2 * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3 * Copyright (c) 2013, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
15 #include "state_machine.h"
16 #include "l2_packet/l2_packet.h"
17 #include "common/eapol_common.h"
18 #include "crypto/aes_wrap.h"
19 #include "ieee802_1x_cp.h"
20 #include "ieee802_1x_key.h"
21 #include "ieee802_1x_kay.h"
22 #include "ieee802_1x_kay_i.h"
23 #include "ieee802_1x_secy_ops.h"
26 #define DEFAULT_SA_KEY_LEN 16
27 #define DEFAULT_ICV_LEN 16
28 #define MAX_ICV_LEN 32 /* 32 bytes, 256 bits */
30 #define PENDING_PN_EXHAUSTION 0xC0000000
32 #define MKA_ALIGN_LENGTH(len) (((len) + 0x3) & ~0x3)
34 /* IEEE Std 802.1X-2010, Table 9-1 - MKA Algorithm Agility */
35 #define MKA_ALGO_AGILITY_2009 { 0x00, 0x80, 0xC2, 0x01 }
36 static u8 mka_algo_agility[4] = MKA_ALGO_AGILITY_2009;
38 /* IEEE802.1AE-2006 Table 14-1 MACsec Cipher Suites */
39 static struct macsec_ciphersuite cipher_suite_tbl[] = {
42 .id = CS_ID_GCM_AES_128,
43 .name = CS_NAME_GCM_AES_128,
44 .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
45 .sak_len = DEFAULT_SA_KEY_LEN,
50 .id = CS_ID_GCM_AES_256,
51 .name = CS_NAME_GCM_AES_256,
52 .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
54 .index = 1 /* index */
57 #define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
58 #define DEFAULT_CS_INDEX 0
60 static struct mka_alg mka_alg_tbl[] = {
62 .parameter = MKA_ALGO_AGILITY_2009,
64 /* 128-bit CAK, KEK, ICK, ICV */
65 .cak_len = DEFAULT_ICV_LEN,
66 .kek_len = DEFAULT_ICV_LEN,
67 .ick_len = DEFAULT_ICV_LEN,
68 .icv_len = DEFAULT_ICV_LEN,
70 .cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
71 .ckn_trfm = ieee802_1x_ckn_128bits_aes_cmac,
72 .kek_trfm = ieee802_1x_kek_128bits_aes_cmac,
73 .ick_trfm = ieee802_1x_ick_128bits_aes_cmac,
74 .icv_hash = ieee802_1x_icv_128bits_aes_cmac,
79 #define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
82 static int is_ki_equal(struct ieee802_1x_mka_ki *ki1,
83 struct ieee802_1x_mka_ki *ki2)
85 return os_memcmp(ki1->mi, ki2->mi, MI_LEN) == 0 &&
90 static void set_mka_param_body_len(void *body, unsigned int len)
92 struct ieee802_1x_mka_hdr *hdr = body;
93 hdr->length = (len >> 8) & 0x0f;
94 hdr->length1 = len & 0xff;
98 static unsigned int get_mka_param_body_len(const void *body)
100 const struct ieee802_1x_mka_hdr *hdr = body;
101 return (hdr->length << 8) | hdr->length1;
105 static u8 get_mka_param_body_type(const void *body)
107 const struct ieee802_1x_mka_hdr *hdr = body;
113 * ieee802_1x_mka_dump_basic_body -
116 ieee802_1x_mka_dump_basic_body(struct ieee802_1x_mka_basic_body *body)
123 body_len = get_mka_param_body_len(body);
124 wpa_printf(MSG_DEBUG, "*** MKA Basic Parameter set ***");
125 wpa_printf(MSG_DEBUG, "\tVersion.......: %d", body->version);
126 wpa_printf(MSG_DEBUG, "\tPriority......: %d", body->priority);
127 wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server);
128 wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired);
129 wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capability);
130 wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
131 wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR,
132 MAC2STR(body->actor_sci.addr));
133 wpa_printf(MSG_DEBUG, "\tSCI Port .....: %d",
134 be_to_host16(body->actor_sci.port));
135 wpa_hexdump(MSG_DEBUG, "\tMember Id.....:",
136 body->actor_mi, sizeof(body->actor_mi));
137 wpa_printf(MSG_DEBUG, "\tMessage Number: %d",
138 be_to_host32(body->actor_mn));
139 wpa_hexdump(MSG_DEBUG, "\tAlgo Agility..:",
140 body->algo_agility, sizeof(body->algo_agility));
141 wpa_hexdump_ascii(MSG_DEBUG, "\tCAK Name......:", body->ckn,
142 body_len + MKA_HDR_LEN - sizeof(*body));
147 * ieee802_1x_mka_dump_peer_body -
150 ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
160 body_len = get_mka_param_body_len(body);
161 if (body->type == MKA_LIVE_PEER_LIST) {
162 wpa_printf(MSG_DEBUG, "*** Live Peer List ***");
163 wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
164 } else if (body->type == MKA_POTENTIAL_PEER_LIST) {
165 wpa_printf(MSG_DEBUG, "*** Potential Live Peer List ***");
166 wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
169 for (i = 0; i < body_len; i += MI_LEN + sizeof(mn)) {
171 os_memcpy(&mn, mi + MI_LEN, sizeof(mn));
172 wpa_hexdump_ascii(MSG_DEBUG, "\tMember Id.....:", mi, MI_LEN);
173 wpa_printf(MSG_DEBUG, "\tMessage Number: %d", be_to_host32(mn));
179 * ieee802_1x_mka_dump_dist_sak_body -
182 ieee802_1x_mka_dump_dist_sak_body(struct ieee802_1x_mka_dist_sak_body *body)
189 body_len = get_mka_param_body_len(body);
190 wpa_printf(MSG_INFO, "*** Distributed SAK ***");
191 wpa_printf(MSG_INFO, "\tDistributed AN........: %d", body->dan);
192 wpa_printf(MSG_INFO, "\tConfidentiality Offset: %d",
193 body->confid_offset);
194 wpa_printf(MSG_INFO, "\tBody Length...........: %zu", body_len);
198 wpa_printf(MSG_INFO, "\tKey Number............: %d",
199 be_to_host32(body->kn));
200 wpa_hexdump(MSG_INFO, "\tAES Key Wrap of SAK...:", body->sak, 24);
204 static const char * yes_no(int val)
206 return val ? "Yes" : "No";
211 * ieee802_1x_mka_dump_sak_use_body -
214 ieee802_1x_mka_dump_sak_use_body(struct ieee802_1x_mka_sak_use_body *body)
221 body_len = get_mka_param_body_len(body);
222 wpa_printf(MSG_DEBUG, "*** MACsec SAK Use ***");
223 wpa_printf(MSG_DEBUG, "\tLatest Key AN....: %d", body->lan);
224 wpa_printf(MSG_DEBUG, "\tLatest Key Tx....: %s", yes_no(body->ltx));
225 wpa_printf(MSG_DEBUG, "\tLatest Key Rx....: %s", yes_no(body->lrx));
226 wpa_printf(MSG_DEBUG, "\tOld Key AN....: %d", body->oan);
227 wpa_printf(MSG_DEBUG, "\tOld Key Tx....: %s", yes_no(body->otx));
228 wpa_printf(MSG_DEBUG, "\tOld Key Rx....: %s", yes_no(body->orx));
229 wpa_printf(MSG_DEBUG, "\tPlain Key Tx....: %s", yes_no(body->ptx));
230 wpa_printf(MSG_DEBUG, "\tPlain Key Rx....: %s", yes_no(body->prx));
231 wpa_printf(MSG_DEBUG, "\tDelay Protect....: %s",
232 yes_no(body->delay_protect));
233 wpa_printf(MSG_DEBUG, "\tBody Length......: %d", body_len);
237 wpa_hexdump(MSG_DEBUG, "\tKey Server MI....:",
238 body->lsrv_mi, sizeof(body->lsrv_mi));
239 wpa_printf(MSG_DEBUG, "\tKey Number.......: %u",
240 be_to_host32(body->lkn));
241 wpa_printf(MSG_DEBUG, "\tLowest PN........: %u",
242 be_to_host32(body->llpn));
243 wpa_hexdump_ascii(MSG_DEBUG, "\tOld Key Server MI....:",
244 body->osrv_mi, sizeof(body->osrv_mi));
245 wpa_printf(MSG_DEBUG, "\tOld Key Number.......: %u",
246 be_to_host32(body->okn));
247 wpa_printf(MSG_DEBUG, "\tOld Lowest PN........: %u",
248 be_to_host32(body->olpn));
253 * ieee802_1x_kay_get_participant -
255 static struct ieee802_1x_mka_participant *
256 ieee802_1x_kay_get_participant(struct ieee802_1x_kay *kay, const u8 *ckn,
259 struct ieee802_1x_mka_participant *participant;
261 dl_list_for_each(participant, &kay->participant_list,
262 struct ieee802_1x_mka_participant, list) {
263 if (participant->ckn.len == len &&
264 os_memcmp(participant->ckn.name, ckn,
265 participant->ckn.len) == 0)
269 wpa_printf(MSG_DEBUG, "KaY: participant is not found");
276 * ieee802_1x_kay_get_principal_participant -
278 static struct ieee802_1x_mka_participant *
279 ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay)
281 struct ieee802_1x_mka_participant *participant;
283 dl_list_for_each(participant, &kay->participant_list,
284 struct ieee802_1x_mka_participant, list) {
285 if (participant->principal)
289 wpa_printf(MSG_DEBUG, "KaY: principal participant is not found");
294 static struct ieee802_1x_kay_peer * get_peer_mi(struct dl_list *peers,
297 struct ieee802_1x_kay_peer *peer;
299 dl_list_for_each(peer, peers, struct ieee802_1x_kay_peer, list) {
300 if (os_memcmp(peer->mi, mi, MI_LEN) == 0)
309 * ieee802_1x_kay_get_potential_peer
311 static struct ieee802_1x_kay_peer *
312 ieee802_1x_kay_get_potential_peer(
313 struct ieee802_1x_mka_participant *participant, const u8 *mi)
315 return get_peer_mi(&participant->potential_peers, mi);
320 * ieee802_1x_kay_get_live_peer
322 static struct ieee802_1x_kay_peer *
323 ieee802_1x_kay_get_live_peer(struct ieee802_1x_mka_participant *participant,
326 return get_peer_mi(&participant->live_peers, mi);
331 * ieee802_1x_kay_is_in_potential_peer
334 ieee802_1x_kay_is_in_potential_peer(
335 struct ieee802_1x_mka_participant *participant, const u8 *mi)
337 return ieee802_1x_kay_get_potential_peer(participant, mi) != NULL;
342 * ieee802_1x_kay_is_in_live_peer
345 ieee802_1x_kay_is_in_live_peer(
346 struct ieee802_1x_mka_participant *participant, const u8 *mi)
348 return ieee802_1x_kay_get_live_peer(participant, mi) != NULL;
353 * ieee802_1x_kay_get_peer
355 static struct ieee802_1x_kay_peer *
356 ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
359 struct ieee802_1x_kay_peer *peer;
361 peer = ieee802_1x_kay_get_live_peer(participant, mi);
365 return ieee802_1x_kay_get_potential_peer(participant, mi);
370 * ieee802_1x_kay_get_cipher_suite
372 static struct macsec_ciphersuite *
373 ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
380 os_memcpy(&_cs, cs_id, CS_ID_LEN);
381 cs = be_to_host64(_cs);
383 for (i = 0; i < CS_TABLE_SIZE; i++) {
