summaryrefslogtreecommitdiff
path: root/src/pae/ieee802_1x_kay_i.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/pae/ieee802_1x_kay_i.h')
-rw-r--r--src/pae/ieee802_1x_kay_i.h180
1 files changed, 97 insertions, 83 deletions
diff --git a/src/pae/ieee802_1x_kay_i.h b/src/pae/ieee802_1x_kay_i.h
index 622282e97c513..bc522d89852bf 100644
--- a/src/pae/ieee802_1x_kay_i.h
+++ b/src/pae/ieee802_1x_kay_i.h
@@ -54,88 +54,6 @@ struct ieee802_1x_kay_peer {
struct dl_list list;
};
-struct data_key {
- u8 *key;
- int key_len;
- struct ieee802_1x_mka_ki key_identifier;
- enum confidentiality_offset confidentiality_offset;
- u8 an;
- Boolean transmits;
- Boolean receives;
- struct os_time created_time;
- u32 next_pn;
-
- /* not defined data */
- Boolean rx_latest;
- Boolean tx_latest;
-
- int user; /* FIXME: to indicate if it can be delete safely */
-
- struct dl_list list;
-};
-
-/* TransmitSC in IEEE Std 802.1AE-2006, Figure 10-6 */
-struct transmit_sc {
- struct ieee802_1x_mka_sci sci; /* const SCI sci */
- Boolean transmitting; /* bool transmitting (read only) */
-
- struct os_time created_time; /* Time createdTime */
-
- u8 encoding_sa; /* AN encodingSA (read only) */
- u8 enciphering_sa; /* AN encipheringSA (read only) */
-
- /* not defined data */
- unsigned int channel;
-
- struct dl_list list;
- struct dl_list sa_list;
-};
-
-/* TransmitSA in IEEE Std 802.1AE-2006, Figure 10-6 */
-struct transmit_sa {
- Boolean in_use; /* bool inUse (read only) */
- u32 next_pn; /* PN nextPN (read only) */
- struct os_time created_time; /* Time createdTime */
-
- Boolean enable_transmit; /* bool EnableTransmit */
-
- u8 an;
- Boolean confidentiality;
- struct data_key *pkey;
-
- struct transmit_sc *sc;
- struct dl_list list; /* list entry in struct transmit_sc::sa_list */
-};
-
-/* ReceiveSC in IEEE Std 802.1AE-2006, Figure 10-6 */
-struct receive_sc {
- struct ieee802_1x_mka_sci sci; /* const SCI sci */
- Boolean receiving; /* bool receiving (read only) */
-
- struct os_time created_time; /* Time createdTime */
-
- unsigned int channel;
-
- struct dl_list list;
- struct dl_list sa_list;
-};
-
-/* ReceiveSA in IEEE Std 802.1AE-2006, Figure 10-6 */
-struct receive_sa {
- Boolean enable_receive; /* bool enableReceive */
- Boolean in_use; /* bool inUse (read only) */
-
- u32 next_pn; /* PN nextPN (read only) */
- u32 lowest_pn; /* PN lowestPN (read only) */
- u8 an;
- struct os_time created_time;
-
- struct data_key *pkey;
- struct receive_sc *sc; /* list entry in struct receive_sc::sa_list */
-
- struct dl_list list;
-};
-
struct macsec_ciphersuite {
u64 id;
char name[32];
@@ -175,6 +93,7 @@ struct ieee802_1x_mka_participant {
Boolean active;
Boolean participant;
Boolean retain;
+ enum mka_created_mode mode;
enum { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;
@@ -250,6 +169,22 @@ struct ieee802_1x_mka_hdr {
#define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr)
+/**
+ * struct ieee802_1x_mka_basic_body - Basic Parameter Set (Figure 11-8)
+ * @version: MKA Version Identifier
+ * @priority: Key Server Priority
+ * @length: Parameter set body length
+ * @macsec_capability: MACsec capability, as defined in ieee802_1x_defs.h
+ * @macsec_desired: the participant wants MACsec to be used to protect frames
+ * (9.6.1)
+ * @key_server: the participant has not decided that another participant is or
