee802_1x_mka_basic_body {
+ /* octet 1 */
+ u32 version:8;
+ /* octet 2 */
+ u32 priority:8;
+ /* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u32 length:4;
+ u32 macsec_capbility:2;
+ u32 macsec_desired:1;
+ u32 key_server:1;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u32 key_server:1;
+ u32 macsec_desired:1;
+ u32 macsec_capbility:2;
+ u32 length:4;
+#endif
+ /* octet 4 */
+ u32 length1:8;
+
+ struct ieee802_1x_mka_sci actor_sci;
+ u8 actor_mi[MI_LEN];
+ u32 actor_mn;
+ u8 algo_agility[4];
+
+ /* followed by CAK Name*/
+ u8 ckn[0];
+};
+
+struct ieee802_1x_mka_peer_body {
+ /* octet 1 */
+ u32 type:8;
+ /* octet 2 */
+ u32 reserve:8;
+ /* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u32 length:4;
+ u32 reserve1:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u32 reserve1:4;
+ u32 length:4;
+#endif
+ /* octet 4 */
+ u32 length1:8;
+
+ u8 peer[0];
+ /* followed by Peers */
+};
+
+struct ieee802_1x_mka_sak_use_body {
+ /* octet 1 */
+ u32 type:8;
+ /* octet 2 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u32 orx:1;
+ u32 otx:1;
+ u32 oan:2;
+ u32 lrx:1;
+ u32 ltx:1;
+ u32 lan:2;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u32 lan:2;
+ u32 ltx:1;
+ u32 lrx:1;
+ u32 oan:2;
+ u32 otx:1;
+ u32 orx:1;
+#endif
+
+ /* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u32 length:4;
+ u32 delay_protect:1;
+ u32 reserve:1;
+ u32 prx:1;
+ u32 ptx:1;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u32 ptx:1;
+ u32 prx:1;
+ u32 reserve:1;
+ u32 delay_protect:1;
+ u32 length:4;
+#endif
+
+ /* octet 4 */
+ u32 length1:8;
+
+ /* octet 5 - 16 */
+ u8 lsrv_mi[MI_LEN];
+ /* octet 17 - 20 */
+ u32 lkn;
+ /* octet 21 - 24 */
+ u32 llpn;
+
+ /* octet 25 - 36 */
+ u8 osrv_mi[MI_LEN];
+ /* octet 37 - 40 */
+ u32 okn;
+ /* octet 41 - 44 */
+ u32 olpn;
+};
+
+
+struct ieee802_1x_mka_dist_sak_body {
+ /* octet 1 */
+ u32 type:8;
+ /* octet 2 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u32 reserve:4;
+ u32 confid_offset:2;
+ u32 dan:2;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u32 dan:2;
+ u32 confid_offset:2;
+ u32 reserve:4;
+#endif
+ /* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u32 length:4;
+ u32 reserve1:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u32 reserve1:4;
+ u32 length:4;
+#endif
+ /* octet 4 */
+ u32 length1:8;
+ /* octet 5 - 8 */
+ u32 kn;
+
+ /* for GCM-AES-128: octet 9-32: SAK
+ * for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK
+ */
+ u8 sak[0];
+};
+
+
+struct ieee802_1x_mka_icv_body {
+ /* octet 1 */
+ u32 type:8;
+ /* octet 2 */
+ u32 reserve:8;
+ /* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u32 length:4;
+ u32 reserve1:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u32 reserve1:4;
+ u32 length:4;
+#endif
+ /* octet 4 */
+ u32 length1:8;
+
+ /* octet 5 - */
+ u8 icv[0];
+};
+
+#endif /* IEEE802_1X_KAY_I_H */
diff --git a/src/pae/ieee802_1x_key.c b/src/pae/ieee802_1x_key.c
new file mode 100644
index 0000000..9a8d923
--- /dev/null
+++ b/src/pae/ieee802_1x_key.c
@@ -0,0 +1,189 @@
+/*
+ * IEEE 802.1X-2010 Key Hierarchy
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ *
+ * SAK derivation specified in IEEE Std 802.1X-2010, Clause 6.2
+*/
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "crypto/md5.h"
+#include "crypto/sha1.h"
+#include "crypto/aes_wrap.h"
+#include "crypto/crypto.h"
+#include "ieee802_1x_key.h"
+
+
+static void joint_two_mac(const u8 *mac1, const u8 *mac2, u8 *out)
+{
+ if (os_memcmp(mac1, mac2, ETH_ALEN) < 0) {
+ os_memcpy(out, mac1, ETH_ALEN);
+ os_memcpy(out + ETH_ALEN, mac2, ETH_ALEN);
+ } else {
+ os_memcpy(out, mac2, ETH_ALEN);
+ os_memcpy(out + ETH_ALEN, mac1, ETH_ALEN);
+ }
+}
+
+
+/* IEEE Std 802.1X-2010, 6.2.1 KDF */
+static int aes_kdf_128(const u8 *kdk, const char *label, const u8 *context,
+ int ctx_bits, int ret_bits, u8 *ret)
+{
+ const int h = 128;
+ const int r = 8;
+ int i, n;
+ int lab_len, ctx_len, ret_len, buf_len;
+ u8 *buf;
+
+ lab_len = os_strlen(label);
+ ctx_len = (ctx_bits + 7) / 8;
+ ret_len = ((ret_bits & 0xffff) + 7) / 8;
+ buf_len = lab_len + ctx_len + 4;
+
+ os_memset(ret, 0, ret_len);
+
+ n = (ret_bits + h - 1) / h;
+ if (n > ((0x1 << r) - 1))
+ return -1;
+
+ buf = os_zalloc(buf_len);
+ if (buf == NULL)
+ return -1;
+
+ os_memcpy(buf + 1, label, lab_len);
+ os_memcpy(buf + lab_len + 2, context, ctx_len);
+ WPA_PUT_BE16(&buf[buf_len - 2], ret_bits);
+
+ for (i = 0; i < n; i++) {
+ buf[0] = (u8) (i + 1);
+ if (omac1_aes_128(kdk, buf, buf_len, ret)) {
+ os_free(buf);
+ return -1;
+ }
+ ret = ret + h / 8;
+ }
+ os_free(buf);
+ return 0;
+}
+
+
+/********** AES-CMAC-128 **********/
+/**
+ * ieee802_1x_cak_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 6.2.2
+ * CAK = KDF(Key, Label, mac1 | mac2, CAKlength)
+ */
+int ieee802_1x_cak_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+ const u8 *mac2, u8 *cak)
+{
+ u8 context[2 * ETH_ALEN];
+
+ joint_two_mac(mac1, mac2, context);
+ return aes_kdf_128(msk, "IEEE8021 EAP CAK",
+ context, sizeof(context) * 8, 128, cak);
+}
+
+
+/**
+ * ieee802_1x_ckn_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 6.2.2
+ * CKN = KDF(Key, Label, ID | mac1 | mac2, CKNlength)
+ */
+int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+ const u8 *mac2, const u8 *sid,
+ size_t sid_bytes, u8 *ckn)
+{
+ int res;
+ u8 *context;
+ size_t ctx_len = sid_bytes + ETH_ALEN * 2;
+
+ context = os_zalloc(ctx_len);
+ if (!context) {
+ wpa_printf(MSG_ERROR, "MKA-%s: out of memory", __func__);
+ return -1;
+ }
+ os_memcpy(context, sid, sid_bytes);
+ joint_two_mac(mac1, mac2, context + sid_bytes);
+
+ res = aes_kdf_128(msk, "IEEE8021 EAP CKN", context, ctx_len * 8,
+ 128, ckn);
+ os_free(context);
+ return res;
+}
+
+
+/**
+ * ieee802_1x_kek_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 9.3.3
+ * KEK = KDF(Key, Label, Keyid, KEKLength)
+ */
+int ieee802_1x_kek_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+ size_t ckn_bytes, u8 *kek)
+{
+ u8 context[16];
+
+ /* First 16 octets of CKN, with null octets appended to pad if needed */
+ os_memset(context, 0, sizeof(context));
+ os_memcpy(context, ckn, (ckn_bytes < 16) ? ckn_bytes : 16);
+
+ return aes_kdf_128(cak, "IEEE8021 KEK", context, sizeof(context) * 8,
+ 128, kek);