384 if (cipher_suite_tbl[i].id == cs)
385 return &cipher_suite_tbl[i];
392 u64 mka_sci_u64(struct ieee802_1x_mka_sci *sci)
394 struct ieee802_1x_mka_sci tmp;
396 os_memcpy(tmp.addr, sci->addr, ETH_ALEN);
397 tmp.port = sci->port;
399 return *((u64 *) &tmp);
403 static Boolean sci_equal(const struct ieee802_1x_mka_sci *a,
404 const struct ieee802_1x_mka_sci *b)
406 return os_memcmp(a, b, sizeof(struct ieee802_1x_mka_sci)) == 0;
411 * ieee802_1x_kay_get_peer_sci
413 static struct ieee802_1x_kay_peer *
414 ieee802_1x_kay_get_peer_sci(struct ieee802_1x_mka_participant *participant,
415 const struct ieee802_1x_mka_sci *sci)
417 struct ieee802_1x_kay_peer *peer;
419 dl_list_for_each(peer, &participant->live_peers,
420 struct ieee802_1x_kay_peer, list) {
421 if (sci_equal(&peer->sci, sci))
425 dl_list_for_each(peer, &participant->potential_peers,
426 struct ieee802_1x_kay_peer, list) {
427 if (sci_equal(&peer->sci, sci))
435 static void ieee802_1x_kay_use_data_key(struct data_key *pkey);
438 * ieee802_1x_kay_init_receive_sa -
440 static struct receive_sa *
441 ieee802_1x_kay_init_receive_sa(struct receive_sc *psc, u8 an, u32 lowest_pn,
442 struct data_key *key)
444 struct receive_sa *psa;
449 psa = os_zalloc(sizeof(*psa));
451 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
455 ieee802_1x_kay_use_data_key(key);
457 psa->lowest_pn = lowest_pn;
458 psa->next_pn = lowest_pn;
462 os_get_time(&psa->created_time);
465 dl_list_add(&psc->sa_list, &psa->list);
466 wpa_printf(MSG_DEBUG,
467 "KaY: Create receive SA(AN: %hhu lowest_pn: %u of SC",
474 static void ieee802_1x_kay_deinit_data_key(struct data_key *pkey);
477 * ieee802_1x_kay_deinit_receive_sa -
479 static void ieee802_1x_kay_deinit_receive_sa(struct receive_sa *psa)
481 ieee802_1x_kay_deinit_data_key(psa->pkey);
483 wpa_printf(MSG_DEBUG,
484 "KaY: Delete receive SA(an: %hhu) of SC",
486 dl_list_del(&psa->list);
492 * ieee802_1x_kay_init_receive_sc -
494 static struct receive_sc *
495 ieee802_1x_kay_init_receive_sc(const struct ieee802_1x_mka_sci *psci)
497 struct receive_sc *psc;
502 psc = os_zalloc(sizeof(*psc));
504 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
508 os_memcpy(&psc->sci, psci, sizeof(psc->sci));
510 os_get_time(&psc->created_time);
511 psc->receiving = FALSE;
513 dl_list_init(&psc->sa_list);
514 wpa_printf(MSG_DEBUG, "KaY: Create receive SC");
515 wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)psci, sizeof(*psci));
521 static void ieee802_1x_delete_receive_sa(struct ieee802_1x_kay *kay,
522 struct receive_sa *sa)
524 secy_disable_receive_sa(kay, sa);
525 secy_delete_receive_sa(kay, sa);
526 ieee802_1x_kay_deinit_receive_sa(sa);
531 * ieee802_1x_kay_deinit_receive_sc -
534 ieee802_1x_kay_deinit_receive_sc(
535 struct ieee802_1x_mka_participant *participant, struct receive_sc *psc)
537 struct receive_sa *psa, *pre_sa;
539 wpa_printf(MSG_DEBUG, "KaY: Delete receive SC");
540 dl_list_for_each_safe(psa, pre_sa, &psc->sa_list, struct receive_sa,
542 ieee802_1x_delete_receive_sa(participant->kay, psa);
544 dl_list_del(&psc->list);
545 secy_delete_receive_sc(participant->kay, psc);
550 static void ieee802_1x_kay_dump_peer(struct ieee802_1x_kay_peer *peer)
552 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi, sizeof(peer->mi));
553 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
554 wpa_hexdump(MSG_DEBUG, "\tSCI Addr: ", peer->sci.addr, ETH_ALEN);
555 wpa_printf(MSG_DEBUG, "\tPort: %d", peer->sci.port);
559 static struct ieee802_1x_kay_peer *
560 ieee802_1x_kay_create_peer(const u8 *mi, u32 mn)
562 struct ieee802_1x_kay_peer *peer;
564 peer = os_zalloc(sizeof(*peer));
566 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
570 os_memcpy(peer->mi, mi, MI_LEN);
572 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
573 peer->sak_used = FALSE;
580 * ieee802_1x_kay_create_live_peer
582 static struct ieee802_1x_kay_peer *
583 ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant,
584 const u8 *mi, u32 mn)
586 struct ieee802_1x_kay_peer *peer;
587 struct receive_sc *rxsc;
589 peer = ieee802_1x_kay_create_peer(mi, mn);
593 os_memcpy(&peer->sci, &participant->current_peer_sci,
596 rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci);
602 dl_list_add(&participant->live_peers, &peer->list);
603 dl_list_add(&participant->rxsc_list, &rxsc->list);
604 secy_create_receive_sc(participant->kay, rxsc);
606 wpa_printf(MSG_DEBUG, "KaY: Live peer created");
607 ieee802_1x_kay_dump_peer(peer);
614 * ieee802_1x_kay_create_potential_peer
616 static struct ieee802_1x_kay_peer *
617 ieee802_1x_kay_create_potential_peer(
618 struct ieee802_1x_mka_participant *participant, const u8 *mi, u32 mn)
620 struct ieee802_1x_kay_peer *peer;
622 peer = ieee802_1x_kay_create_peer(mi, mn);
626 dl_list_add(&participant->potential_peers, &peer->list);
628 wpa_printf(MSG_DEBUG, "KaY: potential peer created");
629 ieee802_1x_kay_dump_peer(peer);
636 * ieee802_1x_kay_move_live_peer
638 static struct ieee802_1x_kay_peer *
639 ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
642 struct ieee802_1x_kay_peer *peer;
643 struct receive_sc *rxsc;
645 peer = ieee802_1x_kay_get_potential_peer(participant, mi);
649 rxsc = ieee802_1x_kay_init_receive_sc(&participant->current_peer_sci);
653 os_memcpy(&peer->sci, &participant->current_peer_sci,
656 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
658 wpa_printf(MSG_DEBUG, "KaY: move potential peer to live peer");
659 ieee802_1x_kay_dump_peer(peer);
661 dl_list_del(&peer->list);
662 dl_list_add_tail(&participant->live_peers, &peer->list);
664 dl_list_add(&participant->rxsc_list, &rxsc->list);
665 secy_create_receive_sc(participant->kay, rxsc);
673 * ieee802_1x_mka_basic_body_present -
676 ieee802_1x_mka_basic_body_present(
677 struct ieee802_1x_mka_participant *participant)
684 * ieee802_1x_mka_basic_body_length -
687 ieee802_1x_mka_basic_body_length(struct ieee802_1x_mka_participant *participant)
691 length = sizeof(struct ieee802_1x_mka_basic_body);
692 length += participant->ckn.len;
693 return MKA_ALIGN_LENGTH(length);
698 * ieee802_1x_mka_encode_basic_body
701 ieee802_1x_mka_encode_basic_body(
702 struct ieee802_1x_mka_participant *participant,
705 struct ieee802_1x_mka_basic_body *body;
706 struct ieee802_1x_kay *kay = participant->kay;
707 unsigned int length = ieee802_1x_mka_basic_body_length(participant);
709 body = wpabuf_put(buf, length);
711 body->version = kay->mka_version;
712 body->priority = kay->actor_priority;
713 if (participant->is_elected)
714 body->key_server = participant->is_key_server;
716 body->key_server = participant->can_be_key_server;
718 body->macsec_desired = kay->macsec_desired;
719 body->macsec_capability = kay->macsec_capable;
720 set_mka_param_body_len(body, length - MKA_HDR_LEN);
722 os_memcpy(body->actor_sci.addr, kay->actor_sci.addr,
723 sizeof(kay->actor_sci.addr));
724 body->actor_sci.port = kay->actor_sci.port;
726 os_memcpy(body->actor_mi, participant->mi, sizeof(body->actor_mi));
727 participant->mn = participant->mn + 1;
728 body->actor_mn = host_to_be32(participant->mn);
729 os_memcpy(body->algo_agility, kay->algo_agility,
730 sizeof(body->algo_agility));
732 os_memcpy(body->ckn, participant->ckn.name, participant->ckn.len);
734 ieee802_1x_mka_dump_basic_body(body);
741 reset_participant_mi(struct ieee802_1x_mka_participant *participant)
743 if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
752 * ieee802_1x_mka_decode_basic_body -
754 static struct ieee802_1x_mka_participant *
755 ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
758 struct ieee802_1x_mka_participant *participant;
759 const struct ieee802_1x_mka_basic_body *body;
760 struct ieee802_1x_kay_peer *peer;
764 body = (const struct ieee802_1x_mka_basic_body *) mka_msg;
766 if (body->version > MKA_VERSION_ID) {
767 wpa_printf(MSG_DEBUG,
768 "KaY: peer's version(%d) greater than mka current version(%d)",
769 body->version, MKA_VERSION_ID);
771 if (kay->is_obliged_key_server && body->key_server) {
772 wpa_printf(MSG_DEBUG, "I must be as key server");
776 body_len = get_mka_param_body_len(body);
777 if (body_len < sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN) {
778 wpa_printf(MSG_DEBUG, "KaY: Too small body length %zu",
783 (sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN);
784 participant = ieee802_1x_kay_get_participant(kay, body->ckn, ckn_len);
786 wpa_printf(MSG_DEBUG, "Peer is not included in my CA");
790 /* If the peer's MI is my MI, I will choose new MI */
791 if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
792 if (!reset_participant_mi(participant))
796 os_memcpy(participant->current_peer_id.mi, body->actor_mi, MI_LEN);
797 participant->current_peer_id.mn = body->actor_mn;
798 os_memcpy(participant->current_peer_sci.addr, body->actor_sci.addr,
799 sizeof(participant->current_peer_sci.addr));
800 participant->current_peer_sci.port = body->actor_sci.port;
803 peer = ieee802_1x_kay_get_peer(participant, body->actor_mi);
805 /* Check duplicated SCI */
806 /* TODO: What policy should be applied to detect duplicated SCI
807 * is active attacker or a valid peer whose MI is be changed?