+ * will be the key server (9.5.1)
+ * @length1: Parameter set body length (cont)
+ * @actor_mi: Actor's Member Identifier
+ * @actor_mn: Actor's Message Number
+ * @algo_agility: Algorithm Agility parameter
+ * @ckn: CAK Name
+ */
struct ieee802_1x_mka_basic_body {
/* octet 1 */
u8 version;
@@ -279,6 +214,14 @@ struct ieee802_1x_mka_basic_body {
u8 ckn[0];
};
+/**
+ * struct ieee802_1x_mka_peer_body - Live Peer List and Potential Peer List
+ * parameter sets (Figure 11-9)
+ * @type: Parameter set type (1 or 2)
+ * @length: Parameter set body length
+ * @length1: Parameter set body length (cont)
+ * @peer: array of (MI, MN) pairs
+ */
struct ieee802_1x_mka_peer_body {
/* octet 1 */
u8 type;
@@ -299,6 +242,28 @@ struct ieee802_1x_mka_peer_body {
/* followed by Peers */
};
+/**
+ * struct ieee802_1x_mka_sak_use_body - MACsec SAK Use parameter set (Figure
+ * 11-10)
+ * @type: MKA message type
+ * @lan: latest key AN
+ * @ltx: latest key TX
+ * @lrx: latest key RX
+ * @oan: old key AN
+ * @otx: old key TX
+ * @orx: old key RX
+ * @ptx: plain TX, ie protectFrames is False
+ * @prx: plain RX, ie validateFrames is not Strict
+ * @delay_protect: True if LPNs are being reported sufficiently frequently to
+ * allow the recipient to provide data delay protection. If False, the LPN
+ * can be reported as zero.
+ * @lsrv_mi: latest key server MI
+ * @lkn: latest key number (together with MI, form the KI)
+ * @llpn: latest lowest acceptable PN (LPN)
+ * @osrv_mi: old key server MI
+ * @okn: old key number (together with MI, form the KI)
+ * @olpn: old lowest acceptable PN (LPN)
+ */
struct ieee802_1x_mka_sak_use_body {
/* octet 1 */
u8 type;
@@ -352,7 +317,21 @@ struct ieee802_1x_mka_sak_use_body {
be32 olpn;
};
-
+/**
+ * struct ieee802_1x_mka_dist_sak_body - Distributed SAK parameter set
+ * (GCM-AES-128, Figure 11-11)
+ * @type: Parameter set type (4)
+ * @length: Parameter set body length
+ * @length1: Parameter set body length (cont)
+ * Total parameter body length values:
+ * - 0 for plain text
+ * - 28 for GCM-AES-128
+ * - 36 or more for other cipher suites
+ * @confid_offset: confidentiality offset, as defined in ieee802_1x_defs.h
+ * @dan: distributed AN (0 for plain text)
+ * @kn: Key Number
+ * @sak: AES Key Wrap of SAK (see 9.8)
+ */
struct ieee802_1x_mka_dist_sak_body {
/* octet 1 */
u8 type;
@@ -385,6 +364,41 @@ struct ieee802_1x_mka_dist_sak_body {
u8 sak[0];
};
+/**
+ * struct ieee802_1x_mka_dist_cak_body - Distributed CAK parameter set (Figure
+ * 11-13)
+ * @type: Parameter set type (5)
+ * @length: Parameter set body length
+ * @length1: Parameter set body length (cont)
+ * Total parameter body length values:
+ * - 0 for plain text
+ * - 28 for GCM-AES-128
+ * - 36 or more for other cipher suites
+ * @cak: AES Key Wrap of CAK (see 9.8)
+ * @ckn: CAK Name
+ */
+struct ieee802_1x_mka_dist_cak_body {
+ /* octet 1 */
+ u8 type;
+ /* octet 2 */
+ u8 reserve;
+ /* octet 3 */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u8 length:4;
+ u8 reserve1:4;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u8 reserve1:4;
+ u8 length:4;
+#endif
+ /* octet 4 */
+ u8 length1;
+
+ /* octet 5 - 28 */
+ u8 cak[24];
+
+ /* followed by CAK Name, 29- */
+ u8 ckn[0];
+};
struct ieee802_1x_mka_icv_body {
/* octet 1 */
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 01:57:14 +0000