+}
+
+
+/**
+ * ieee802_1x_ick_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 9.3.3
+ * ICK = KDF(Key, Label, Keyid, ICKLength)
+ */
+int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+ size_t ckn_bytes, u8 *ick)
+{
+ u8 context[16];
+
+ /* First 16 octets of CKN, with null octets appended to pad if needed */
+ os_memset(context, 0, sizeof(context));
+ os_memcpy(context, ckn, (ckn_bytes < 16) ? ckn_bytes : 16);
+
+ return aes_kdf_128(cak, "IEEE8021 ICK", context, sizeof(context) * 8,
+ 128, ick);
+}
+
+
+/**
+ * ieee802_1x_icv_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 9.4.1
+ * ICV = AES-CMAC(ICK, M, 128)
+ */
+int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
+ size_t msg_bytes, u8 *icv)
+{
+ if (omac1_aes_128(ick, msg, msg_bytes, icv)) {
+ wpa_printf(MSG_ERROR, "MKA: omac1_aes_128 failed");
+ return -1;
+ }
+ return 0;
+}
+
+
+/**
+ * ieee802_1x_sak_128bits_aes_cmac
+ *
+ * IEEE Std 802.1X-2010, 9.8.1
+ * SAK = KDF(Key, Label, KS-nonce | MI-value list | KN, SAKLength)
+ */
+int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
+ size_t ctx_bytes, u8 *sak)
+{
+ return aes_kdf_128(cak, "IEEE8021 SAK", ctx, ctx_bytes * 8, 128, sak);
+}
diff --git a/src/pae/ieee802_1x_key.h b/src/pae/ieee802_1x_key.h
new file mode 100644
index 0000000..ea318ea
--- /dev/null
+++ b/src/pae/ieee802_1x_key.h
@@ -0,0 +1,26 @@
+/*
+ * IEEE 802.1X-2010 Key Hierarchy
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_KEY_H
+#define IEEE802_1X_KEY_H
+
+int ieee802_1x_cak_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+ const u8 *mac2, u8 *cak);
+int ieee802_1x_ckn_128bits_aes_cmac(const u8 *msk, const u8 *mac1,
+ const u8 *mac2, const u8 *sid,
+ size_t sid_bytes, u8 *ckn);
+int ieee802_1x_kek_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+ size_t ckn_bytes, u8 *kek);
+int ieee802_1x_ick_128bits_aes_cmac(const u8 *cak, const u8 *ckn,
+ size_t ckn_bytes, u8 *ick);
+int ieee802_1x_icv_128bits_aes_cmac(const u8 *ick, const u8 *msg,
+ size_t msg_bytes, u8 *icv);
+int ieee802_1x_sak_128bits_aes_cmac(const u8 *cak, const u8 *ctx,
+ size_t ctx_bytes, u8 *sak);
+
+#endif /* IEEE802_1X_KEY_H */
diff --git a/src/pae/ieee802_1x_secy_ops.c b/src/pae/ieee802_1x_secy_ops.c
new file mode 100644
index 0000000..fbe05dc
--- /dev/null
+++ b/src/pae/ieee802_1x_secy_ops.c
@@ -0,0 +1,492 @@
+ /*
+ * SecY Operations
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "common/defs.h"
+#include "drivers/driver.h"
+#include "pae/ieee802_1x_kay.h"
+#include "pae/ieee802_1x_kay_i.h"
+#include "pae/ieee802_1x_secy_ops.h"
+
+
+int secy_cp_control_validate_frames(struct ieee802_1x_kay *kay,
+ enum validate_frames vf)
+{
+ kay->vf = vf;
+ return 0;
+}
+
+
+int secy_cp_control_protect_frames(struct ieee802_1x_kay *kay, Boolean enabled)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->enable_protect_frames) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy enable_protect_frames operation not supported");
+ return -1;
+ }
+
+ return ops->enable_protect_frames(ops->ctx, enabled);
+}
+
+
+int secy_cp_control_replay(struct ieee802_1x_kay *kay, Boolean enabled, u32 win)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->set_replay_protect) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy set_replay_protect operation not supported");
+ return -1;
+ }
+
+ return ops->set_replay_protect(ops->ctx, enabled, win);
+}
+
+
+int secy_cp_control_current_cipher_suite(struct ieee802_1x_kay *kay,
+ const u8 *cs, size_t cs_len)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->set_current_cipher_suite) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy set_current_cipher_suite operation not supported");
+ return -1;
+ }
+
+ return ops->set_current_cipher_suite(ops->ctx, cs, cs_len);
+}
+
+
+int secy_cp_control_confidentiality_offset(struct ieee802_1x_kay *kay,
+ enum confidentiality_offset co)
+{
+ kay->co = co;
+ return 0;
+}
+
+
+int secy_cp_control_enable_port(struct ieee802_1x_kay *kay, Boolean enabled)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->enable_controlled_port) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy enable_controlled_port operation not supported");
+ return -1;
+ }
+
+ return ops->enable_controlled_port(ops->ctx, enabled);
+}
+
+
+int secy_get_receive_lowest_pn(struct ieee802_1x_kay *kay,
+ struct receive_sa *rxsa)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !rxsa) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->get_receive_lowest_pn) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy get_receive_lowest_pn operation not supported");
+ return -1;
+ }
+
+ return ops->get_receive_lowest_pn(ops->ctx,
+ rxsa->sc->channel,
+ rxsa->an,
+ &rxsa->lowest_pn);
+}
+
+
+int secy_get_transmit_next_pn(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !txsa) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->get_transmit_next_pn) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy get_receive_lowest_pn operation not supported");
+ return -1;
+ }
+
+ return ops->get_transmit_next_pn(ops->ctx,
+ txsa->sc->channel,
+ txsa->an,
+ &txsa->next_pn);
+}
+
+
+int secy_set_transmit_next_pn(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !txsa) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->set_transmit_next_pn) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy get_receive_lowest_pn operation not supported");
+ return -1;
+ }
+
+ return ops->set_transmit_next_pn(ops->ctx,
+ txsa->sc->channel,
+ txsa->an,
+ txsa->next_pn);
+}
+
+
+int secy_get_available_receive_sc(struct ieee802_1x_kay *kay, u32 *channel)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->get_available_receive_sc) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy get_available_receive_sc operation not supported");
+ return -1;
+ }
+
+ return ops->get_available_receive_sc(ops->ctx, channel);
+}
+
+
+int secy_create_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !rxsc) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->create_receive_sc) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy create_receive_sc operation not supported");
+ return -1;
+ }
+
+ return ops->create_receive_sc(ops->ctx, rxsc->channel, &rxsc->sci,
+ kay->vf, kay->co);
+}
+
+
