xref: /freebsd/contrib/wpa/src/pae/ieee802_1x_kay_i.h (revision f5b7695d2d5abd735064870ad43f4b9c723940c1)
1 /*
2  * IEEE 802.1X-2010 Key Agree Protocol of PAE state machine
3  * Copyright (c) 2013, Qualcomm Atheros, Inc.
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef IEEE802_1X_KAY_I_H
10 #define IEEE802_1X_KAY_I_H
11 
12 #include "utils/list.h"
13 #include "common/defs.h"
14 #include "common/ieee802_1x_defs.h"
15 
16 #define MKA_VERSION_ID              1
17 
18 /* IEEE Std 802.1X-2010, 11.11.1, Table 11-7 (MKPDU parameter sets) */
19 enum mka_packet_type {
20 	MKA_BASIC_PARAMETER_SET = MKA_VERSION_ID,
21 	MKA_LIVE_PEER_LIST = 1,
22 	MKA_POTENTIAL_PEER_LIST = 2,
23 	MKA_SAK_USE = 3,
24 	MKA_DISTRIBUTED_SAK = 4,
25 	MKA_DISTRIBUTED_CAK = 5,
26 	MKA_KMD = 6,
27 	MKA_ANNOUNCEMENT = 7,
28 	MKA_ICV_INDICATOR = 255
29 };
30 
31 #define ICV_LEN                         16  /* 16 bytes */
32 #define SAK_WRAPPED_LEN                 24
33 /* KN + Wrapper SAK */
34 #define DEFAULT_DIS_SAK_BODY_LENGTH     (SAK_WRAPPED_LEN + 4)
35 #define MAX_RETRY_CNT                   5
36 
37 struct ieee802_1x_kay;
38 
39 struct ieee802_1x_mka_peer_id {
40 	u8 mi[MI_LEN];
41 	be32 mn;
42 } STRUCT_PACKED;
43 
44 struct ieee802_1x_kay_peer {
45 	struct ieee802_1x_mka_sci sci;
46 	u8 mi[MI_LEN];
47 	u32 mn;
48 	time_t expire;
49 	Boolean is_key_server;
50 	u8 key_server_priority;
51 	Boolean macsec_desired;
52 	enum macsec_cap macsec_capability;
53 	Boolean sak_used;
54 	int missing_sak_use_count;
55 	struct dl_list list;
56 };
57 
58 struct macsec_ciphersuite {
59 	u64 id;
60 	char name[32];
61 	enum macsec_cap capable;
62 	int sak_len; /* unit: byte */
63 };
64 
65 struct mka_alg {
66 	u8 parameter[4];
67 	size_t icv_len;
68 
69 	int (*cak_trfm)(const u8 *msk, size_t msk_bytes, const u8 *mac1,
70 			const u8 *mac2, u8 *cak, size_t cak_bytes);
71 	int (*ckn_trfm)(const u8 *msk, size_t msk_bytes, const u8 *mac1,
72 			const u8 *mac2, const u8 *sid, size_t sid_len, u8 *ckn);
73 	int (*kek_trfm)(const u8 *cak, size_t cak_bytes,
74 			const u8 *ckn, size_t ckn_len,
75 			u8 *kek, size_t kek_bytes);
76 	int (*ick_trfm)(const u8 *cak, size_t cak_bytes,
77 			const u8 *ckn, size_t ckn_len,
78 			u8 *ick, size_t ick_bytes);
79 	int (*icv_hash)(const u8 *ick, size_t ick_bytes,
80 			const u8 *msg, size_t msg_len, u8 *icv);
81 };
82 
83 #define DEFAULT_MKA_ALG_INDEX 0
84 
85 /* See IEEE Std 802.1X-2010, 9.16 MKA management */
86 struct ieee802_1x_mka_participant {
87 	/* used for active and potential participant */
88 	struct mka_key_name ckn;
89 	struct mka_key cak;
90 	Boolean cached;
91 
92 	/* used by management to monitor and control activation */
93 	Boolean active;
94 	Boolean participant;
95 	Boolean retain;
96 	enum mka_created_mode mode;
97 