809 peer = ieee802_1x_kay_get_peer_sci(participant,
812 wpa_printf(MSG_WARNING,
813 "KaY: duplicated SCI detected, Maybe active attacker");
814 dl_list_del(&peer->list);
818 peer = ieee802_1x_kay_create_potential_peer(
819 participant, body->actor_mi,
820 be_to_host32(body->actor_mn));
824 peer->macsec_desired = body->macsec_desired;
825 peer->macsec_capability = body->macsec_capability;
826 peer->is_key_server = (Boolean) body->key_server;
827 peer->key_server_priority = body->priority;
828 } else if (peer->mn < be_to_host32(body->actor_mn)) {
829 peer->mn = be_to_host32(body->actor_mn);
830 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
831 peer->macsec_desired = body->macsec_desired;
832 peer->macsec_capability = body->macsec_capability;
833 peer->is_key_server = (Boolean) body->key_server;
834 peer->key_server_priority = body->priority;
836 wpa_printf(MSG_WARNING, "KaY: The peer MN have received");
845 * ieee802_1x_mka_live_peer_body_present
848 ieee802_1x_mka_live_peer_body_present(
849 struct ieee802_1x_mka_participant *participant)
851 return !dl_list_empty(&participant->live_peers);
856 * ieee802_1x_kay_get_live_peer_length
859 ieee802_1x_mka_get_live_peer_length(
860 struct ieee802_1x_mka_participant *participant)
862 int len = MKA_HDR_LEN;
863 struct ieee802_1x_kay_peer *peer;
865 dl_list_for_each(peer, &participant->live_peers,
866 struct ieee802_1x_kay_peer, list)
867 len += sizeof(struct ieee802_1x_mka_peer_id);
869 return MKA_ALIGN_LENGTH(len);
874 * ieee802_1x_mka_encode_live_peer_body -
877 ieee802_1x_mka_encode_live_peer_body(
878 struct ieee802_1x_mka_participant *participant,
881 struct ieee802_1x_mka_peer_body *body;
882 struct ieee802_1x_kay_peer *peer;
884 struct ieee802_1x_mka_peer_id *body_peer;
886 length = ieee802_1x_mka_get_live_peer_length(participant);
887 body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
889 body->type = MKA_LIVE_PEER_LIST;
890 set_mka_param_body_len(body, length - MKA_HDR_LEN);
892 dl_list_for_each(peer, &participant->live_peers,
893 struct ieee802_1x_kay_peer, list) {
894 body_peer = wpabuf_put(buf,
895 sizeof(struct ieee802_1x_mka_peer_id));
896 os_memcpy(body_peer->mi, peer->mi, MI_LEN);
897 body_peer->mn = host_to_be32(peer->mn);
900 ieee802_1x_mka_dump_peer_body(body);
905 * ieee802_1x_mka_potential_peer_body_present
908 ieee802_1x_mka_potential_peer_body_present(
909 struct ieee802_1x_mka_participant *participant)
911 return !dl_list_empty(&participant->potential_peers);
916 * ieee802_1x_kay_get_potential_peer_length
919 ieee802_1x_mka_get_potential_peer_length(
920 struct ieee802_1x_mka_participant *participant)
922 int len = MKA_HDR_LEN;
923 struct ieee802_1x_kay_peer *peer;
925 dl_list_for_each(peer, &participant->potential_peers,
926 struct ieee802_1x_kay_peer, list)
927 len += sizeof(struct ieee802_1x_mka_peer_id);
929 return MKA_ALIGN_LENGTH(len);
934 * ieee802_1x_mka_encode_potential_peer_body -
937 ieee802_1x_mka_encode_potential_peer_body(
938 struct ieee802_1x_mka_participant *participant,
941 struct ieee802_1x_mka_peer_body *body;
942 struct ieee802_1x_kay_peer *peer;
944 struct ieee802_1x_mka_peer_id *body_peer;
946 length = ieee802_1x_mka_get_potential_peer_length(participant);
947 body = wpabuf_put(buf, sizeof(struct ieee802_1x_mka_peer_body));
949 body->type = MKA_POTENTIAL_PEER_LIST;
950 set_mka_param_body_len(body, length - MKA_HDR_LEN);
952 dl_list_for_each(peer, &participant->potential_peers,
953 struct ieee802_1x_kay_peer, list) {
954 body_peer = wpabuf_put(buf,
955 sizeof(struct ieee802_1x_mka_peer_id));
956 os_memcpy(body_peer->mi, peer->mi, MI_LEN);
957 body_peer->mn = host_to_be32(peer->mn);
960 ieee802_1x_mka_dump_peer_body(body);
966 * ieee802_1x_mka_i_in_peerlist -
969 ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
970 const u8 *mka_msg, size_t msg_len)
972 struct ieee802_1x_mka_hdr *hdr;
979 for (pos = mka_msg, left_len = msg_len;
980 left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
981 left_len -= body_len + MKA_HDR_LEN,
982 pos += body_len + MKA_HDR_LEN) {
983 hdr = (struct ieee802_1x_mka_hdr *) pos;
984 body_len = get_mka_param_body_len(hdr);
985 body_type = get_mka_param_body_type(hdr);
987 if (left_len < (MKA_HDR_LEN + MKA_ALIGN_LENGTH(body_len) + DEFAULT_ICV_LEN)) {
988 wpa_printf(MSG_ERROR,
989 "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
990 left_len, MKA_HDR_LEN,
991 MKA_ALIGN_LENGTH(body_len),
996 if (body_type != MKA_LIVE_PEER_LIST &&
997 body_type != MKA_POTENTIAL_PEER_LIST)
1000 if ((body_len % 16) != 0) {
1001 wpa_printf(MSG_ERROR,
1002 "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
1007 ieee802_1x_mka_dump_peer_body(
1008 (struct ieee802_1x_mka_peer_body *)pos);
1010 for (i = 0; i < body_len;
1011 i += sizeof(struct ieee802_1x_mka_peer_id)) {
1012 const struct ieee802_1x_mka_peer_id *peer_mi;
1014 peer_mi = (const struct ieee802_1x_mka_peer_id *)
1015 (pos + MKA_HDR_LEN + i);
1016 if (os_memcmp(peer_mi->mi, participant->mi,
1018 be_to_host32(peer_mi->mn) == participant->mn)
1028 * ieee802_1x_mka_decode_live_peer_body -
1030 static int ieee802_1x_mka_decode_live_peer_body(
1031 struct ieee802_1x_mka_participant *participant,
1032 const u8 *peer_msg, size_t msg_len)
1034 const struct ieee802_1x_mka_hdr *hdr;
1035 struct ieee802_1x_kay_peer *peer;
1038 Boolean is_included;
1040 is_included = ieee802_1x_kay_is_in_live_peer(
1041 participant, participant->current_peer_id.mi);
1043 hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
1044 body_len = get_mka_param_body_len(hdr);
1045 if (body_len % 16 != 0) {
1046 wpa_printf(MSG_ERROR,
1047 "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
1052 for (i = 0; i < body_len; i += sizeof(struct ieee802_1x_mka_peer_id)) {
1053 const struct ieee802_1x_mka_peer_id *peer_mi;
1056 peer_mi = (const struct ieee802_1x_mka_peer_id *)
1057 (peer_msg + MKA_HDR_LEN + i);
1058 peer_mn = be_to_host32(peer_mi->mn);
1061 if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
1062 /* My message id is used by other participant */
1063 if (peer_mn > participant->mn &&
1064 !reset_participant_mi(participant))
1065 wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
1072 peer = ieee802_1x_kay_get_peer(participant, peer_mi->mi);
1075 peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
1076 } else if (!ieee802_1x_kay_create_potential_peer(
1077 participant, peer_mi->mi, peer_mn)) {
1087 * ieee802_1x_mka_decode_potential_peer_body -
1090 ieee802_1x_mka_decode_potential_peer_body(
1091 struct ieee802_1x_mka_participant *participant,
1092 const u8 *peer_msg, size_t msg_len)
1094 const struct ieee802_1x_mka_hdr *hdr;
1098 hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
1099 body_len = get_mka_param_body_len(hdr);
1100 if (body_len % 16 != 0) {
1101 wpa_printf(MSG_ERROR,
1102 "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
1107 for (i = 0; i < body_len; i += sizeof(struct ieee802_1x_mka_peer_id)) {
1108 const struct ieee802_1x_mka_peer_id *peer_mi;
1111 peer_mi = (struct ieee802_1x_mka_peer_id *)
1112 (peer_msg + MKA_HDR_LEN + i);
1113 peer_mn = be_to_host32(peer_mi->mn);
1116 if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
1117 /* My message id is used by other participant */
1118 if (peer_mn > participant->mn &&
1119 !reset_participant_mi(participant))
1120 wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
1130 * ieee802_1x_mka_sak_use_body_present
1133 ieee802_1x_mka_sak_use_body_present(
1134 struct ieee802_1x_mka_participant *participant)
1136 return participant->to_use_sak;
1141 * ieee802_1x_mka_get_sak_use_length
1144 ieee802_1x_mka_get_sak_use_length(
1145 struct ieee802_1x_mka_participant *participant)
1147 int length = MKA_HDR_LEN;
1149 if (participant->kay->macsec_desired && participant->advised_desired)
1150 length = sizeof(struct ieee802_1x_mka_sak_use_body);
1152 return MKA_ALIGN_LENGTH(length);
1160 ieee802_1x_mka_get_lpn(struct ieee802_1x_mka_participant *principal,
1161 struct ieee802_1x_mka_ki *ki)
1163 struct receive_sa *rxsa;
1164 struct receive_sc *rxsc;
1167 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
1168 dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
1170 if (is_ki_equal(&rxsa->pkey->key_identifier, ki)) {
1171 secy_get_receive_lowest_pn(principal->kay,
1174 lpn = lpn > rxsa->lowest_pn ?
1175 lpn : rxsa->lowest_pn;
1189 * ieee802_1x_mka_encode_sak_use_body -
1192 ieee802_1x_mka_encode_sak_use_body(
1193 struct ieee802_1x_mka_participant *participant,
1196 struct ieee802_1x_mka_sak_use_body *body;
1197 struct ieee802_1x_kay *kay = participant->kay;
1198 unsigned int length;
1201 length = ieee802_1x_mka_get_sak_use_length(participant);
1202 body = wpabuf_put(buf, length);
1204 body->type = MKA_SAK_USE;
1205 set_mka_param_body_len(body, length - MKA_HDR_LEN);
1207 if (length == MKA_HDR_LEN) {
1213 body->delay_protect = FALSE;
1217 /* data protect, lowest accept packet number */
1218 body->delay_protect = kay->macsec_replay_protect;
1219 pn = ieee802_1x_mka_get_lpn(participant, &participant->lki);
1220 if (pn > kay->pn_exhaustion) {
1221 wpa_printf(MSG_WARNING, "KaY: My LPN exhaustion");
1222 if (participant->is_key_server)
1223 participant->new_sak = TRUE;
1226 body->llpn = host_to_be32(pn);
1227 pn = ieee802_1x_mka_get_lpn(participant, &participant->oki);
1228 body->olpn = host_to_be32(pn);
1230 /* plain tx, plain rx */
1231 body->ptx = !kay->macsec_protect;
1232 body->prx = kay->macsec_validate != Strict;
1234 /* latest key: rx, tx, key server member identifier key number */
1235 body->lan = participant->lan;
1236 os_memcpy(body->lsrv_mi, participant->lki.mi, sizeof(body->lsrv_mi));
1237 body->lkn = host_to_be32(participant->lki.kn);
1238 body->lrx = participant->lrx;
1239 body->ltx = participant->ltx;
1241 /* old key: rx, tx, key server member identifier key number */
1242 body->oan = participant->oan;
1243 if (participant->oki.kn != participant->lki.kn &&
1244 participant->oki.kn != 0) {
1247 os_memcpy(body->osrv_mi, participant->oki.mi,
1248 sizeof(body->osrv_mi));
1249 body->okn = host_to_be32(participant->oki.kn);
1255 /* set CP's variable */
1257 kay->tx_enable = TRUE;
1258 kay->port_enable = TRUE;
1261 kay->rx_enable = TRUE;
1263 ieee802_1x_mka_dump_sak_use_body(body);
1269 * ieee802_1x_mka_decode_sak_use_body -
1272 ieee802_1x_mka_decode_sak_use_body(
1273 struct ieee802_1x_mka_participant *participant,
1274 const u8 *mka_msg, size_t msg_len)
1276 struct ieee802_1x_mka_hdr *hdr;
1277 struct ieee802_1x_mka_sak_use_body *body;
1278 struct ieee802_1x_kay_peer *peer;
1279 struct transmit_sa *txsa;
1280 struct data_key *sa_key = NULL;
1282 struct ieee802_1x_mka_ki ki;
1284 Boolean all_receiving;
1286 struct ieee802_1x_kay *kay = participant->kay;
1288 if (!participant->principal) {
1289 wpa_printf(MSG_WARNING, "KaY: Participant is not principal");
1292 peer = ieee802_1x_kay_get_live_peer(participant,
1293 participant->current_peer_id.mi);
1295 wpa_printf(MSG_WARNING, "KaY: the peer is not my live peer");
1299 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1300 body_len = get_mka_param_body_len(hdr);
1301 body = (struct ieee802_1x_mka_sak_use_body *) mka_msg;
1302 ieee802_1x_mka_dump_sak_use_body(body);
1304 if ((body_len != 0) && (body_len < 40)) {
1305 wpa_printf(MSG_ERROR,
1306 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 40, or more octets",
1311 /* TODO: what action should I take when peer does not support MACsec */
1312 if (body_len == 0) {
1313 wpa_printf(MSG_WARNING, "KaY: Peer does not support MACsec");
1317 /* TODO: when the plain tx or rx of peer is true, should I change
1318 * the attribute of controlled port
1321 wpa_printf(MSG_WARNING, "KaY: peer's plain rx are TRUE");
1324 wpa_printf(MSG_WARNING, "KaY: peer's plain tx are TRUE");
1326 /* check latest key is valid */
1327 if (body->ltx || body->lrx) {
1329 os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi));
1330 ki.kn = be_to_host32(body->lkn);
1331 dl_list_for_each(sa_key, &participant->sak_list,
1332 struct data_key, list) {
1333 if (is_ki_equal(&sa_key->key_identifier, &ki)) {
1339 wpa_printf(MSG_WARNING, "KaY: Latest key is invalid");
1342 if (os_memcmp(participant->lki.mi, body->lsrv_mi,
1343 sizeof(participant->lki.mi)) == 0 &&
1344 be_to_host32(body->lkn) == participant->lki.kn &&
1345 body->lan == participant->lan) {
1346 peer->sak_used = TRUE;
1348 if (body->ltx && peer->is_key_server) {
1349 ieee802_1x_cp_set_servertransmitting(kay->cp, TRUE);
1350 ieee802_1x_cp_sm_step(kay->cp);
1354 /* check old key is valid (but only if we remember our old key) */
1355 if (participant->oki.kn != 0 && (body->otx || body->orx)) {
1356 if (os_memcmp(participant->oki.mi, body->osrv_mi,
1357 sizeof(participant->oki.mi)) != 0 ||
1358 be_to_host32(body->okn) != participant->oki.kn ||
1359 body->oan != participant->oan) {
1360 wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
1365 /* TODO: how to set the MACsec hardware when delay_protect is true */
1366 if (body->delay_protect &&
1367 (!be_to_host32(body->llpn) || !be_to_host32(body->olpn))) {
1368 wpa_printf(MSG_WARNING,
1369 "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
1373 /* check all live peer have used the sak for receiving sa */
1374 all_receiving = TRUE;
1375 dl_list_for_each(peer, &participant->live_peers,
1376 struct ieee802_1x_kay_peer, list) {
1377 if (!peer->sak_used) {
1378 all_receiving = FALSE;
1382 if (all_receiving) {
1383 participant->to_dist_sak = FALSE;
1384 ieee802_1x_cp_set_allreceiving(kay->cp, TRUE);
1385 ieee802_1x_cp_sm_step(kay->cp);
1388 /* if i'm key server, and detects peer member pn exhaustion, rekey.*/
1389 lpn = be_to_host32(body->llpn);
1390 if (lpn > kay->pn_exhaustion) {
1391 if (participant->is_key_server) {
1392 participant->new_sak = TRUE;
1393 wpa_printf(MSG_WARNING, "KaY: Peer LPN exhaustion");
1398 dl_list_for_each(txsa, &participant->txsc->sa_list,
1399 struct transmit_sa, list) {
1400 if (sa_key != NULL && txsa->pkey == sa_key) {
1406 wpa_printf(MSG_WARNING, "KaY: Can't find txsa");
1410 /* FIXME: Secy creates txsa with default npn. If MKA detected Latest Key
1411 * npn is larger than txsa's npn, set it to txsa.