+int secy_delete_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !rxsc) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->delete_receive_sc) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy delete_receive_sc operation not supported");
+ return -1;
+ }
+
+ return ops->delete_receive_sc(ops->ctx, rxsc->channel);
+}
+
+
+int secy_create_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !rxsa) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->create_receive_sa) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy create_receive_sa operation not supported");
+ return -1;
+ }
+
+ return ops->create_receive_sa(ops->ctx, rxsa->sc->channel, rxsa->an,
+ rxsa->lowest_pn, rxsa->pkey->key);
+}
+
+
+int secy_enable_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !rxsa) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->enable_receive_sa) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy enable_receive_sa operation not supported");
+ return -1;
+ }
+
+ rxsa->enable_receive = TRUE;
+
+ return ops->enable_receive_sa(ops->ctx, rxsa->sc->channel, rxsa->an);
+}
+
+
+int secy_disable_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !rxsa) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->disable_receive_sa) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy disable_receive_sa operation not supported");
+ return -1;
+ }
+
+ rxsa->enable_receive = FALSE;
+
+ return ops->disable_receive_sa(ops->ctx, rxsa->sc->channel, rxsa->an);
+}
+
+
+int secy_get_available_transmit_sc(struct ieee802_1x_kay *kay, u32 *channel)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->get_available_transmit_sc) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy get_available_transmit_sc operation not supported");
+ return -1;
+ }
+
+ return ops->get_available_transmit_sc(ops->ctx, channel);
+}
+
+
+int secy_create_transmit_sc(struct ieee802_1x_kay *kay,
+ struct transmit_sc *txsc)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !txsc) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->create_transmit_sc) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy create_transmit_sc operation not supported");
+ return -1;
+ }
+
+ return ops->create_transmit_sc(ops->ctx, txsc->channel, &txsc->sci,
+ kay->co);
+}
+
+
+int secy_delete_transmit_sc(struct ieee802_1x_kay *kay,
+ struct transmit_sc *txsc)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !txsc) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->delete_transmit_sc) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy delete_transmit_sc operation not supported");
+ return -1;
+ }
+
+ return ops->delete_transmit_sc(ops->ctx, txsc->channel);
+}
+
+
+int secy_create_transmit_sa(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !txsa) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->create_transmit_sa) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy create_transmit_sa operation not supported");
+ return -1;
+ }
+
+ return ops->create_transmit_sa(ops->ctx, txsa->sc->channel, txsa->an,
+ txsa->next_pn, txsa->confidentiality,
+ txsa->pkey->key);
+}
+
+
+int secy_enable_transmit_sa(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !txsa) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->enable_transmit_sa) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy enable_transmit_sa operation not supported");
+ return -1;
+ }
+
+ txsa->enable_transmit = TRUE;
+
+ return ops->enable_transmit_sa(ops->ctx, txsa->sc->channel, txsa->an);
+}
+
+
+int secy_disable_transmit_sa(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay || !txsa) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->disable_transmit_sa) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy disable_transmit_sa operation not supported");
+ return -1;
+ }
+
+ txsa->enable_transmit = FALSE;
+
+ return ops->disable_transmit_sa(ops->ctx, txsa->sc->channel, txsa->an);
+}
+
+
+int secy_init_macsec(struct ieee802_1x_kay *kay)
+{
+ int ret;
+ struct ieee802_1x_kay_ctx *ops;
+ struct macsec_init_params params;
+
+ if (!kay) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->macsec_init) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy macsec_init operation not supported");
+ return -1;
+ }
+
+ params.use_es = FALSE;
+ params.use_scb = FALSE;
+ params.always_include_sci = TRUE;
+
+ ret = ops->macsec_init(ops->ctx, ¶ms);
+
+ return ret;
+}
+
+
+int secy_deinit_macsec(struct ieee802_1x_kay *kay)
+{
+ struct ieee802_1x_kay_ctx *ops;
+
+ if (!kay) {
+ wpa_printf(MSG_ERROR, "KaY: %s params invalid", __func__);
+ return -1;
+ }
+
+ ops = kay->ctx;
+ if (!ops || !ops->macsec_deinit) {
+ wpa_printf(MSG_ERROR,
+ "KaY: secy macsec_deinit operation not supported");
+ return -1;
+ }
+
+ return ops->macsec_deinit(ops->ctx);
+}
diff --git a/src/pae/ieee802_1x_secy_ops.h b/src/pae/ieee802_1x_secy_ops.h
new file mode 100644
index 0000000..295b823
--- /dev/null
+++ b/src/pae/ieee802_1x_secy_ops.h
@@ -0,0 +1,62 @@
+ /*
+ * SecY Operations
+ * Copyright (c) 2013, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_SECY_OPS_H
+#define IEEE802_1X_SECY_OPS_H
+
+#include "common/defs.h"
+#include "common/ieee802_1x_defs.h"
+
+struct ieee802_1x_kay_conf;
+struct receive_sa;
+struct transmit_sa;
+struct receive_sc;
+struct transmit_sc;
+
+int secy_init_macsec(struct ieee802_1x_kay *kay);
+int secy_deinit_macsec(struct ieee802_1x_kay *kay);
+
+/****** CP -> SecY ******/
+int secy_cp_control_validate_frames(struct ieee802_1x_kay *kay,
+ enum validate_frames vf);
+int secy_cp_control_protect_frames(struct ieee802_1x_kay *kay, Boolean flag);
+int secy_cp_control_replay(struct ieee802_1x_kay *kay, Boolean flag, u32 win);
+int secy_cp_control_current_cipher_suite(struct ieee802_1x_kay *kay,
+ const u8 *cs, size_t cs_len);
+int secy_cp_control_confidentiality_offset(struct ieee802_1x_kay *kay,
+ enum confidentiality_offset co);
+int secy_cp_control_enable_port(struct ieee802_1x_kay *kay, Boolean flag);
+
+/****** KaY -> SecY *******/
+int secy_get_receive_lowest_pn(struct ieee802_1x_kay *kay,
+ struct receive_sa *rxsa);
+int secy_get_transmit_next_pn(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa);
+int secy_set_transmit_next_pn(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa);