98 	enum activate_ctrl { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;
99 
100 	/* used for active participant */
101 	Boolean principal;
102 	struct dl_list live_peers;
103 	struct dl_list potential_peers;
104 
105 	/* not defined in IEEE 802.1X */
106 	struct dl_list list;
107 
108 	struct mka_key kek;
109 	struct mka_key ick;
110 
111 	struct ieee802_1x_mka_ki lki;
112 	u8 lan;
113 	Boolean ltx;
114 	Boolean lrx;
115 
116 	struct ieee802_1x_mka_ki oki;
117 	u8 oan;
118 	Boolean otx;
119 	Boolean orx;
120 
121 	Boolean is_key_server;
122 	Boolean is_obliged_key_server;
123 	Boolean can_be_key_server;
124 	Boolean is_elected;
125 
126 	struct dl_list sak_list;
127 	struct dl_list rxsc_list;
128 
129 	struct transmit_sc *txsc;
130 
131 	u8 mi[MI_LEN];
132 	u32 mn;
133 
134 	/* Current peer MI and SCI during MKPDU processing */
135 	struct ieee802_1x_mka_peer_id current_peer_id;
136 	struct ieee802_1x_mka_sci current_peer_sci;
137 
138 	time_t cak_life;
139 	time_t mka_life;
140 	Boolean to_dist_sak;
141 	Boolean to_use_sak;
142 	Boolean new_sak;
143 
144 	Boolean advised_desired;
145 	enum macsec_cap advised_capability;
146 
147 	struct data_key *new_key;
148 	u32 retry_count;
149 
150 	struct ieee802_1x_kay *kay;
151 };
152 
153 struct ieee802_1x_mka_hdr {
154 	/* octet 1 */
155 	u8 type;
156 	/* octet 2 */
157 	u8 reserve;
158 	/* octet 3 */
159 #if __BYTE_ORDER == __LITTLE_ENDIAN
160 	u8 length:4;
161 	u8 reserve1:4;
162 #elif __BYTE_ORDER == __BIG_ENDIAN
163 	u8 reserve1:4;
164 	u8 length:4;
165 #else
166 #error "Please fix <bits/endian.h>"
167 #endif
168 	/* octet 4 */
169 	u8 length1;
170 } STRUCT_PACKED;
171 
172 #define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr)
173 
174 /**
175  * struct ieee802_1x_mka_basic_body - Basic Parameter Set (Figure 11-8)
176  * @version: MKA Version Identifier
177  * @priority: Key Server Priority
178  * @length: Parameter set body length
179  * @macsec_capability: MACsec capability, as defined in ieee802_1x_defs.h
180  * @macsec_desired: the participant wants MACsec to be used to protect frames
181  *	(9.6.1)
182  * @key_server: the participant has not decided that another participant is or
183  *	will be the key server (9.5.1)
184  * @length1: Parameter set body length (cont)
185  * @actor_mi: Actor's Member Identifier
186  * @actor_mn: Actor's Message Number
187  * @algo_agility: Algorithm Agility parameter
188  * @ckn: CAK Name
189  */
190 struct ieee802_1x_mka_basic_body {
191 	/* octet 1 */
192 	u8 version;
193 	/* octet 2 */
194 	u8 priority;
195 	/* octet 3 */
196 #if __BYTE_ORDER == __LITTLE_ENDIAN
197 	u8 length:4;
198 	u8 macsec_capability:2;
199 	u8 macsec_desired:1;
200 	u8 key_server:1;
201 #elif __BYTE_ORDER == __BIG_ENDIAN
202 	u8 key_server:1;
203 	u8 macsec_desired:1;
204 	u8 macsec_capability:2;