1413 secy_get_transmit_next_pn(kay, txsa);
1414 if (lpn > txsa->next_pn) {
1415 secy_set_transmit_next_pn(kay, txsa);
1416 wpa_printf(MSG_INFO, "KaY: update lpn =0x%x", lpn);
1424 * ieee802_1x_mka_dist_sak_body_present
1427 ieee802_1x_mka_dist_sak_body_present(
1428 struct ieee802_1x_mka_participant *participant)
1430 return participant->to_dist_sak && participant->new_key;
1435 * ieee802_1x_kay_get_dist_sak_length
1438 ieee802_1x_mka_get_dist_sak_length(
1439 struct ieee802_1x_mka_participant *participant)
1441 int length = MKA_HDR_LEN;
1442 unsigned int cs_index = participant->kay->macsec_csindex;
1444 if (participant->advised_desired && cs_index < CS_TABLE_SIZE) {
1445 length = sizeof(struct ieee802_1x_mka_dist_sak_body);
1446 if (cs_index != DEFAULT_CS_INDEX)
1447 length += CS_ID_LEN;
1449 length += cipher_suite_tbl[cs_index].sak_len + 8;
1452 return MKA_ALIGN_LENGTH(length);
1457 * ieee802_1x_mka_encode_dist_sak_body -
1460 ieee802_1x_mka_encode_dist_sak_body(
1461 struct ieee802_1x_mka_participant *participant,
1464 struct ieee802_1x_mka_dist_sak_body *body;
1465 struct data_key *sak;
1466 unsigned int length;
1467 unsigned int cs_index;
1470 length = ieee802_1x_mka_get_dist_sak_length(participant);
1471 body = wpabuf_put(buf, length);
1472 body->type = MKA_DISTRIBUTED_SAK;
1473 set_mka_param_body_len(body, length - MKA_HDR_LEN);
1474 if (length == MKA_HDR_LEN) {
1475 body->confid_offset = 0;
1480 sak = participant->new_key;
1481 body->confid_offset = sak->confidentiality_offset;
1482 body->dan = sak->an;
1483 body->kn = host_to_be32(sak->key_identifier.kn);
1484 cs_index = participant->kay->macsec_csindex;
1486 if (cs_index >= CS_TABLE_SIZE)
1488 if (cs_index != DEFAULT_CS_INDEX) {
1491 cs = host_to_be64(cipher_suite_tbl[cs_index].id);
1492 os_memcpy(body->sak, &cs, CS_ID_LEN);
1493 sak_pos = CS_ID_LEN;
1495 if (aes_wrap(participant->kek.key, 16,
1496 cipher_suite_tbl[cs_index].sak_len / 8,
1497 sak->key, body->sak + sak_pos)) {
1498 wpa_printf(MSG_ERROR, "KaY: AES wrap failed");
1502 ieee802_1x_mka_dump_dist_sak_body(body);
1509 * ieee802_1x_kay_init_data_key -
1511 static void ieee802_1x_kay_init_data_key(struct data_key *pkey)
1513 pkey->transmits = TRUE;
1514 pkey->receives = TRUE;
1515 os_get_time(&pkey->created_time);
1522 * ieee802_1x_kay_decode_dist_sak_body -
1525 ieee802_1x_mka_decode_dist_sak_body(
1526 struct ieee802_1x_mka_participant *participant,
1527 const u8 *mka_msg, size_t msg_len)
1529 struct ieee802_1x_mka_hdr *hdr;
1530 struct ieee802_1x_mka_dist_sak_body *body;
1531 struct ieee802_1x_kay_peer *peer;
1532 struct macsec_ciphersuite *cs;
1534 struct data_key *sa_key = NULL;
1538 struct ieee802_1x_kay *kay = participant->kay;
1540 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1541 body_len = get_mka_param_body_len(hdr);
1542 if ((body_len != 0) && (body_len != 28) && (body_len < 36)) {
1543 wpa_printf(MSG_ERROR,
1544 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 28, 36, or more octets",
1549 if (!participant->principal) {
1550 wpa_printf(MSG_ERROR,
1551 "KaY: I can't accept the distributed SAK as I am not principal");
1554 if (participant->is_key_server) {
1555 wpa_printf(MSG_ERROR,
1556 "KaY: I can't accept the distributed SAK as myself is key server ");
1559 if (!kay->macsec_desired ||
1560 kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
1561 wpa_printf(MSG_ERROR,
1562 "KaY: I am not MACsec-desired or without MACsec capable");
1566 peer = ieee802_1x_kay_get_live_peer(participant,
1567 participant->current_peer_id.mi);
1569 wpa_printf(MSG_ERROR,
1570 "KaY: The key server is not in my live peers list");
1573 if (!sci_equal(&kay->key_server_sci, &peer->sci)) {
1574 wpa_printf(MSG_ERROR, "KaY: The key server is not elected");
1578 if (body_len == 0) {
1579 kay->authenticated = TRUE;
1580 kay->secured = FALSE;
1581 kay->failed = FALSE;
1582 participant->advised_desired = FALSE;
1583 ieee802_1x_cp_connect_authenticated(kay->cp);
1584 ieee802_1x_cp_sm_step(kay->cp);
1585 wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
1586 participant->to_use_sak = FALSE;
1590 participant->advised_desired = TRUE;
1591 kay->authenticated = FALSE;
1592 kay->secured = TRUE;
1593 kay->failed = FALSE;
1594 ieee802_1x_cp_connect_secure(kay->cp);
1595 ieee802_1x_cp_sm_step(kay->cp);
1597 body = (struct ieee802_1x_mka_dist_sak_body *)mka_msg;
1598 ieee802_1x_mka_dump_dist_sak_body(body);
1599 dl_list_for_each(sa_key, &participant->sak_list, struct data_key, list)
1601 if (os_memcmp(sa_key->key_identifier.mi,
1602 participant->current_peer_id.mi, MI_LEN) == 0 &&
1603 sa_key->key_identifier.kn == be_to_host32(body->kn)) {
1604 wpa_printf(MSG_WARNING, "KaY:The Key has installed");
1609 if (body_len == 28) {
1610 sak_len = DEFAULT_SA_KEY_LEN;
1611 wrap_sak = body->sak;
1612 kay->macsec_csindex = DEFAULT_CS_INDEX;
1613 cs = &cipher_suite_tbl[kay->macsec_csindex];
1615 cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak);
1617 wpa_printf(MSG_ERROR,
1618 "KaY: I can't support the Cipher Suite advised by key server");
1621 sak_len = cs->sak_len;
1622 wrap_sak = body->sak + CS_ID_LEN;
1623 kay->macsec_csindex = cs->index;
1626 unwrap_sak = os_zalloc(sak_len);
1628 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1631 if (aes_unwrap(participant->kek.key, 16, sak_len >> 3, wrap_sak,
1633 wpa_printf(MSG_ERROR, "KaY: AES unwrap failed");
1634 os_free(unwrap_sak);
1637 wpa_hexdump_key(MSG_DEBUG, "\tAES Key Unwrap of SAK:",
1638 unwrap_sak, sak_len);
1640 sa_key = os_zalloc(sizeof(*sa_key));
1642 os_free(unwrap_sak);
1646 os_memcpy(&sa_key->key_identifier.mi, &participant->current_peer_id.mi,
1648 sa_key->key_identifier.kn = be_to_host32(body->kn);
1650 sa_key->key = unwrap_sak;
1651 sa_key->key_len = sak_len;
1653 sa_key->confidentiality_offset = body->confid_offset;
1654 sa_key->an = body->dan;
1655 ieee802_1x_kay_init_data_key(sa_key);
1657 ieee802_1x_kay_use_data_key(sa_key);
1658 dl_list_add(&participant->sak_list, &sa_key->list);
1660 ieee802_1x_cp_set_ciphersuite(kay->cp, cs->id);
1661 ieee802_1x_cp_sm_step(kay->cp);
1662 ieee802_1x_cp_set_offset(kay->cp, body->confid_offset);
1663 ieee802_1x_cp_sm_step(kay->cp);
1664 ieee802_1x_cp_set_distributedki(kay->cp, &sa_key->key_identifier);
1665 ieee802_1x_cp_set_distributedan(kay->cp, body->dan);
1666 ieee802_1x_cp_signal_newsak(kay->cp);
1667 ieee802_1x_cp_sm_step(kay->cp);
1670 participant->to_use_sak = TRUE;
1677 * ieee802_1x_mka_icv_body_present
1680 ieee802_1x_mka_icv_body_present(struct ieee802_1x_mka_participant *participant)
1687 * ieee802_1x_kay_get_icv_length
1690 ieee802_1x_mka_get_icv_length(struct ieee802_1x_mka_participant *participant)
1694 length = sizeof(struct ieee802_1x_mka_icv_body);
1695 length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
1697 return MKA_ALIGN_LENGTH(length);
1702 * ieee802_1x_mka_encode_icv_body -
1705 ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
1708 struct ieee802_1x_mka_icv_body *body;
1709 unsigned int length;
1710 u8 cmac[MAX_ICV_LEN];
1712 length = ieee802_1x_mka_get_icv_length(participant);
1713 if (length != DEFAULT_ICV_LEN) {
1714 body = wpabuf_put(buf, MKA_HDR_LEN);
1715 body->type = MKA_ICV_INDICATOR;
1716 set_mka_param_body_len(body, length - MKA_HDR_LEN);
1719 if (mka_alg_tbl[participant->kay->mka_algindex].icv_hash(
1720 participant->ick.key, wpabuf_head(buf), buf->used, cmac)) {
1721 wpa_printf(MSG_ERROR, "KaY, omac1_aes_128 failed");
1725 if (length != DEFAULT_ICV_LEN)
1726 length -= MKA_HDR_LEN;
1727 os_memcpy(wpabuf_put(buf, length), cmac, length);
1733 * ieee802_1x_mka_decode_icv_body -
1736 ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
1737 const u8 *mka_msg, size_t msg_len)
1739 struct ieee802_1x_mka_hdr *hdr;
1740 struct ieee802_1x_mka_icv_body *body;
1748 while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
1749 hdr = (struct ieee802_1x_mka_hdr *) pos;
1750 body_len = get_mka_param_body_len(hdr);
1751 body_type = get_mka_param_body_type(hdr);
1753 if (left_len < (body_len + MKA_HDR_LEN))
1756 if (body_type != MKA_ICV_INDICATOR) {
1757 left_len -= MKA_HDR_LEN + body_len;
1758 pos += MKA_HDR_LEN + body_len;
1762 body = (struct ieee802_1x_mka_icv_body *)pos;
1764 < mka_alg_tbl[participant->kay->mka_algindex].icv_len) {
1771 return (u8 *) (mka_msg + msg_len - DEFAULT_ICV_LEN);
1776 * ieee802_1x_mka_decode_dist_cak_body-
1779 ieee802_1x_mka_decode_dist_cak_body(
1780 struct ieee802_1x_mka_participant *participant,
1781 const u8 *mka_msg, size_t msg_len)
1783 struct ieee802_1x_mka_hdr *hdr;
1786 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1787 body_len = get_mka_param_body_len(hdr);
1788 if (body_len < 28) {
1789 wpa_printf(MSG_ERROR,
1790 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 28 or more octets",
1800 * ieee802_1x_mka_decode_kmd_body -
1803 ieee802_1x_mka_decode_kmd_body(
1804 struct ieee802_1x_mka_participant *participant,
1805 const u8 *mka_msg, size_t msg_len)
1807 struct ieee802_1x_mka_hdr *hdr;
1810 hdr = (struct ieee802_1x_mka_hdr *) mka_msg;
1811 body_len = get_mka_param_body_len(hdr);
1813 wpa_printf(MSG_ERROR,
1814 "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 5 or more octets",
1824 * ieee802_1x_mka_decode_announce_body -
1826 static int ieee802_1x_mka_decode_announce_body(
1827 struct ieee802_1x_mka_participant *participant,
1828 const u8 *mka_msg, size_t msg_len)
1834 struct mka_param_body_handler {
1835 int (*body_tx)(struct ieee802_1x_mka_participant *participant,
1836 struct wpabuf *buf);
1837 int (*body_rx)(struct ieee802_1x_mka_participant *participant,
1838 const u8 *mka_msg, size_t msg_len);
1839 int (*body_length)(struct ieee802_1x_mka_participant *participant);
1840 Boolean (*body_present)(struct ieee802_1x_mka_participant *participant);
1844 static struct mka_param_body_handler mka_body_handler[] = {
1845 /* basic parameter set */
1847 .body_tx = ieee802_1x_mka_encode_basic_body,