+int secy_get_available_receive_sc(struct ieee802_1x_kay *kay, u32 *channel);
+int secy_create_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc);
+int secy_delete_receive_sc(struct ieee802_1x_kay *kay, struct receive_sc *rxsc);
+int secy_create_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa);
+int secy_enable_receive_sa(struct ieee802_1x_kay *kay, struct receive_sa *rxsa);
+int secy_disable_receive_sa(struct ieee802_1x_kay *kay,
+ struct receive_sa *rxsa);
+
+int secy_get_available_transmit_sc(struct ieee802_1x_kay *kay, u32 *channel);
+int secy_create_transmit_sc(struct ieee802_1x_kay *kay,
+ struct transmit_sc *txsc);
+int secy_delete_transmit_sc(struct ieee802_1x_kay *kay,
+ struct transmit_sc *txsc);
+int secy_create_transmit_sa(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa);
+int secy_enable_transmit_sa(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa);
+int secy_disable_transmit_sa(struct ieee802_1x_kay *kay,
+ struct transmit_sa *txsa);
+
+#endif /* IEEE802_1X_SECY_OPS_H */
diff --git a/src/radius/radius.c b/src/radius/radius.c
index 47b4f8a..e34d08b 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -231,7 +231,8 @@
{ RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, "Chargeable-User-Identity",
RADIUS_ATTR_TEXT },
{ RADIUS_ATTR_NAS_IPV6_ADDRESS, "NAS-IPv6-Address", RADIUS_ATTR_IPV6 },
- { RADIUS_ATTR_ERROR_CAUSE, "Error-Cause", RADIUS_ATTR_INT32 }
+ { RADIUS_ATTR_ERROR_CAUSE, "Error-Cause", RADIUS_ATTR_INT32 },
+ { RADIUS_ATTR_EAP_KEY_NAME, "EAP-Key-Name", RADIUS_ATTR_HEXDUMP },
};
#define RADIUS_ATTRS ARRAY_SIZE(radius_attrs)
diff --git a/src/radius/radius.h b/src/radius/radius.h
index d388f71..34307f2 100644
--- a/src/radius/radius.h
+++ b/src/radius/radius.h
@@ -90,7 +90,8 @@
RADIUS_ATTR_ACCT_INTERIM_INTERVAL = 85,
RADIUS_ATTR_CHARGEABLE_USER_IDENTITY = 89,
RADIUS_ATTR_NAS_IPV6_ADDRESS = 95,
- RADIUS_ATTR_ERROR_CAUSE = 101
+ RADIUS_ATTR_ERROR_CAUSE = 101,
+ RADIUS_ATTR_EAP_KEY_NAME = 102,
};
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index 06540bf..a9483cb 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1348,7 +1348,8 @@
wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
/* TODO: parse UniqueIdentifier ::= BIT STRING */
- if (hdr.payload + hdr.length == end)
+ pos = hdr.payload + hdr.length;
+ if (pos == end)
return 0;
if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
@@ -1366,7 +1367,8 @@
wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
/* TODO: parse UniqueIdentifier ::= BIT STRING */
- if (hdr.payload + hdr.length == end)
+ pos = hdr.payload + hdr.length;
+ if (pos == end)
return 0;
if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index f74d516..48eb28a 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -748,6 +748,19 @@
endif
endif
+ifdef CONFIG_MACSEC
+CFLAGS += -DCONFIG_MACSEC
+NEED_AES_ENCBLOCK=y
+NEED_AES_UNWRAP=y
+NEED_AES_WRAP=y
+NEED_AES_OMAC1=y
+OBJS += wpas_kay.o
+OBJS += ../src/pae/ieee802_1x_cp.o
+OBJS += ../src/pae/ieee802_1x_kay.o
+OBJS += ../src/pae/ieee802_1x_key.o
+OBJS += ../src/pae/ieee802_1x_secy_ops.o
+endif
+
ifdef CONFIG_AP
NEED_80211_COMMON=y
NEED_EAP_COMMON=y
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index b5a5d78..e60bc05 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -1733,6 +1733,9 @@
{ INT(ap_max_inactivity) },
{ INT(dtim_period) },
{ INT(beacon_int) },
+#ifdef CONFIG_MACSEC
+ { INT_RANGE(macsec_policy, 0, 1) },
+#endif /* CONFIG_MACSEC */
};
#undef OFFSET
@@ -3784,7 +3787,11 @@
{ FUNC_NO_VAR(no_ctrl_interface), 0 },
{ STR(ctrl_interface_group), 0 } /* deprecated */,
#endif /* CONFIG_CTRL_IFACE */
+#ifdef CONFIG_MACSEC
+ { INT_RANGE(eapol_version, 1, 3), 0 },
+#else /* CONFIG_MACSEC */
{ INT_RANGE(eapol_version, 1, 2), 0 },
+#endif /* CONFIG_MACSEC */
{ INT(ap_scan), 0 },
{ FUNC(bgscan), 0 },
{ INT(disable_scan_offload), 0 },
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 3cfe5ba..4dc4d12 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -736,6 +736,9 @@
#endif /* CONFIG_P2P */
INT(dtim_period);
INT(beacon_int);
+#ifdef CONFIG_MACSEC
+ INT(macsec_policy);
+#endif /* CONFIG_MACSEC */
#undef STR
#undef INT
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 18fb65b..76b0632 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -636,6 +636,17 @@
* dereferences since it may not be updated in all cases.
*/
void *parent_cred;
+
+#ifdef CONFIG_MACSEC
+ /**
+ * macsec_policy - Determines the policy for MACsec secure session
+ *
+ * 0: MACsec not in use (default)
+ * 1: MACsec enabled - Should secure, accept key server's advice to
+ * determine whether to use a secure session or not.
+ */
+ int macsec_policy;
+#endif /* CONFIG_MACSEC */
};
#endif /* CONFIG_SSID_H */
diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h
index beeb059..00703d9 100644
--- a/wpa_supplicant/driver_i.h
+++ b/wpa_supplicant/driver_i.h
@@ -632,4 +632,199 @@
data, data_len, buf);
}
+
+#ifdef CONFIG_MACSEC
+
+static inline int wpa_drv_macsec_init(struct wpa_supplicant *wpa_s,
+ struct macsec_init_params *params)
+{
+ if (!wpa_s->driver->macsec_init)
+ return -1;
+ return wpa_s->driver->macsec_init(wpa_s->drv_priv, params);
+}
+
+static inline int wpa_drv_macsec_deinit(struct wpa_supplicant *wpa_s)
+{
+ if (!wpa_s->driver->macsec_deinit)
+ return -1;
+ return wpa_s->driver->macsec_deinit(wpa_s->drv_priv);
+}
+
+static inline int wpa_drv_enable_protect_frames(struct wpa_supplicant *wpa_s,
+ Boolean enabled)
+{
+ if (!wpa_s->driver->enable_protect_frames)
+ return -1;
+ return wpa_s->driver->enable_protect_frames(wpa_s->drv_priv, enabled);
+}
+
+static inline int wpa_drv_set_replay_protect(struct wpa_supplicant *wpa_s,
+ Boolean enabled, u32 window)
+{
+ if (!wpa_s->driver->set_replay_protect)
+ return -1;
+ return wpa_s->driver->set_replay_protect(wpa_s->drv_priv, enabled,
+ window);
+}
+
+static inline int wpa_drv_set_current_cipher_suite(struct wpa_supplicant *wpa_s,
+ const u8 *cs, size_t cs_len)
+{
+ if (!wpa_s->driver->set_current_cipher_suite)
+ return -1;
+ return wpa_s->driver->set_current_cipher_suite(wpa_s->drv_priv, cs,
+ cs_len);
+}
+
+static inline int wpa_drv_enable_controlled_port(struct wpa_supplicant *wpa_s,
+ Boolean enabled)
+{
+ if (!wpa_s->driver->enable_controlled_port)
+ return -1;