205 	u8 length:4;
206 #endif
207 	/* octet 4 */
208 	u8 length1;
209 
210 	struct ieee802_1x_mka_sci actor_sci;
211 	u8 actor_mi[MI_LEN];
212 	be32 actor_mn;
213 	u8 algo_agility[4];
214 
215 	/* followed by CAK Name */
216 	u8 ckn[0];
217 } STRUCT_PACKED;
218 
219 /**
220  * struct ieee802_1x_mka_peer_body - Live Peer List and Potential Peer List
221  *	parameter sets (Figure 11-9)
222  * @type: Parameter set type (1 or 2)
223  * @length: Parameter set body length
224  * @length1: Parameter set body length (cont)
225  * @peer: array of (MI, MN) pairs
226  */
227 struct ieee802_1x_mka_peer_body {
228 	/* octet 1 */
229 	u8 type;
230 	/* octet 2 */
231 	u8 reserve;
232 	/* octet 3 */
233 #if __BYTE_ORDER == __LITTLE_ENDIAN
234 	u8 length:4;
235 	u8 reserve1:4;
236 #elif __BYTE_ORDER == __BIG_ENDIAN
237 	u8 reserve1:4;
238 	u8 length:4;
239 #endif
240 	/* octet 4 */
241 	u8 length1;
242 
243 	/* followed by Peers */
244 	u8 peer[0];
245 } STRUCT_PACKED;
246 
247 /**
248  * struct ieee802_1x_mka_sak_use_body - MACsec SAK Use parameter set (Figure
249  *	11-10)
250  * @type: MKA message type
251  * @lan: latest key AN
252  * @ltx: latest key TX
253  * @lrx: latest key RX
254  * @oan: old key AN
255  * @otx: old key TX
256  * @orx: old key RX
257  * @ptx: plain TX, ie protectFrames is False
258  * @prx: plain RX, ie validateFrames is not Strict
259  * @delay_protect: True if LPNs are being reported sufficiently frequently to
260  *	allow the recipient to provide data delay protection. If False, the LPN
261  *	can be reported as zero.
262  * @lsrv_mi: latest key server MI
263  * @lkn: latest key number (together with MI, form the KI)
264  * @llpn: latest lowest acceptable PN (LPN)
265  * @osrv_mi: old key server MI
266  * @okn: old key number (together with MI, form the KI)
267  * @olpn: old lowest acceptable PN (LPN)
268  */
269 struct ieee802_1x_mka_sak_use_body {
270 	/* octet 1 */
271 	u8 type;
272 	/* octet 2 */
273 #if __BYTE_ORDER == __LITTLE_ENDIAN
274 	u8 orx:1;
275 	u8 otx:1;
276 	u8 oan:2;
277 	u8 lrx:1;
278 	u8 ltx:1;
279 	u8 lan:2;
280 #elif __BYTE_ORDER == __BIG_ENDIAN
281 	u8 lan:2;
282 	u8 ltx:1;
283 	u8 lrx:1;
284 	u8 oan:2;
285 	u8 otx:1;
286 	u8 orx:1;
287 #endif
288 
289 	/* octet 3 */
290 #if __BYTE_ORDER == __LITTLE_ENDIAN
291 	u8 length:4;
292 	u8 delay_protect:1;
293 	u8 reserve:1;
294 	u8 prx:1;
295 	u8 ptx:1;
296 #elif __BYTE_ORDER == __BIG_ENDIAN
297 	u8 ptx:1;
298 	u8 prx:1;
299 	u8 reserve:1;
300 	u8 delay_protect:1;
301 	u8 length:4;
302 #endif
303 
304 	/* octet 4 */
305 	u8 length1;
306 
307 	/* octet 5 - 16 */
308 	u8 lsrv_mi[MI_LEN];
309 	/* octet 17 - 20 */
310 	be32 lkn;
311 	/* octet 21 - 24 */
312 	be32 llpn;
313 
314 	/* octet 25 - 36 */
315 	u8 osrv_mi[MI_LEN];
316 	/* octet 37 - 40 */
317 	be32 okn;
318 	/* octet 41 - 44 */