1849 .body_length = ieee802_1x_mka_basic_body_length,
1850 .body_present = ieee802_1x_mka_basic_body_present
1853 /* live peer list parameter set */
1855 .body_tx = ieee802_1x_mka_encode_live_peer_body,
1856 .body_rx = ieee802_1x_mka_decode_live_peer_body,
1857 .body_length = ieee802_1x_mka_get_live_peer_length,
1858 .body_present = ieee802_1x_mka_live_peer_body_present
1861 /* potential peer list parameter set */
1863 .body_tx = ieee802_1x_mka_encode_potential_peer_body,
1864 .body_rx = ieee802_1x_mka_decode_potential_peer_body,
1865 .body_length = ieee802_1x_mka_get_potential_peer_length,
1866 .body_present = ieee802_1x_mka_potential_peer_body_present
1869 /* sak use parameter set */
1871 .body_tx = ieee802_1x_mka_encode_sak_use_body,
1872 .body_rx = ieee802_1x_mka_decode_sak_use_body,
1873 .body_length = ieee802_1x_mka_get_sak_use_length,
1874 .body_present = ieee802_1x_mka_sak_use_body_present
1877 /* distribute sak parameter set */
1879 .body_tx = ieee802_1x_mka_encode_dist_sak_body,
1880 .body_rx = ieee802_1x_mka_decode_dist_sak_body,
1881 .body_length = ieee802_1x_mka_get_dist_sak_length,
1882 .body_present = ieee802_1x_mka_dist_sak_body_present
1885 /* distribute cak parameter set */
1888 .body_rx = ieee802_1x_mka_decode_dist_cak_body,
1889 .body_length = NULL,
1890 .body_present = NULL
1893 /* kmd parameter set */
1896 .body_rx = ieee802_1x_mka_decode_kmd_body,
1897 .body_length = NULL,
1898 .body_present = NULL
1901 /* announce parameter set */
1904 .body_rx = ieee802_1x_mka_decode_announce_body,
1905 .body_length = NULL,
1906 .body_present = NULL
1909 /* icv parameter set */
1911 .body_tx = ieee802_1x_mka_encode_icv_body,
1913 .body_length = ieee802_1x_mka_get_icv_length,
1914 .body_present = ieee802_1x_mka_icv_body_present
1920 * ieee802_1x_kay_use_data_key - Take reference on a key
1922 static void ieee802_1x_kay_use_data_key(struct data_key *pkey)
1929 * ieee802_1x_kay_deinit_data_key - Release reference on a key and
1930 * free if there are no remaining users
1932 static void ieee802_1x_kay_deinit_data_key(struct data_key *pkey)
1947 * ieee802_1x_kay_generate_new_sak -
1950 ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
1952 struct data_key *sa_key = NULL;
1953 struct ieee802_1x_kay_peer *peer;
1954 struct ieee802_1x_kay *kay = participant->kay;
1955 int ctx_len, ctx_offset;
1957 unsigned int key_len;
1959 struct macsec_ciphersuite *cs;
1961 /* check condition for generating a fresh SAK:
1962 * must have one live peer
1963 * and MKA life time elapse since last distribution
1964 * or potential peer is empty
1966 if (dl_list_empty(&participant->live_peers)) {
1967 wpa_printf(MSG_ERROR,
1968 "KaY: Live peers list must not empty when generating fresh SAK");
1972 /* FIXME: A fresh SAK not generated until
1973 * the live peer list contains at least one peer and
1974 * MKA life time has elapsed since the prior SAK was first distributed,
1975 * or the Key server's potential peer is empty
1976 * but I can't understand the second item, so
1977 * here only check first item and ingore
1978 * && (!dl_list_empty(&participant->potential_peers))) {
1980 if ((time(NULL) - kay->dist_time) < MKA_LIFE_TIME / 1000) {
1981 wpa_printf(MSG_ERROR,
1982 "KaY: Life time have not elapsed since prior SAK distributed");
1986 cs = &cipher_suite_tbl[kay->macsec_csindex];
1987 key_len = cs->sak_len;
1988 key = os_zalloc(key_len);
1990 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
1994 ctx_len = key_len + sizeof(kay->dist_kn);
1995 dl_list_for_each(peer, &participant->live_peers,
1996 struct ieee802_1x_kay_peer, list)
1997 ctx_len += sizeof(peer->mi);
1998 ctx_len += sizeof(participant->mi);
2000 context = os_zalloc(ctx_len);
2005 if (os_get_random(context + ctx_offset, key_len) < 0)
2008 ctx_offset += key_len;
2009 dl_list_for_each(peer, &participant->live_peers,
2010 struct ieee802_1x_kay_peer, list) {
2011 os_memcpy(context + ctx_offset, peer->mi, sizeof(peer->mi));
2012 ctx_offset += sizeof(peer->mi);
2014 os_memcpy(context + ctx_offset, participant->mi,
2015 sizeof(participant->mi));
2016 ctx_offset += sizeof(participant->mi);
2017 os_memcpy(context + ctx_offset, &kay->dist_kn, sizeof(kay->dist_kn));
2019 if (key_len == 16) {
2020 ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
2021 context, ctx_len, key);
2022 } else if (key_len == 32) {
2023 ieee802_1x_sak_128bits_aes_cmac(participant->cak.key,
2024 context, ctx_len, key);
2026 wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
2029 wpa_hexdump_key(MSG_DEBUG, "KaY: generated new SAK", key, key_len);
2033 sa_key = os_zalloc(sizeof(*sa_key));
2035 wpa_printf(MSG_ERROR, "KaY-%s: Out of memory", __func__);
2040 sa_key->key_len = key_len;
2041 os_memcpy(sa_key->key_identifier.mi, participant->mi, MI_LEN);
2042 sa_key->key_identifier.kn = kay->dist_kn;
2044 sa_key->confidentiality_offset = kay->macsec_confidentiality;
2045 sa_key->an = kay->dist_an;
2046 ieee802_1x_kay_init_data_key(sa_key);
2048 participant->new_key = sa_key;
2050 ieee802_1x_kay_use_data_key(sa_key);
2051 dl_list_add(&participant->sak_list, &sa_key->list);
2053 ieee802_1x_cp_set_ciphersuite(kay->cp, cs->id);
2054 ieee802_1x_cp_sm_step(kay->cp);
2055 ieee802_1x_cp_set_offset(kay->cp, kay->macsec_confidentiality);
2056 ieee802_1x_cp_sm_step(kay->cp);
2057 ieee802_1x_cp_set_distributedki(kay->cp, &sa_key->key_identifier);
2058 ieee802_1x_cp_set_distributedan(kay->cp, sa_key->an);
2059 ieee802_1x_cp_signal_newsak(kay->cp);
2060 ieee802_1x_cp_sm_step(kay->cp);
2062 dl_list_for_each(peer, &participant->live_peers,
2063 struct ieee802_1x_kay_peer, list)
2064 peer->sak_used = FALSE;
2068 if (kay->dist_an > 3)
2071 kay->dist_time = time(NULL);
2082 static int compare_priorities(const struct ieee802_1x_kay_peer *peer,
2083 const struct ieee802_1x_kay_peer *other)
2085 if (peer->key_server_priority < other->key_server_priority)
2087 if (other->key_server_priority < peer->key_server_priority)
2090 return os_memcmp(peer->sci.addr, other->sci.addr, ETH_ALEN);
2095 * ieee802_1x_kay_elect_key_server - elect the key server
2096 * when to elect: whenever the live peers list changes
2099 ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
2101 struct ieee802_1x_kay_peer *peer;
2102 struct ieee802_1x_kay_peer *key_server = NULL;
2103 struct ieee802_1x_kay *kay = participant->kay;
2104 Boolean i_is_key_server;
2105 int priority_comparison;
2107 if (participant->is_obliged_key_server) {
2108 participant->new_sak = TRUE;
2109 participant->to_dist_sak = FALSE;
2110 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2114 /* elect the key server among the peers */
2115 dl_list_for_each(peer, &participant->live_peers,
2116 struct ieee802_1x_kay_peer, list) {
2117 if (!peer->is_key_server)
2125 if (compare_priorities(peer, key_server) < 0)
2129 /* elect the key server between me and the above elected peer */
2130 i_is_key_server = FALSE;
2131 if (key_server && participant->can_be_key_server) {
2132 struct ieee802_1x_kay_peer tmp;
2134 tmp.key_server_priority = kay->actor_priority;
2135 os_memcpy(&tmp.sci, &kay->actor_sci, sizeof(tmp.sci));
2136 priority_comparison = compare_priorities(&tmp, key_server);
2137 if (priority_comparison < 0) {
2138 i_is_key_server = TRUE;
2139 } else if (priority_comparison == 0) {
2140 wpa_printf(MSG_WARNING,
2141 "KaY: Cannot elect key server between me and peer, duplicate MAC detected");
2144 } else if (participant->can_be_key_server) {
2145 i_is_key_server = TRUE;
2148 if (i_is_key_server) {
2149 ieee802_1x_cp_set_electedself(kay->cp, TRUE);
2150 if (!sci_equal(&kay->key_server_sci, &kay->actor_sci)) {
2151 ieee802_1x_cp_signal_chgdserver(kay->cp);
2152 ieee802_1x_cp_sm_step(kay->cp);
2155 participant->is_key_server = TRUE;
2156 participant->principal = TRUE;
2157 participant->new_sak = TRUE;
2158 wpa_printf(MSG_DEBUG, "KaY: I is elected as key server");
2159 participant->to_dist_sak = FALSE;
2160 participant->is_elected = TRUE;
2162 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
2163 sizeof(kay->key_server_sci));
2164 kay->key_server_priority = kay->actor_priority;
2165 } else if (key_server) {
2166 ieee802_1x_cp_set_electedself(kay->cp, FALSE);
2167 if (!sci_equal(&kay->key_server_sci, &key_server->sci)) {
2168 ieee802_1x_cp_signal_chgdserver(kay->cp);
2169 ieee802_1x_cp_sm_step(kay->cp);
2172 participant->is_key_server = FALSE;
2173 participant->principal = TRUE;
2174 participant->is_elected = TRUE;
2176 os_memcpy(&kay->key_server_sci, &key_server->sci,
2177 sizeof(kay->key_server_sci));
2178 kay->key_server_priority = key_server->key_server_priority;
2180 participant->principal = FALSE;
2181 participant->is_key_server = FALSE;
2182 participant->is_elected = FALSE;
2190 * ieee802_1x_kay_decide_macsec_use - the key server determinate
2191 * how to use MACsec: whether use MACsec and its capability
2192 * protectFrames will be advised if the key server and one of its live peers are
2193 * MACsec capable and one of those request MACsec protection
2196 ieee802_1x_kay_decide_macsec_use(
2197 struct ieee802_1x_mka_participant *participant)
2199 struct ieee802_1x_kay *kay = participant->kay;
2200 struct ieee802_1x_kay_peer *peer;
2201 enum macsec_cap less_capability;
2204 if (!participant->is_key_server)
2207 /* key server self is MACsec-desired and requesting MACsec */
2208 if (!kay->macsec_desired) {
2209 participant->advised_desired = FALSE;
2212 if (kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
2213 participant->advised_desired = FALSE;
2216 less_capability = kay->macsec_capable;
2218 /* at least one of peers is MACsec-desired and requesting MACsec */
2220 dl_list_for_each(peer, &participant->live_peers,
2221 struct ieee802_1x_kay_peer, list) {
2222 if (!peer->macsec_desired)
2225 if (peer->macsec_capability == MACSEC_CAP_NOT_IMPLEMENTED)
2228 less_capability = (less_capability < peer->macsec_capability) ?