+ return wpa_s->driver->enable_controlled_port(wpa_s->drv_priv, enabled);
+}
+
+static inline int wpa_drv_get_receive_lowest_pn(struct wpa_supplicant *wpa_s,
+ u32 channel, u8 an,
+ u32 *lowest_pn)
+{
+ if (!wpa_s->driver->get_receive_lowest_pn)
+ return -1;
+ return wpa_s->driver->get_receive_lowest_pn(wpa_s->drv_priv, channel,
+ an, lowest_pn);
+}
+
+static inline int wpa_drv_get_transmit_next_pn(struct wpa_supplicant *wpa_s,
+ u32 channel, u8 an,
+ u32 *next_pn)
+{
+ if (!wpa_s->driver->get_transmit_next_pn)
+ return -1;
+ return wpa_s->driver->get_transmit_next_pn(wpa_s->drv_priv, channel,
+ an, next_pn);
+}
+
+static inline int wpa_drv_set_transmit_next_pn(struct wpa_supplicant *wpa_s,
+ u32 channel, u8 an,
+ u32 next_pn)
+{
+ if (!wpa_s->driver->set_transmit_next_pn)
+ return -1;
+ return wpa_s->driver->set_transmit_next_pn(wpa_s->drv_priv, channel,
+ an, next_pn);
+}
+
+static inline int wpa_drv_get_available_receive_sc(struct wpa_supplicant *wpa_s,
+ u32 *channel)
+{
+ if (!wpa_s->driver->get_available_receive_sc)
+ return -1;
+ return wpa_s->driver->get_available_receive_sc(wpa_s->drv_priv,
+ channel);
+}
+
+static inline int
+wpa_drv_create_receive_sc(struct wpa_supplicant *wpa_s, u32 channel,
+ const u8 *sci_addr, u16 sci_port,
+ unsigned int conf_offset, int validation)
+{
+ if (!wpa_s->driver->create_receive_sc)
+ return -1;
+ return wpa_s->driver->create_receive_sc(wpa_s->drv_priv, channel,
+ sci_addr, sci_port, conf_offset,
+ validation);
+}
+
+static inline int wpa_drv_delete_receive_sc(struct wpa_supplicant *wpa_s,
+ u32 channel)
+{
+ if (!wpa_s->driver->delete_receive_sc)
+ return -1;
+ return wpa_s->driver->delete_receive_sc(wpa_s->drv_priv, channel);
+}
+
+static inline int wpa_drv_create_receive_sa(struct wpa_supplicant *wpa_s,
+ u32 channel, u8 an,
+ u32 lowest_pn, const u8 *sak)
+{
+ if (!wpa_s->driver->create_receive_sa)
+ return -1;
+ return wpa_s->driver->create_receive_sa(wpa_s->drv_priv, channel, an,
+ lowest_pn, sak);
+}
+
+static inline int wpa_drv_enable_receive_sa(struct wpa_supplicant *wpa_s,
+ u32 channel, u8 an)
+{
+ if (!wpa_s->driver->enable_receive_sa)
+ return -1;
+ return wpa_s->driver->enable_receive_sa(wpa_s->drv_priv, channel, an);
+}
+
+static inline int wpa_drv_disable_receive_sa(struct wpa_supplicant *wpa_s,
+ u32 channel, u8 an)
+{
+ if (!wpa_s->driver->disable_receive_sa)
+ return -1;
+ return wpa_s->driver->disable_receive_sa(wpa_s->drv_priv, channel, an);
+}
+
+static inline int
+wpa_drv_get_available_transmit_sc(struct wpa_supplicant *wpa_s, u32 *channel)
+{
+ if (!wpa_s->driver->get_available_transmit_sc)
+ return -1;
+ return wpa_s->driver->get_available_transmit_sc(wpa_s->drv_priv,
+ channel);
+}
+
+static inline int
+wpa_drv_create_transmit_sc(struct wpa_supplicant *wpa_s, u32 channel,
+ const u8 *sci_addr, u16 sci_port,
+ unsigned int conf_offset)
+{
+ if (!wpa_s->driver->create_transmit_sc)
+ return -1;
+ return wpa_s->driver->create_transmit_sc(wpa_s->drv_priv, channel,
+ sci_addr, sci_port,
+ conf_offset);
+}
+
+static inline int wpa_drv_delete_transmit_sc(struct wpa_supplicant *wpa_s,
+ u32 channel)
+{
+ if (!wpa_s->driver->delete_transmit_sc)
+ return -1;
+ return wpa_s->driver->delete_transmit_sc(wpa_s->drv_priv, channel);
+}
+
+static inline int wpa_drv_create_transmit_sa(struct wpa_supplicant *wpa_s,
+ u32 channel, u8 an,
+ u32 next_pn,
+ Boolean confidentiality,
+ const u8 *sak)
+{
+ if (!wpa_s->driver->create_transmit_sa)
+ return -1;
+ return wpa_s->driver->create_transmit_sa(wpa_s->drv_priv, channel, an,
+ next_pn, confidentiality, sak);
+}
+
+static inline int wpa_drv_enable_transmit_sa(struct wpa_supplicant *wpa_s,
+ u32 channel, u8 an)
+{
+ if (!wpa_s->driver->enable_transmit_sa)
+ return -1;
+ return wpa_s->driver->enable_transmit_sa(wpa_s->drv_priv, channel, an);
+}
+
+static inline int wpa_drv_disable_transmit_sa(struct wpa_supplicant *wpa_s,
+ u32 channel, u8 an)
+{
+ if (!wpa_s->driver->disable_transmit_sa)
+ return -1;
+ return wpa_s->driver->disable_transmit_sa(wpa_s->drv_priv, channel, an);
+}
+#endif /* CONFIG_MACSEC */
+
#endif /* DRIVER_I_H */
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index ac0ab0b..88d4241 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -46,6 +46,7 @@
int eapol_test_num_reauths;
int no_mppe_keys;
int num_mppe_ok, num_mppe_mismatch;
+ int req_eap_key_name;
u8 radius_identifier;
struct radius_msg *last_recv_radius;
@@ -58,6 +59,8 @@
u8 authenticator_pmk[PMK_LEN];
size_t authenticator_pmk_len;
+ u8 authenticator_eap_key_name[256];
+ size_t authenticator_eap_key_name_len;
int radius_access_accept_received;
int radius_access_reject_received;
int auth_timed_out;
@@ -208,6 +211,13 @@
goto fail;
}
+ if (e->req_eap_key_name &&
+ !radius_msg_add_attr(msg, RADIUS_ATTR_EAP_KEY_NAME, (u8 *) "\0",
+ 1)) {
+ printf("Could not add EAP-Key-Name\n");
+ goto fail;
+ }
+
if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_IP_ADDRESS) &&
!radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
(u8 *) &e->own_ip_addr, 4)) {
@@ -333,6 +343,8 @@
{
u8 pmk[PMK_LEN];
int ret = 1;
+ const u8 *sess_id;
+ size_t sess_id_len;
if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) {
wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN);
@@ -361,6 +373,28 @@
else if (!e->no_mppe_keys)
e->num_mppe_ok++;
+ sess_id = eapol_sm_get_session_id(e->wpa_s->eapol, &sess_id_len);
+ if (!sess_id)
+ return ret;
+ if (e->authenticator_eap_key_name_len == 0) {
+ wpa_printf(MSG_INFO, "No EAP-Key-Name received from server");
+ return ret;
+ }
+
+ if (e->authenticator_eap_key_name_len != sess_id_len ||
+ os_memcmp(e->authenticator_eap_key_name, sess_id, sess_id_len) != 0)
+ {
+ wpa_printf(MSG_INFO,
+ "Locally derived EAP Session-Id does not match EAP-Key-Name from server");
+ wpa_hexdump(MSG_DEBUG, "EAP Session-Id", sess_id, sess_id_len);
+ wpa_hexdump(MSG_DEBUG, "EAP-Key-Name from server",
+ e->authenticator_eap_key_name,
+ e->authenticator_eap_key_name_len);
+ } else {
+ wpa_printf(MSG_INFO,
+ "Locally derived EAP Session-Id matches EAP-Key-Name from server");
+ }
+
return ret;
}
@@ -749,6 +783,8 @@
size_t shared_secret_len)
{
struct radius_ms_mppe_keys *keys;
+ u8 *buf;
+ size_t len;
keys = radius_msg_get_ms_keys(msg, req, shared_secret,