319 	be32 olpn;
320 } STRUCT_PACKED;
321 
322 /**
323  * struct ieee802_1x_mka_dist_sak_body - Distributed SAK parameter set
324  *	(GCM-AES-128, Figure 11-11)
325  * @type: Parameter set type (4)
326  * @length: Parameter set body length
327  * @length1: Parameter set body length (cont)
328  *           Total parameter body length values:
329  *            -  0 for plain text
330  *            - 28 for GCM-AES-128
331  *            - 36 or more for other cipher suites
332  * @confid_offset: confidentiality offset, as defined in ieee802_1x_defs.h
333  * @dan: distributed AN (0 for plain text)
334  * @kn: Key Number
335  * @sak: AES Key Wrap of SAK (see 9.8)
336  */
337 struct ieee802_1x_mka_dist_sak_body {
338 	/* octet 1 */
339 	u8 type;
340 	/* octet 2 */
341 #if __BYTE_ORDER == __LITTLE_ENDIAN
342 	u8 reserve:4;
343 	u8 confid_offset:2;
344 	u8 dan:2;
345 #elif __BYTE_ORDER == __BIG_ENDIAN
346 	u8 dan:2;
347 	u8 confid_offset:2;
348 	u8 reserve:4;
349 #endif
350 	/* octet 3 */
351 #if __BYTE_ORDER == __LITTLE_ENDIAN
352 	u8 length:4;
353 	u8 reserve1:4;
354 #elif __BYTE_ORDER == __BIG_ENDIAN
355 	u8 reserve1:4;
356 	u8 length:4;
357 #endif
358 	/* octet 4 */
359 	u8 length1;
360 	/* octet 5 - 8 */
361 	be32 kn;
362 
363 	/* for GCM-AES-128: octet 9-32: SAK
364 	 * for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK
365 	 */
366 	u8 sak[0];
367 } STRUCT_PACKED;
368 
369 /**
370  * struct ieee802_1x_mka_dist_cak_body - Distributed CAK parameter set (Figure
371  *	11-13)
372  * @type: Parameter set type (5)
373  * @length: Parameter set body length
374  * @length1: Parameter set body length (cont)
375  *           Total parameter body length values:
376  *            -  0 for plain text
377  *            - 28 for GCM-AES-128
378  *            - 36 or more for other cipher suites
379  * @cak: AES Key Wrap of CAK (see 9.8)
380  * @ckn: CAK Name
381  */
382 struct ieee802_1x_mka_dist_cak_body {
383 	/* octet 1 */
384 	u8 type;
385 	/* octet 2 */
386 	u8 reserve;
387 	/* octet 3 */
388 #if __BYTE_ORDER == __LITTLE_ENDIAN
389 	u8 length:4;
390 	u8 reserve1:4;
391 #elif __BYTE_ORDER == __BIG_ENDIAN
392 	u8 reserve1:4;
393 	u8 length:4;
394 #endif
395 	/* octet 4 */
396 	u8 length1;
397 
398 	/* octet 5 - 28 */
399 	u8 cak[24];
400 
401 	/* followed by CAK Name, 29- */
402 	u8 ckn[0];
403 } STRUCT_PACKED;
404 
405 struct ieee802_1x_mka_icv_body {
406 	/* octet 1 */
407 	u8 type;
408 	/* octet 2 */
409 	u8 reserve;
410 	/* octet 3 */
411 #if __BYTE_ORDER == __LITTLE_ENDIAN
412 	u8 length:4;
413 	u8 reserve1:4;
414 #elif __BYTE_ORDER == __BIG_ENDIAN
415 	u8 reserve1:4;
416 	u8 length:4;
417 #endif
418 	/* octet 4 */
419 	u8 length1;
420 
421 	/* octet 5 - */
422 	u8 icv[0];
423 } STRUCT_PACKED;
424 
425 #endif /* IEEE802_1X_KAY_I_H */
426