2229 less_capability : peer->macsec_capability;
2234 participant->advised_desired = TRUE;
2235 participant->advised_capability = less_capability;
2236 kay->authenticated = FALSE;
2237 kay->secured = TRUE;
2238 kay->failed = FALSE;
2239 ieee802_1x_cp_connect_secure(kay->cp);
2240 ieee802_1x_cp_sm_step(kay->cp);
2242 participant->advised_desired = FALSE;
2243 participant->advised_capability = MACSEC_CAP_NOT_IMPLEMENTED;
2244 participant->to_use_sak = FALSE;
2245 kay->authenticated = TRUE;
2246 kay->secured = FALSE;
2247 kay->failed = FALSE;
2256 ieee802_1x_cp_connect_authenticated(kay->cp);
2257 ieee802_1x_cp_sm_step(kay->cp);
2263 static const u8 pae_group_addr[ETH_ALEN] = {
2264 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03
2269 * ieee802_1x_kay_encode_mkpdu -
2272 ieee802_1x_kay_encode_mkpdu(struct ieee802_1x_mka_participant *participant,
2273 struct wpabuf *pbuf)
2276 struct ieee8023_hdr *ether_hdr;
2277 struct ieee802_1x_hdr *eapol_hdr;
2279 ether_hdr = wpabuf_put(pbuf, sizeof(*ether_hdr));
2280 os_memcpy(ether_hdr->dest, pae_group_addr, sizeof(ether_hdr->dest));
2281 os_memcpy(ether_hdr->src, participant->kay->actor_sci.addr,
2282 sizeof(ether_hdr->dest));
2283 ether_hdr->ethertype = host_to_be16(ETH_P_EAPOL);
2285 eapol_hdr = wpabuf_put(pbuf, sizeof(*eapol_hdr));
2286 eapol_hdr->version = EAPOL_VERSION;
2287 eapol_hdr->type = IEEE802_1X_TYPE_EAPOL_MKA;
2288 eapol_hdr->length = host_to_be16(pbuf->size - pbuf->used);
2290 for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) {
2291 if (mka_body_handler[i].body_present &&
2292 mka_body_handler[i].body_present(participant)) {
2293 if (mka_body_handler[i].body_tx(participant, pbuf))
2302 * ieee802_1x_participant_send_mkpdu -
2305 ieee802_1x_participant_send_mkpdu(
2306 struct ieee802_1x_mka_participant *participant)
2309 struct ieee802_1x_kay *kay = participant->kay;
2313 wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU");
2314 length += sizeof(struct ieee802_1x_hdr) + sizeof(struct ieee8023_hdr);
2315 for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) {
2316 if (mka_body_handler[i].body_present &&
2317 mka_body_handler[i].body_present(participant))
2318 length += mka_body_handler[i].body_length(participant);
2321 buf = wpabuf_alloc(length);
2323 wpa_printf(MSG_ERROR, "KaY: out of memory");
2327 if (ieee802_1x_kay_encode_mkpdu(participant, buf)) {
2328 wpa_printf(MSG_ERROR, "KaY: encode mkpdu fail!");
2332 l2_packet_send(kay->l2_mka, NULL, 0, wpabuf_head(buf), wpabuf_len(buf));
2336 participant->active = TRUE;
2342 static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa);
2344 static void ieee802_1x_delete_transmit_sa(struct ieee802_1x_kay *kay,
2345 struct transmit_sa *sa)
2347 secy_disable_transmit_sa(kay, sa);
2348 secy_delete_transmit_sa(kay, sa);
2349 ieee802_1x_kay_deinit_transmit_sa(sa);
2354 * ieee802_1x_participant_timer -
2356 static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
2358 struct ieee802_1x_mka_participant *participant;
2359 struct ieee802_1x_kay *kay;
2360 struct ieee802_1x_kay_peer *peer, *pre_peer;
2361 time_t now = time(NULL);
2363 struct receive_sc *rxsc, *pre_rxsc;
2364 struct transmit_sa *txsa, *pre_txsa;
2366 participant = (struct ieee802_1x_mka_participant *)eloop_ctx;
2367 kay = participant->kay;
2368 if (participant->cak_life) {
2369 if (now > participant->cak_life)
2373 /* should delete MKA instance if there are not live peers
2374 * when the MKA life elapsed since its creating */
2375 if (participant->mka_life) {
2376 if (dl_list_empty(&participant->live_peers)) {
2377 if (now > participant->mka_life)
2380 participant->mka_life = 0;
2385 dl_list_for_each_safe(peer, pre_peer, &participant->live_peers,
2386 struct ieee802_1x_kay_peer, list) {
2387 if (now > peer->expire) {
2388 wpa_printf(MSG_DEBUG, "KaY: Live peer removed");
2389 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
2391 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
2392 dl_list_for_each_safe(rxsc, pre_rxsc,
2393 &participant->rxsc_list,
2394 struct receive_sc, list) {
2395 if (sci_equal(&rxsc->sci, &peer->sci)) {
2396 ieee802_1x_kay_deinit_receive_sc(
2400 dl_list_del(&peer->list);
2407 if (dl_list_empty(&participant->live_peers)) {
2408 participant->advised_desired = FALSE;
2409 participant->advised_capability =
2410 MACSEC_CAP_NOT_IMPLEMENTED;
2411 participant->to_use_sak = FALSE;
2412 participant->ltx = FALSE;
2413 participant->lrx = FALSE;
2414 participant->otx = FALSE;
2415 participant->orx = FALSE;
2416 participant->is_key_server = FALSE;
2417 participant->is_elected = FALSE;
2418 kay->authenticated = FALSE;
2419 kay->secured = FALSE;
2420 kay->failed = FALSE;
2429 dl_list_for_each_safe(txsa, pre_txsa,
2430 &participant->txsc->sa_list,
2431 struct transmit_sa, list) {
2432 ieee802_1x_delete_transmit_sa(kay, txsa);
2435 ieee802_1x_cp_connect_pending(kay->cp);
2436 ieee802_1x_cp_sm_step(kay->cp);
2438 ieee802_1x_kay_elect_key_server(participant);
2439 ieee802_1x_kay_decide_macsec_use(participant);
2443 dl_list_for_each_safe(peer, pre_peer, &participant->potential_peers,
2444 struct ieee802_1x_kay_peer, list) {
2445 if (now > peer->expire) {
2446 wpa_printf(MSG_DEBUG, "KaY: Potential peer removed");
2447 wpa_hexdump(MSG_DEBUG, "\tMI: ", peer->mi,
2449 wpa_printf(MSG_DEBUG, "\tMN: %d", peer->mn);
2450 dl_list_del(&peer->list);
2455 if (participant->new_sak) {
2456 if (!ieee802_1x_kay_generate_new_sak(participant))
2457 participant->to_dist_sak = TRUE;
2459 participant->new_sak = FALSE;
2462 if (participant->retry_count < MAX_RETRY_CNT ||
2463 participant->mode == PSK) {
2464 ieee802_1x_participant_send_mkpdu(participant);
2465 participant->retry_count++;
2468 eloop_register_timeout(MKA_HELLO_TIME / 1000, 0,
2469 ieee802_1x_participant_timer,
2475 kay->authenticated = FALSE;
2476 kay->secured = FALSE;
2478 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
2483 * ieee802_1x_kay_init_transmit_sa -
2485 static struct transmit_sa *
2486 ieee802_1x_kay_init_transmit_sa(struct transmit_sc *psc, u8 an, u32 next_PN,
2487 struct data_key *key)
2489 struct transmit_sa *psa;
2491 key->tx_latest = TRUE;
2492 key->rx_latest = TRUE;
2494 psa = os_zalloc(sizeof(*psa));
2496 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
2500 if (key->confidentiality_offset >= CONFIDENTIALITY_OFFSET_0 &&
2501 key->confidentiality_offset <= CONFIDENTIALITY_OFFSET_50)
2502 psa->confidentiality = TRUE;
2504 psa->confidentiality = FALSE;
2507 ieee802_1x_kay_use_data_key(key);
2509 psa->next_pn = next_PN;
2512 os_get_time(&psa->created_time);
2513 psa->in_use = FALSE;
2515 dl_list_add(&psc->sa_list, &psa->list);
2516 wpa_printf(MSG_DEBUG,
2517 "KaY: Create transmit SA(an: %hhu, next_PN: %u) of SC",
2525 * ieee802_1x_kay_deinit_transmit_sa -
2527 static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa)
2529 ieee802_1x_kay_deinit_data_key(psa->pkey);
2531 wpa_printf(MSG_DEBUG,
2532 "KaY: Delete transmit SA(an: %hhu) of SC",
2534 dl_list_del(&psa->list);
2540 * init_transmit_sc -
2542 static struct transmit_sc *
2543 ieee802_1x_kay_init_transmit_sc(const struct ieee802_1x_mka_sci *sci)
2545 struct transmit_sc *psc;
2547 psc = os_zalloc(sizeof(*psc));
2549 wpa_printf(MSG_ERROR, "%s: out of memory", __func__);
2552 os_memcpy(&psc->sci, sci, sizeof(psc->sci));
2554 os_get_time(&psc->created_time);
2555 psc->transmitting = FALSE;
2556 psc->encoding_sa = FALSE;
2557 psc->enciphering_sa = FALSE;
2559 dl_list_init(&psc->sa_list);
2560 wpa_printf(MSG_DEBUG, "KaY: Create transmit SC");
2561 wpa_hexdump(MSG_DEBUG, "SCI: ", (u8 *)sci , sizeof(*sci));
2568 * ieee802_1x_kay_deinit_transmit_sc -
2571 ieee802_1x_kay_deinit_transmit_sc(
2572 struct ieee802_1x_mka_participant *participant, struct transmit_sc *psc)
2574 struct transmit_sa *psa, *tmp;
2576 wpa_printf(MSG_DEBUG, "KaY: Delete transmit SC");
2577 dl_list_for_each_safe(psa, tmp, &psc->sa_list, struct transmit_sa, list)
2578 ieee802_1x_delete_transmit_sa(participant->kay, psa);
2580 secy_delete_transmit_sc(participant->kay, psc);
2585 /****************** Interface between CP and KAY *********************/
2587 * ieee802_1x_kay_set_latest_sa_attr -
2589 int ieee802_1x_kay_set_latest_sa_attr(struct ieee802_1x_kay *kay,
2590 struct ieee802_1x_mka_ki *lki, u8 lan,
2591 Boolean ltx, Boolean lrx)
2593 struct ieee802_1x_mka_participant *principal;
2595 principal = ieee802_1x_kay_get_principal_participant(kay);
2600 os_memset(&principal->lki, 0, sizeof(principal->lki));
2602 os_memcpy(&principal->lki, lki, sizeof(principal->lki));
2604 principal->lan = lan;
2605 principal->ltx = ltx;
2606 principal->lrx = lrx;
2611 kay->ltx_kn = lki->kn;
2612 kay->lrx_kn = lki->kn;
2622 * ieee802_1x_kay_set_old_sa_attr -
2624 int ieee802_1x_kay_set_old_sa_attr(struct ieee802_1x_kay *kay,
2625 struct ieee802_1x_mka_ki *oki,
2626 u8 oan, Boolean otx, Boolean orx)
2628 struct ieee802_1x_mka_participant *principal;
2630 principal = ieee802_1x_kay_get_principal_participant(kay);
2635 os_memset(&principal->oki, 0, sizeof(principal->oki));
2637 os_memcpy(&principal->oki, oki, sizeof(principal->oki));
2639 principal->oan = oan;
2640 principal->otx = otx;
2641 principal->orx = orx;
2647 kay->otx_kn = oki->kn;
2648 kay->orx_kn = oki->kn;
2657 static struct transmit_sa * lookup_txsa_by_an(struct transmit_sc *txsc, u8 an)
2659 struct transmit_sa *txsa;
2661 dl_list_for_each(txsa, &txsc->sa_list, struct transmit_sa, list) {