shared_secret_len);
@@ -787,6 +823,14 @@
os_free(keys->recv);
os_free(keys);
}
+
+ if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_EAP_KEY_NAME, &buf, &len,
+ NULL) == 0) {
+ os_memcpy(e->authenticator_eap_key_name, buf, len);
+ e->authenticator_eap_key_name_len = len;
+ } else {
+ e->authenticator_eap_key_name_len = 0;
+ }
}
@@ -1095,7 +1139,7 @@
static void usage(void)
{
printf("usage:\n"
- "eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] "
+ "eapol_test [-enWS] -c<conf> [-a<AS IP>] [-p<AS port>] "
"[-s<AS secret>]\\\n"
" [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n"
" [-M<client MAC address>] [-o<server cert file] \\\n"
@@ -1115,6 +1159,7 @@
" -A<client IP> = IP address of the client, default: select "
"automatically\n"
" -r<count> = number of re-authentications\n"
+ " -e = Request EAP-Key-Name\n"
" -W = wait for a control interface monitor before starting\n"
" -S = save configuration after authentication\n"
" -n = no MPPE keys expected\n"
@@ -1168,7 +1213,7 @@
wpa_debug_show_keys = 1;
for (;;) {
- c = getopt(argc, argv, "a:A:c:C:M:nN:o:p:r:s:St:W");
+ c = getopt(argc, argv, "a:A:c:C:eM:nN:o:p:r:s:St:W");
if (c < 0)
break;
switch (c) {
@@ -1184,6 +1229,9 @@
case 'C':
eapol_test.connect_info = optarg;
break;
+ case 'e':
+ eapol_test.req_eap_key_name = 1;
+ break;
case 'M':
if (hwaddr_aton(optarg, eapol_test.own_addr)) {
usage();
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 9b7323b..8e865b4 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -2383,10 +2383,6 @@
wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
l2_packet_deinit(wpa_s->l2);
wpa_s->l2 = NULL;
-#ifdef CONFIG_IBSS_RSN
- ibss_rsn_deinit(wpa_s->ibss_rsn);
- wpa_s->ibss_rsn = NULL;
-#endif /* CONFIG_IBSS_RSN */
#ifdef CONFIG_TERMINATE_ONLASTIF
/* check if last interface */
if (!any_interfaces(wpa_s->global->ifaces))
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index f46c4cf..a8ecb8c 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -27,6 +27,7 @@
#include "bss.h"
#include "scan.h"
#include "notify.h"
+#include "driver_i.h"
#include "gas_query.h"
#include "hs20_supplicant.h"
#include "interworking.h"
@@ -875,9 +876,23 @@
static int interworking_set_hs20_params(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
- if (wpa_config_set(ssid, "key_mgmt",
- wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
- "WPA-EAP WPA-EAP-SHA256" : "WPA-EAP", 0) < 0)
+ const char *key_mgmt = NULL;
+#ifdef CONFIG_IEEE80211R
+ int res;
+ struct wpa_driver_capa capa;
+
+ res = wpa_drv_get_capa(wpa_s, &capa);
+ if (res == 0 && capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT) {
+ key_mgmt = wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
+ "WPA-EAP WPA-EAP-SHA256 FT-EAP" :
+ "WPA-EAP FT-EAP";
+ }
+#endif /* CONFIG_IEEE80211R */
+
+ if (!key_mgmt)
+ key_mgmt = wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
+ "WPA-EAP WPA-EAP-SHA256" : "WPA-EAP";
+ if (wpa_config_set(ssid, "key_mgmt", key_mgmt, 0) < 0)
return -1;
if (wpa_config_set(ssid, "proto", "RSN", 0) < 0)
return -1;
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 522d277..be160c0 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -3748,6 +3748,13 @@
}
+static int _wpas_p2p_in_progress(void *ctx)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ return wpas_p2p_in_progress(wpa_s);
+}
+
+
/**
* wpas_p2p_init - Initialize P2P module for %wpa_supplicant
* @global: Pointer to global data from wpa_supplicant_init()
@@ -3795,6 +3802,7 @@
p2p.go_connected = wpas_go_connected;
p2p.presence_resp = wpas_presence_resp;
p2p.is_concurrent_session_active = wpas_is_concurrent_session_active;
+ p2p.is_p2p_in_progress = _wpas_p2p_in_progress;
os_memcpy(wpa_s->global->p2p_dev_addr, wpa_s->own_addr, ETH_ALEN);
os_memcpy(p2p.dev_addr, wpa_s->global->p2p_dev_addr, ETH_ALEN);
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index f56b198..8ba816b 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -51,6 +51,7 @@
#include "offchannel.h"
#include "hs20_supplicant.h"
#include "wnm_sta.h"
+#include "wpas_kay.h"
const char *wpa_supplicant_version =
"wpa_supplicant v" VERSION_STR "\n"
@@ -298,6 +299,8 @@
eapol_conf.external_sim = wpa_s->conf->external_sim;
eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
#endif /* IEEE8021X_EAPOL */
+
+ ieee802_1x_alloc_kay_sm(wpa_s, ssid);
}
@@ -468,6 +471,8 @@
free_hw_features(wpa_s);
+ ieee802_1x_dealloc_kay_sm(wpa_s);
+
os_free(wpa_s->bssid_filter);
wpa_s->bssid_filter = NULL;
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 81fbdfb..243787f 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -81,6 +81,8 @@
# to make wpa_supplicant interoperate with these APs, the version number is set
# to 1 by default. This configuration value can be used to set it to the new
# version (2).
+# Note: When using MACsec, eapol_version shall be set to 3, which is
+# defined in IEEE Std 802.1X-2010.
eapol_version=1
# AP scanning/selection
@@ -97,6 +99,8 @@
# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
# APs (i.e., external program needs to control association). This mode must
# also be used when using wired Ethernet drivers.
+# Note: macsec_qca driver is one type of Ethernet driver which implements
+# macsec feature.
# 2: like 0, but associate with APs using security policy and SSID (but not
# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
# enable operation with hidden SSIDs and optimized roaming; in this mode,
@@ -675,8 +679,16 @@
# bit0 (1): require dynamically generated unicast WEP key
# bit1 (2): require dynamically generated broadcast WEP key
# (3 = require both keys; default)
-# Note: When using wired authentication, eapol_flags must be set to 0 for the
-# authentication to be completed successfully.
+# Note: When using wired authentication (including macsec_qca driver),
+# eapol_flags must be set to 0 for the authentication to be completed
+# successfully.
+#
+# macsec_policy: IEEE 802.1X/MACsec options
+# This determines how sessions are secured with MACsec. It is currently
+# applicable only when using the macsec_qca driver interface.
+# 0: MACsec not in use (default)
+# 1: MACsec enabled - Should secure, accept key server's advice to
+# determine whether to use a secure session or not.
#
# mixed_cell: This option can be used to configure whether so called mixed
# cells, i.e., networks that use both plaintext and encryption in the same
@@ -1341,3 +1353,17 @@
network={
key_mgmt=NONE
}
+
+
+# Example MACsec configuration
+#network={
+# key_mgmt=IEEE8021X
+# eap=TTLS
+# phase2="auth=PAP"
+# anonymous_identity="anonymous@example.com"
+# identity="user@example.com"
+# password="secretr"
+# ca_cert="/etc/cert/ca.pem"
+# eapol_flags=0
+# macsec_policy=1
+#}
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index b5e137c..a57f962 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -808,6 +808,9 @@
u16 num_modes;
u16 flags;
} hw;
+#ifdef CONFIG_MACSEC
+ struct ieee802_1x_kay *kay;
+#endif /* CONFIG_MACSEC */
int pno;
int pno_sched_pending;
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index b2a330c..350b122 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -26,6 +26,7 @@
#include "bss.h"
#include "scan.h"
#include "notify.h"
+#include "wpas_kay.h"
#ifndef CONFIG_NO_CONFIG_BLOBS
@@ -254,6 +255,8 @@
* authentication failure.
*/
wpa_supplicant_req_auth_timeout(wpa_s, 2, 0);
+ } else {
+ ieee802_1x_notify_create_actor(wpa_s, wpa_s->last_eapol_src);
}
if (result != EAPOL_SUPP_RESULT_SUCCESS ||
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
new file mode 100644
index 0000000..354decf
--- /dev/null
+++ b/wpa_supplicant/wpas_kay.c
@@ -0,0 +1,378 @@
+/*
+ * IEEE 802.1X-2010 KaY Interface
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+#include <openssl/ssl.h>
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "eap_peer/eap.h"
+#include "eap_peer/eap_i.h"
+#include "eapol_supp/eapol_supp_sm.h"
+#include "pae/ieee802_1x_key.h"
+#include "pae/ieee802_1x_kay.h"
+#include "wpa_supplicant_i.h"
+#include "config.h"
+#include "config_ssid.h"
+#include "driver_i.h"
+#include "wpas_kay.h"
+
+
+#define DEFAULT_KEY_LEN 16
+/* secure Connectivity Association Key Name (CKN) */
+#define DEFAULT_CKN_LEN 16
+
+
+static int wpas_macsec_init(void *priv, struct macsec_init_params *params)
+{
+ return wpa_drv_macsec_init(priv, params);
+}
+
+
+static int wpas_macsec_deinit(void *priv)
+{
+ return wpa_drv_macsec_deinit(priv);
+}
+
+
+static int wpas_enable_protect_frames(void *wpa_s, Boolean enabled)
+{
+ return wpa_drv_enable_protect_frames(wpa_s, enabled);
+}
+
+
+static int wpas_set_replay_protect(void *wpa_s, Boolean enabled, u32 window)
+{
+ return wpa_drv_set_replay_protect(wpa_s, enabled, window);
+}
+
+
+static int wpas_set_current_cipher_suite(void *wpa_s, const u8 *cs,
+ size_t cs_len)
+{
+ return wpa_drv_set_current_cipher_suite(wpa_s, cs, cs_len);
+}
+
+
+static int wpas_enable_controlled_port(void *wpa_s, Boolean enabled)
+{
+ return wpa_drv_enable_controlled_port(wpa_s, enabled);
+}
+
+
+static int wpas_get_receive_lowest_pn(void *wpa_s, u32 channel,
+ u8 an, u32 *lowest_pn)
+{
+ return wpa_drv_get_receive_lowest_pn(wpa_s, channel, an, lowest_pn);
+}
+
+
+static int wpas_get_transmit_next_pn(void *wpa_s, u32 channel,
+ u8 an, u32 *next_pn)
+{
+ return wpa_drv_get_transmit_next_pn(wpa_s, channel, an, next_pn);
+}
+
+
+static int wpas_set_transmit_next_pn(void *wpa_s, u32 channel,
+ u8 an, u32 next_pn)
+{
+ return wpa_drv_set_transmit_next_pn(wpa_s, channel, an, next_pn);
+}
+
+
+static int wpas_get_available_receive_sc(void *wpa_s, u32 *channel)
+{
+ return wpa_drv_get_available_receive_sc(wpa_s, channel);
+}
+
+
+static unsigned int conf_offset_val(enum confidentiality_offset co)
+{
+ switch (co) {
+ case CONFIDENTIALITY_OFFSET_30:
+ return 30;
+ break;
+ case CONFIDENTIALITY_OFFSET_50:
+ return 50;
+ default:
+ return 0;
+ }
+}
+
+
+static int wpas_create_receive_sc(void *wpa_s, u32 channel,
+ struct ieee802_1x_mka_sci *sci,
+ enum validate_frames vf,
+ enum confidentiality_offset co)
+{
+ return wpa_drv_create_receive_sc(wpa_s, channel, sci->addr, sci->port,
+ conf_offset_val(co), vf);
+}
+
+
+static int wpas_delete_receive_sc(void *wpa_s, u32 channel)
+{
+ return wpa_drv_delete_receive_sc(wpa_s, channel);
+}
+
+
+static int wpas_create_receive_sa(void *wpa_s, u32 channel, u8 an,
+ u32 lowest_pn, const u8 *sak)
+{
+ return wpa_drv_create_receive_sa(wpa_s, channel, an, lowest_pn, sak);
+}
+
+
+static int wpas_enable_receive_sa(void *wpa_s, u32 channel, u8 an)
+{
+ return wpa_drv_enable_receive_sa(wpa_s, channel, an);
+}
+
+
+static int wpas_disable_receive_sa(void *wpa_s, u32 channel, u8 an)
+{
+ return wpa_drv_disable_receive_sa(wpa_s, channel, an);
+}
+
+
+static int wpas_get_available_transmit_sc(void *wpa_s, u32 *channel)
+{
+ return wpa_drv_get_available_transmit_sc(wpa_s, channel);
+}
+
+
+static int
+wpas_create_transmit_sc(void *wpa_s, u32 channel,
+ const struct ieee802_1x_mka_sci *sci,
+ enum confidentiality_offset co)
+{
+ return wpa_drv_create_transmit_sc(wpa_s, channel, sci->addr, sci->port,
+ conf_offset_val(co));
+}
+
+
+static int wpas_delete_transmit_sc(void *wpa_s, u32 channel)
+{
+ return wpa_drv_delete_transmit_sc(wpa_s, channel);
+}
+
+
+static int wpas_create_transmit_sa(void *wpa_s, u32 channel, u8 an,
+ u32 next_pn, Boolean confidentiality,
+ const u8 *sak)
+{
+ return wpa_drv_create_transmit_sa(wpa_s, channel, an, next_pn,
+ confidentiality, sak);
+}
+
+
+static int wpas_enable_transmit_sa(void *wpa_s, u32 channel, u8 an)
+{
+ return wpa_drv_enable_transmit_sa(wpa_s, channel, an);
+}
+
+
+static int wpas_disable_transmit_sa(void *wpa_s, u32 channel, u8 an)
+{
+ return wpa_drv_disable_transmit_sa(wpa_s, channel, an);
+}
+
+
+int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
+{
+ struct ieee802_1x_kay_ctx *kay_ctx;
+ struct ieee802_1x_kay *res = NULL;
+ enum macsec_policy policy;
+
+ ieee802_1x_dealloc_kay_sm(wpa_s);