2670 static struct receive_sa * lookup_rxsa_by_an(struct receive_sc *rxsc, u8 an)
2672 struct receive_sa *rxsa;
2674 dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list) {
2684 * ieee802_1x_kay_create_sas -
2686 int ieee802_1x_kay_create_sas(struct ieee802_1x_kay *kay,
2687 struct ieee802_1x_mka_ki *lki)
2689 struct data_key *sa_key, *latest_sak;
2690 struct ieee802_1x_mka_participant *principal;
2691 struct receive_sc *rxsc;
2692 struct receive_sa *rxsa;
2693 struct transmit_sa *txsa;
2695 principal = ieee802_1x_kay_get_principal_participant(kay);
2700 dl_list_for_each(sa_key, &principal->sak_list, struct data_key, list) {
2701 if (is_ki_equal(&sa_key->key_identifier, lki)) {
2702 sa_key->rx_latest = TRUE;
2703 sa_key->tx_latest = TRUE;
2704 latest_sak = sa_key;
2705 principal->to_use_sak = TRUE;
2707 sa_key->rx_latest = FALSE;
2708 sa_key->tx_latest = FALSE;
2712 wpa_printf(MSG_ERROR, "lki related sak not found");
2716 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2717 while ((rxsa = lookup_rxsa_by_an(rxsc, latest_sak->an)) != NULL)
2718 ieee802_1x_delete_receive_sa(kay, rxsa);
2720 rxsa = ieee802_1x_kay_init_receive_sa(rxsc, latest_sak->an, 1,
2725 secy_create_receive_sa(kay, rxsa);
2728 while ((txsa = lookup_txsa_by_an(principal->txsc, latest_sak->an)) !=
2730 ieee802_1x_delete_transmit_sa(kay, txsa);
2732 txsa = ieee802_1x_kay_init_transmit_sa(principal->txsc, latest_sak->an,
2737 secy_create_transmit_sa(kay, txsa);
2746 * ieee802_1x_kay_delete_sas -
2748 int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
2749 struct ieee802_1x_mka_ki *ki)
2751 struct data_key *sa_key, *pre_key;
2752 struct transmit_sa *txsa, *pre_txsa;
2753 struct receive_sa *rxsa, *pre_rxsa;
2754 struct receive_sc *rxsc;
2755 struct ieee802_1x_mka_participant *principal;
2757 wpa_printf(MSG_DEBUG, "KaY: Entry into %s", __func__);
2758 principal = ieee802_1x_kay_get_principal_participant(kay);
2762 /* remove the transmit sa */
2763 dl_list_for_each_safe(txsa, pre_txsa, &principal->txsc->sa_list,
2764 struct transmit_sa, list) {
2765 if (is_ki_equal(&txsa->pkey->key_identifier, ki))
2766 ieee802_1x_delete_transmit_sa(kay, txsa);
2769 /* remove the receive sa */
2770 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2771 dl_list_for_each_safe(rxsa, pre_rxsa, &rxsc->sa_list,
2772 struct receive_sa, list) {
2773 if (is_ki_equal(&rxsa->pkey->key_identifier, ki))
2774 ieee802_1x_delete_receive_sa(kay, rxsa);
2778 /* remove the sak */
2779 dl_list_for_each_safe(sa_key, pre_key, &principal->sak_list,
2780 struct data_key, list) {
2781 if (is_ki_equal(&sa_key->key_identifier, ki)) {
2782 dl_list_del(&sa_key->list);
2783 ieee802_1x_kay_deinit_data_key(sa_key);
2786 if (principal->new_key == sa_key)
2787 principal->new_key = NULL;
2795 * ieee802_1x_kay_enable_tx_sas -
2797 int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
2798 struct ieee802_1x_mka_ki *lki)
2800 struct ieee802_1x_mka_participant *principal;
2801 struct transmit_sa *txsa;
2803 principal = ieee802_1x_kay_get_principal_participant(kay);
2807 dl_list_for_each(txsa, &principal->txsc->sa_list, struct transmit_sa,
2809 if (is_ki_equal(&txsa->pkey->key_identifier, lki)) {
2810 txsa->in_use = TRUE;
2811 secy_enable_transmit_sa(kay, txsa);
2812 ieee802_1x_cp_set_usingtransmitas(
2813 principal->kay->cp, TRUE);
2814 ieee802_1x_cp_sm_step(principal->kay->cp);
2823 * ieee802_1x_kay_enable_rx_sas -
2825 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
2826 struct ieee802_1x_mka_ki *lki)
2828 struct ieee802_1x_mka_participant *principal;
2829 struct receive_sa *rxsa;
2830 struct receive_sc *rxsc;
2832 principal = ieee802_1x_kay_get_principal_participant(kay);
2836 dl_list_for_each(rxsc, &principal->rxsc_list, struct receive_sc, list) {
2837 dl_list_for_each(rxsa, &rxsc->sa_list, struct receive_sa, list)
2839 if (is_ki_equal(&rxsa->pkey->key_identifier, lki)) {
2840 rxsa->in_use = TRUE;
2841 secy_enable_receive_sa(kay, rxsa);
2842 ieee802_1x_cp_set_usingreceivesas(
2843 principal->kay->cp, TRUE);
2844 ieee802_1x_cp_sm_step(principal->kay->cp);
2854 * ieee802_1x_kay_enable_new_info -
2856 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
2858 struct ieee802_1x_mka_participant *principal;
2860 principal = ieee802_1x_kay_get_principal_participant(kay);
2864 if (principal->retry_count < MAX_RETRY_CNT || principal->mode == PSK) {
2865 ieee802_1x_participant_send_mkpdu(principal);
2866 principal->retry_count++;
2874 * ieee802_1x_kay_mkpdu_sanity_check -
2875 * sanity check specified in clause 11.11.2 of IEEE802.1X-2010
2877 static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
2878 const u8 *buf, size_t len)
2880 struct ieee8023_hdr *eth_hdr;
2881 struct ieee802_1x_hdr *eapol_hdr;
2882 struct ieee802_1x_mka_hdr *mka_hdr;
2883 struct ieee802_1x_mka_basic_body *body;
2885 struct ieee802_1x_mka_participant *participant;
2888 u8 icv[MAX_ICV_LEN];
2891 eth_hdr = (struct ieee8023_hdr *) buf;
2892 eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
2893 mka_hdr = (struct ieee802_1x_mka_hdr *) (eapol_hdr + 1);
2895 /* destination address should be not individual address */
2896 if (os_memcmp(eth_hdr->dest, pae_group_addr, ETH_ALEN) != 0) {
2897 wpa_printf(MSG_MSGDUMP,
2898 "KaY: ethernet destination address is not PAE group address");
2902 /* MKPDU should not be less than 32 octets */
2903 mka_msg_len = be_to_host16(eapol_hdr->length);
2904 if (mka_msg_len < 32) {
2905 wpa_printf(MSG_MSGDUMP, "KaY: MKPDU is less than 32 octets");
2908 /* MKPDU should be a multiple of 4 octets */
2909 if ((mka_msg_len % 4) != 0) {
2910 wpa_printf(MSG_MSGDUMP,
2911 "KaY: MKPDU is not multiple of 4 octets");
2915 body = (struct ieee802_1x_mka_basic_body *) mka_hdr;
2916 ieee802_1x_mka_dump_basic_body(body);
2917 body_len = get_mka_param_body_len(body);
2918 /* EAPOL-MKA body should comprise basic parameter set and ICV */
2919 if (mka_msg_len < MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN) {
2920 wpa_printf(MSG_ERROR,
2921 "KaY: Received EAPOL-MKA Packet Body Length (%zu bytes) is less than the Basic Parameter Set Header Length (%zu bytes) + the Basic Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
2922 mka_msg_len, MKA_HDR_LEN,
2923 body_len, DEFAULT_ICV_LEN);
2927 if (body_len < sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN) {
2928 wpa_printf(MSG_DEBUG, "KaY: Too small body length %zu",
2932 ckn_len = body_len -
2933 (sizeof(struct ieee802_1x_mka_basic_body) - MKA_HDR_LEN);
2934 if (ckn_len < 1 || ckn_len > MAX_CKN_LEN) {
2935 wpa_printf(MSG_ERROR,
2936 "KaY: Received EAPOL-MKA CKN Length (%zu bytes) is out of range (<= %u bytes)",
2937 ckn_len, MAX_CKN_LEN);
2941 /* CKN should be owned by I */
2942 participant = ieee802_1x_kay_get_participant(kay, body->ckn, ckn_len);
2944 wpa_printf(MSG_DEBUG, "CKN is not included in my CA");
2948 /* algorithm agility check */
2949 if (os_memcmp(body->algo_agility, mka_algo_agility,
2950 sizeof(body->algo_agility)) != 0) {
2951 wpa_printf(MSG_ERROR,
2952 "KaY: peer's algorithm agility not supported for me");
2958 * The ICV will comprise the final octets of the packet body, whatever
2959 * its size, not the fixed length 16 octets, indicated by the EAPOL
2960 * packet body length.
2962 if (mka_alg_tbl[kay->mka_algindex].icv_hash(
2963 participant->ick.key,
2964 buf, len - mka_alg_tbl[kay->mka_algindex].icv_len, icv)) {
2965 wpa_printf(MSG_ERROR, "KaY: omac1_aes_128 failed");
2969 msg_icv = ieee802_1x_mka_decode_icv_body(participant, (u8 *) mka_hdr,
2972 wpa_printf(MSG_ERROR, "KaY: No ICV");
2975 if (os_memcmp_const(msg_icv, icv,
2976 mka_alg_tbl[kay->mka_algindex].icv_len) != 0) {
2977 wpa_printf(MSG_ERROR,
2978 "KaY: Computed ICV is not equal to Received ICV");
2987 * ieee802_1x_kay_decode_mkpdu -
2989 static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
2990 const u8 *buf, size_t len)
2992 struct ieee802_1x_mka_participant *participant;
2993 struct ieee802_1x_mka_hdr *hdr;
2999 Boolean handled[256];
3001 if (ieee802_1x_kay_mkpdu_sanity_check(kay, buf, len))
3004 /* handle basic parameter set */
3005 pos = buf + sizeof(struct ieee8023_hdr) + sizeof(struct ieee802_1x_hdr);
3006 left_len = len - sizeof(struct ieee8023_hdr) -
3007 sizeof(struct ieee802_1x_hdr);
3008 participant = ieee802_1x_mka_decode_basic_body(kay, pos, left_len);
3012 /* to skip basic parameter set */
3013 hdr = (struct ieee802_1x_mka_hdr *) pos;
3014 body_len = get_mka_param_body_len(hdr);
3015 pos += body_len + MKA_HDR_LEN;
3016 left_len -= body_len + MKA_HDR_LEN;
3018 /* check i am in the peer's peer list */
3019 if (ieee802_1x_mka_i_in_peerlist(participant, pos, left_len) &&
3020 !ieee802_1x_kay_is_in_live_peer(participant,
3021 participant->current_peer_id.mi)) {
3022 /* accept the peer as live peer */
3023 if (ieee802_1x_kay_is_in_potential_peer(
3024 participant, participant->current_peer_id.mi)) {
3025 if (!ieee802_1x_kay_move_live_peer(
3027 participant->current_peer_id.mi,
3028 be_to_host32(participant->
3029 current_peer_id.mn)))
3031 } else if (!ieee802_1x_kay_create_live_peer(
3032 participant, participant->current_peer_id.mi,
3033 be_to_host32(participant->
3034 current_peer_id.mn))) {
3038 ieee802_1x_kay_elect_key_server(participant);
3039 ieee802_1x_kay_decide_macsec_use(participant);
3043 * Handle other parameter set than basic parameter set.
3044 * Each parameter set should be present only once.