+
+ if (!ssid || ssid->macsec_policy == 0)
+ return 0;
+
+ policy = ssid->macsec_policy == 1 ? SHOULD_SECURE : DO_NOT_SECURE;
+
+ kay_ctx = os_zalloc(sizeof(*kay_ctx));
+ if (!kay_ctx)
+ return -1;
+
+ kay_ctx->ctx = wpa_s;
+
+ kay_ctx->macsec_init = wpas_macsec_init;
+ kay_ctx->macsec_deinit = wpas_macsec_deinit;
+ kay_ctx->enable_protect_frames = wpas_enable_protect_frames;
+ kay_ctx->set_replay_protect = wpas_set_replay_protect;
+ kay_ctx->set_current_cipher_suite = wpas_set_current_cipher_suite;
+ kay_ctx->enable_controlled_port = wpas_enable_controlled_port;
+ kay_ctx->get_receive_lowest_pn = wpas_get_receive_lowest_pn;
+ kay_ctx->get_transmit_next_pn = wpas_get_transmit_next_pn;
+ kay_ctx->set_transmit_next_pn = wpas_set_transmit_next_pn;
+ kay_ctx->get_available_receive_sc = wpas_get_available_receive_sc;
+ kay_ctx->create_receive_sc = wpas_create_receive_sc;
+ kay_ctx->delete_receive_sc = wpas_delete_receive_sc;
+ kay_ctx->create_receive_sa = wpas_create_receive_sa;
+ kay_ctx->enable_receive_sa = wpas_enable_receive_sa;
+ kay_ctx->disable_receive_sa = wpas_disable_receive_sa;
+ kay_ctx->get_available_transmit_sc = wpas_get_available_transmit_sc;
+ kay_ctx->create_transmit_sc = wpas_create_transmit_sc;
+ kay_ctx->delete_transmit_sc = wpas_delete_transmit_sc;
+ kay_ctx->create_transmit_sa = wpas_create_transmit_sa;
+ kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa;
+ kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa;
+
+ res = ieee802_1x_kay_init(kay_ctx, policy, wpa_s->ifname,
+ wpa_s->own_addr);
+ if (res == NULL) {
+ os_free(kay_ctx);
+ return -1;
+ }
+
+ wpa_s->kay = res;
+
+ return 0;
+}
+
+
+void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s)
+{
+ if (!wpa_s->kay)
+ return;
+
+ ieee802_1x_kay_deinit(wpa_s->kay);
+ wpa_s->kay = NULL;
+}
+
+
+static int ieee802_1x_auth_get_session_id(struct wpa_supplicant *wpa_s,
+ const u8 *addr, u8 *sid, size_t *len)
+{
+ const u8 *session_id;
+ size_t id_len, need_len;
+
+ session_id = eapol_sm_get_session_id(wpa_s->eapol, &id_len);
+ if (session_id == NULL) {
+ wpa_printf(MSG_DEBUG,
+ "Failed to get SessionID from EAPOL state machines");
+ return -1;
+ }
+
+ need_len = 1 + 2 * SSL3_RANDOM_SIZE;
+ if (need_len > id_len) {
+ wpa_printf(MSG_DEBUG, "EAP Session-Id not long enough");
+ return -1;
+ }
+
+ os_memcpy(sid, session_id, need_len);
+ *len = need_len;
+
+ return 0;
+}
+
+
+static int ieee802_1x_auth_get_msk(struct wpa_supplicant *wpa_s, const u8 *addr,
+ u8 *msk, size_t *len)
+{
+ u8 key[EAP_MSK_LEN];
+ size_t keylen;
+ struct eapol_sm *sm;
+ int res;
+
+ sm = wpa_s->eapol;
+ if (sm == NULL)
+ return -1;
+
+ keylen = EAP_MSK_LEN;
+ res = eapol_sm_get_key(sm, key, keylen);
+ if (res) {
+ wpa_printf(MSG_DEBUG,
+ "Failed to get MSK from EAPOL state machines");
+ return -1;
+ }
+
+ if (keylen > *len)
+ keylen = *len;
+ os_memcpy(msk, key, keylen);
+ *len = keylen;
+
+ return 0;
+}
+
+
+void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
+ const u8 *peer_addr)
+{
+ u8 *sid;
+ size_t sid_len = 128;
+ struct mka_key_name *ckn;
+ struct mka_key *cak;
+ struct mka_key *msk;
+ void *res = NULL;
+
+ if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
+ return NULL;
+
+ wpa_printf(MSG_DEBUG,
+ "IEEE 802.1X: External notification - Create MKA for "
+ MACSTR, MAC2STR(peer_addr));
+
+ msk = os_zalloc(sizeof(*msk));
+ sid = os_zalloc(sid_len);
+ ckn = os_zalloc(sizeof(*ckn));
+ cak = os_zalloc(sizeof(*cak));
+ if (!msk || !sid || !ckn || !cak)
+ goto fail;
+
+ msk->len = DEFAULT_KEY_LEN;
+ if (ieee802_1x_auth_get_msk(wpa_s, wpa_s->bssid, msk->key, &msk->len)) {
+ wpa_printf(MSG_ERROR, "IEEE 802.1X: Could not get MSK");
+ goto fail;
+ }
+
+ if (ieee802_1x_auth_get_session_id(wpa_s, wpa_s->bssid, sid, &sid_len))
+ {
+ wpa_printf(MSG_ERROR,
+ "IEEE 802.1X: Could not get EAP Session Id");
+ goto fail;
+ }
+
+ /* Derive CAK from MSK */
+ cak->len = DEFAULT_KEY_LEN;
+ if (ieee802_1x_cak_128bits_aes_cmac(msk->key, wpa_s->own_addr,
+ peer_addr, cak->key)) {
+ wpa_printf(MSG_ERROR,
+ "IEEE 802.1X: Deriving CAK failed");
+ goto fail;
+ }
+ wpa_hexdump_key(MSG_DEBUG, "Derived CAK", cak->key, cak->len);
+
+ /* Derive CKN from MSK */
+ ckn->len = DEFAULT_CKN_LEN;
+ if (ieee802_1x_ckn_128bits_aes_cmac(msk->key, wpa_s->own_addr,
+ peer_addr, sid, sid_len,
+ ckn->name)) {
+ wpa_printf(MSG_ERROR,
+ "IEEE 802.1X: Deriving CKN failed");
+ goto fail;
+ }
+ wpa_hexdump(MSG_DEBUG, "Derived CKN", ckn->name, ckn->len);
+
+ res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0,
+ EAP_EXCHANGE, FALSE);
+
+fail:
+ if (msk) {
+ os_memset(msk, 0, sizeof(*msk));
+ os_free(msk);
+ }
+ os_free(sid);
+ os_free(ckn);
+ if (cak) {
+ os_memset(cak, 0, sizeof(*cak));
+ os_free(cak);
+ }
+
+ return res;
+}
diff --git a/wpa_supplicant/wpas_kay.h b/wpa_supplicant/wpas_kay.h
new file mode 100644
index 0000000..b7236d0
--- /dev/null
+++ b/wpa_supplicant/wpas_kay.h
@@ -0,0 +1,41 @@
+/*
+ * IEEE 802.1X-2010 KaY Interface
+ * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef WPAS_KAY_H
+#define WPAS_KAY_H
+
+#ifdef CONFIG_MACSEC
+
+int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid);
+void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
+ const u8 *peer_addr);
+void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s);
+
+#else /* CONFIG_MACSEC */
+
+static inline int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid)
+{
+ return 0;
+}
+
+static inline void *
+ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
+ const u8 *peer_addr)
+{
+ return NULL;
+}
+
+static inline void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s)
+{
+}
+
+#endif /* CONFIG_MACSEC */
+
+#endif /* WPAS_KAY_H */