3046 for (i = 0; i < 256; i++)
3050 for (; left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
3051 pos += body_len + MKA_HDR_LEN,
3052 left_len -= body_len + MKA_HDR_LEN) {
3053 hdr = (struct ieee802_1x_mka_hdr *) pos;
3054 body_len = get_mka_param_body_len(hdr);
3055 body_type = get_mka_param_body_type(hdr);
3057 if (body_type == MKA_ICV_INDICATOR)
3060 if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
3061 wpa_printf(MSG_ERROR,
3062 "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
3063 left_len, MKA_HDR_LEN,
3064 body_len, DEFAULT_ICV_LEN);
3068 if (handled[body_type])
3071 handled[body_type] = TRUE;
3072 if (body_type < ARRAY_SIZE(mka_body_handler) &&
3073 mka_body_handler[body_type].body_rx) {
3074 mka_body_handler[body_type].body_rx
3075 (participant, pos, left_len);
3077 wpa_printf(MSG_ERROR,
3078 "The type %d is not supported in this MKA version %d",
3079 body_type, MKA_VERSION_ID);
3084 participant->retry_count = 0;
3085 participant->active = TRUE;
3092 static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
3095 struct ieee802_1x_kay *kay = ctx;
3096 struct ieee8023_hdr *eth_hdr;
3097 struct ieee802_1x_hdr *eapol_hdr;
3099 /* must contain at least ieee8023_hdr + ieee802_1x_hdr */
3100 if (len < sizeof(*eth_hdr) + sizeof(*eapol_hdr)) {
3101 wpa_printf(MSG_MSGDUMP, "KaY: EAPOL frame too short (%lu)",
3102 (unsigned long) len);
3106 eth_hdr = (struct ieee8023_hdr *) buf;
3107 eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
3108 if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
3109 be_to_host16(eapol_hdr->length)) {
3110 wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
3111 (unsigned long) len,
3112 (unsigned long) be_to_host16(eapol_hdr->length));
3116 if (eapol_hdr->version < EAPOL_VERSION) {
3117 wpa_printf(MSG_MSGDUMP, "KaY: version %d does not support MKA",
3118 eapol_hdr->version);
3121 if (be_to_host16(eth_hdr->ethertype) != ETH_P_PAE ||
3122 eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
3125 wpa_hexdump(MSG_DEBUG, "RX EAPOL-MKA: ", buf, len);
3126 if (dl_list_empty(&kay->participant_list)) {
3127 wpa_printf(MSG_ERROR, "KaY: no MKA participant instance");
3131 ieee802_1x_kay_decode_mkpdu(kay, buf, len);
3136 * ieee802_1x_kay_init -
3138 struct ieee802_1x_kay *
3139 ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
3140 u16 port, u8 priority, const char *ifname, const u8 *addr)
3142 struct ieee802_1x_kay *kay;
3144 kay = os_zalloc(sizeof(*kay));
3146 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3154 kay->active = FALSE;
3156 kay->authenticated = FALSE;
3157 kay->secured = FALSE;
3158 kay->failed = FALSE;
3159 kay->policy = policy;
3161 os_strlcpy(kay->if_name, ifname, IFNAMSIZ);
3162 os_memcpy(kay->actor_sci.addr, addr, ETH_ALEN);
3163 kay->actor_sci.port = host_to_be16(port ? port : 0x0001);
3164 kay->actor_priority = priority;
3166 /* While actor acts as a key server, shall distribute sakey */
3171 kay->pn_exhaustion = PENDING_PN_EXHAUSTION;
3172 kay->macsec_csindex = DEFAULT_CS_INDEX;
3173 kay->mka_algindex = DEFAULT_MKA_ALG_INDEX;
3174 kay->mka_version = MKA_VERSION_ID;
3176 os_memcpy(kay->algo_agility, mka_algo_agility,
3177 sizeof(kay->algo_agility));
3179 dl_list_init(&kay->participant_list);
3181 if (policy != DO_NOT_SECURE &&
3182 secy_get_capability(kay, &kay->macsec_capable) < 0)
3185 if (policy == DO_NOT_SECURE ||
3186 kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
3187 kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
3188 kay->macsec_desired = FALSE;
3189 kay->macsec_protect = FALSE;
3190 kay->macsec_validate = Disabled;
3191 kay->macsec_replay_protect = FALSE;
3192 kay->macsec_replay_window = 0;
3193 kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
3195 kay->macsec_desired = TRUE;
3196 kay->macsec_protect = TRUE;
3197 kay->macsec_encrypt = policy == SHOULD_ENCRYPT;
3198 kay->macsec_validate = Strict;
3199 kay->macsec_replay_protect = FALSE;
3200 kay->macsec_replay_window = 0;
3201 if (kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF)
3202 kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
3204 kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
3207 wpa_printf(MSG_DEBUG, "KaY: state machine created");
3209 /* Initialize the SecY must be prio to CP, as CP will control SecY */
3210 if (secy_init_macsec(kay) < 0) {
3211 wpa_printf(MSG_DEBUG, "KaY: Could not initialize MACsec");
3215 wpa_printf(MSG_DEBUG, "KaY: secy init macsec done");
3218 kay->cp = ieee802_1x_cp_sm_init(kay);
3219 if (kay->cp == NULL)
3222 if (policy == DO_NOT_SECURE) {
3223 ieee802_1x_cp_connect_authenticated(kay->cp);
3224 ieee802_1x_cp_sm_step(kay->cp);
3226 kay->l2_mka = l2_packet_init(kay->if_name, NULL, ETH_P_PAE,
3227 kay_l2_receive, kay, 1);
3228 if (kay->l2_mka == NULL) {
3229 wpa_printf(MSG_WARNING,
3230 "KaY: Failed to initialize L2 packet processing for MKA packet");
3238 ieee802_1x_kay_deinit(kay);
3244 * ieee802_1x_kay_deinit -
3247 ieee802_1x_kay_deinit(struct ieee802_1x_kay *kay)
3249 struct ieee802_1x_mka_participant *participant;
3254 wpa_printf(MSG_DEBUG, "KaY: state machine removed");
3256 while (!dl_list_empty(&kay->participant_list)) {
3257 participant = dl_list_entry(kay->participant_list.next,
3258 struct ieee802_1x_mka_participant,
3260 ieee802_1x_kay_delete_mka(kay, &participant->ckn);
3263 ieee802_1x_cp_sm_deinit(kay->cp);
3264 secy_deinit_macsec(kay);
3267 l2_packet_deinit(kay->l2_mka);
3277 * ieee802_1x_kay_create_mka -
3279 struct ieee802_1x_mka_participant *
3280 ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
3281 const struct mka_key_name *ckn,
3282 const struct mka_key *cak, u32 life,
3283 enum mka_created_mode mode, Boolean is_authenticator)
3285 struct ieee802_1x_mka_participant *participant;
3288 if (!kay || !ckn || !cak) {
3289 wpa_printf(MSG_ERROR, "KaY: ckn or cak is null");
3293 if (cak->len != mka_alg_tbl[kay->mka_algindex].cak_len) {
3294 wpa_printf(MSG_ERROR, "KaY: CAK length not follow key schema");
3297 if (ckn->len > MAX_CKN_LEN) {
3298 wpa_printf(MSG_ERROR, "KaY: CKN is out of range(<=32 bytes)");
3302 wpa_printf(MSG_ERROR, "KaY: Now is at disable state");
3306 participant = os_zalloc(sizeof(*participant));
3308 wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
3312 participant->ckn.len = ckn->len;
3313 os_memcpy(participant->ckn.name, ckn->name, ckn->len);
3314 participant->cak.len = cak->len;
3315 os_memcpy(participant->cak.key, cak->key, cak->len);
3317 participant->cak_life = life + time(NULL);
3321 if (is_authenticator) {
3322 participant->is_obliged_key_server = TRUE;
3323 participant->can_be_key_server = TRUE;
3324 participant->is_key_server = TRUE;
3325 participant->principal = TRUE;
3327 os_memcpy(&kay->key_server_sci, &kay->actor_sci,
3328 sizeof(kay->key_server_sci));
3329 kay->key_server_priority = kay->actor_priority;
3330 participant->is_elected = TRUE;
3332 participant->is_obliged_key_server = FALSE;
3333 participant->can_be_key_server = FALSE;
3334 participant->is_key_server = FALSE;
3335 participant->is_elected = TRUE;
3340 participant->is_obliged_key_server = FALSE;
3341 participant->can_be_key_server = TRUE;
3342 participant->is_key_server = TRUE;
3343 participant->is_elected = FALSE;
3347 participant->cached = FALSE;
3349 participant->active = FALSE;
3350 participant->participant = FALSE;
3351 participant->retain = FALSE;
3352 participant->activate = DEFAULT;
3354 if (participant->is_key_server)
3355 participant->principal = TRUE;
3357 dl_list_init(&participant->live_peers);
3358 dl_list_init(&participant->potential_peers);
3360 participant->retry_count = 0;
3361 participant->kay = kay;
3363 if (!reset_participant_mi(participant))
3366 participant->lrx = FALSE;
3367 participant->ltx = FALSE;
3368 participant->orx = FALSE;
3369 participant->otx = FALSE;
3370 participant->to_dist_sak = FALSE;
3371 participant->to_use_sak = FALSE;
3372 participant->new_sak = FALSE;
3373 dl_list_init(&participant->sak_list);
3374 participant->new_key = NULL;
3375 dl_list_init(&participant->rxsc_list);
3376 participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci);
3377 secy_cp_control_protect_frames(kay, kay->macsec_protect);
3378 secy_cp_control_replay(kay, kay->macsec_replay_protect,
3379 kay->macsec_replay_window);
3380 secy_create_transmit_sc(kay, participant->txsc);
3382 /* to derive KEK from CAK and CKN */
3383 participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
3384 if (mka_alg_tbl[kay->mka_algindex].kek_trfm(participant->cak.key,
3385 participant->ckn.name,
3386 participant->ckn.len,
3387 participant->kek.key)) {
3388 wpa_printf(MSG_ERROR, "KaY: Derived KEK failed");
3391 wpa_hexdump_key(MSG_DEBUG, "KaY: Derived KEK",
3392 participant->kek.key, participant->kek.len);
3394 /* to derive ICK from CAK and CKN */
3395 participant->ick.len = mka_alg_tbl[kay->mka_algindex].ick_len;
3396 if (mka_alg_tbl[kay->mka_algindex].ick_trfm(participant->cak.key,
3397 participant->ckn.name,
3398 participant->ckn.len,
3399 participant->ick.key)) {
3400 wpa_printf(MSG_ERROR, "KaY: Derived ICK failed");
3403 wpa_hexdump_key(MSG_DEBUG, "KaY: Derived ICK",
3404 participant->ick.key, participant->ick.len);
3406 dl_list_add(&kay->participant_list, &participant->list);
3407 wpa_hexdump(MSG_DEBUG, "KaY: Participant created:",
3408 ckn->name, ckn->len);
3410 usecs = os_random() % (MKA_HELLO_TIME * 1000);
3411 eloop_register_timeout(0, usecs, ieee802_1x_participant_timer,
3414 /* Disable MKA lifetime for PSK mode.
3415 * The peer(s) can take a long time to come up, because we
3416 * create a "standby" MKA, and we need it to remain live until
3417 * some peer appears.
3420 participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
3423 participant->mode = mode;
3428 os_free(participant);
3434 * ieee802_1x_kay_delete_mka -
3437 ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
3439 struct ieee802_1x_mka_participant *participant;
3440 struct ieee802_1x_kay_peer *peer;
3441 struct data_key *sak;
3442 struct receive_sc *rxsc;
3447 wpa_printf(MSG_DEBUG, "KaY: participant removed");
3449 /* get the participant */
3450 participant = ieee802_1x_kay_get_participant(kay, ckn->name, ckn->len);
3452 wpa_hexdump(MSG_DEBUG, "KaY: participant is not found",
3453 ckn->name, ckn->len);
3457 eloop_cancel_timeout(ieee802_1x_participant_timer, participant, NULL);
3458 dl_list_del(&participant->list);
3460 /* remove live peer */
3461 while (!dl_list_empty(&participant->live_peers)) {
3462 peer = dl_list_entry(participant->live_peers.next,
3463 struct ieee802_1x_kay_peer, list);
3464 dl_list_del(&peer->list);
3468 /* remove potential peer */
3469 while (!dl_list_empty(&participant->potential_peers)) {
3470 peer = dl_list_entry(participant->potential_peers.next,
3471 struct ieee802_1x_kay_peer, list);
3472 dl_list_del(&peer->list);
3477 while (!dl_list_empty(&participant->sak_list)) {
3478 sak = dl_list_entry(participant->sak_list.next,
3479 struct data_key, list);
3480 dl_list_del(&sak->list);
3481 ieee802_1x_kay_deinit_data_key(sak);
3483 while (!dl_list_empty(&participant->rxsc_list)) {
3484 rxsc = dl_list_entry(participant->rxsc_list.next,
3485 struct receive_sc, list);
3486 ieee802_1x_kay_deinit_receive_sc(participant, rxsc);
3488 ieee802_1x_kay_deinit_transmit_sc(participant, participant->txsc);
3490 os_memset(&participant->cak, 0, sizeof(participant->cak));
3491 os_memset(&participant->kek, 0, sizeof(participant->kek));
3492 os_memset(&participant->ick, 0, sizeof(participant->ick));
3493 os_free(participant);
3498 * ieee802_1x_kay_mka_participate -
3500 void ieee802_1x_kay_mka_participate(struct ieee802_1x_kay *kay,
3501 struct mka_key_name *ckn,
3504 struct ieee802_1x_mka_participant *participant;
3509 participant = ieee802_1x_kay_get_participant(kay, ckn->name, ckn->len);
3513 participant->active = status;
3518 * ieee802_1x_kay_new_sak -
3521 ieee802_1x_kay_new_sak(struct ieee802_1x_kay *kay)
3523 struct ieee802_1x_mka_participant *participant;
3528 participant = ieee802_1x_kay_get_principal_participant(kay);
3532 participant->new_sak = TRUE;
3533 wpa_printf(MSG_DEBUG, "KaY: new SAK signal");
3540 * ieee802_1x_kay_change_cipher_suite -
3543 ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,
3544 unsigned int cs_index)
3546 struct ieee802_1x_mka_participant *participant;
3547 enum macsec_cap secy_cap;
3552 if (cs_index >= CS_TABLE_SIZE) {
3553 wpa_printf(MSG_ERROR,
3554 "KaY: Configured cipher suite index is out of range");
3557 if (kay->macsec_csindex == cs_index)
3561 kay->macsec_desired = FALSE;
3563 kay->macsec_csindex = cs_index;
3564 kay->macsec_capable = cipher_suite_tbl[kay->macsec_csindex].capable;
3566 if (secy_get_capability(kay, &secy_cap) < 0)
3569 if (kay->macsec_capable > secy_cap)
3570 kay->macsec_capable = secy_cap;
3572 participant = ieee802_1x_kay_get_principal_participant(kay);
3574 wpa_printf(MSG_INFO, "KaY: Cipher Suite changed");
3575 participant->new_sak = TRUE;
3582 #ifdef CONFIG_CTRL_IFACE
3584 * ieee802_1x_kay_get_status - Get IEEE 802.1X KaY status details
3585 * @sm: Pointer to KaY allocated with ieee802_1x_kay_init()
3586 * @buf: Buffer for status information
3587 * @buflen: Maximum buffer length
3588 * @verbose: Whether to include verbose status information
3589 * Returns: Number of bytes written to buf.
3591 * Query KAY status information. This function fills in a text area with current
3592 * status information. If the buffer (buf) is not large enough, status
3593 * information will be truncated to fit the buffer.
3595 int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf,
3603 len = os_snprintf(buf, buflen,
3604 "PAE KaY status=%s\n"
3605 "Authenticated=%s\n"
3608 "Actor Priority=%u\n"
3609 "Key Server Priority=%u\n"
3610 "Is Key Server=%s\n"
3611 "Number of Keys Distributed=%u\n"
3612 "Number of Keys Received=%u\n",
3613 kay->active ? "Active" : "Not-Active",
3614 kay->authenticated ? "Yes" : "No",
3615 kay->secured ? "Yes" : "No",
3616 kay->failed ? "Yes" : "No",
3617 kay->actor_priority,
3618 kay->key_server_priority,
3619 kay->is_key_server ? "Yes" : "No",
3622 if (os_snprintf_error(buflen, len))
3627 #endif /* CONFIG_CTRL_IFACE */