mka: Sync structs definitions with IEEE Std 802.1X-2010

Document some data structures from IEEE Std 802.1X-2010, and add the
(not used yet) struct ieee802_1x_mka_dist_cak_body.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This commit is contained in:
Sabrina Dubroca 2016-10-21 14:45:27 +02:00 committed by Jouni Malinen
parent 6f551abdfc
commit 6b6175b788
2 changed files with 103 additions and 2 deletions

View File

@ -15,7 +15,7 @@
struct macsec_init_params; struct macsec_init_params;
#define MI_LEN 12 #define MI_LEN 12 /* 96-bit Member Identifier */
#define MAX_KEY_LEN 32 /* 32 bytes, 256 bits */ #define MAX_KEY_LEN 32 /* 32 bytes, 256 bits */
#define MAX_CKN_LEN 32 /* 32 bytes, 256 bits */ #define MAX_CKN_LEN 32 /* 32 bytes, 256 bits */
@ -24,6 +24,12 @@ struct macsec_init_params;
#define MKA_LIFE_TIME 6000 #define MKA_LIFE_TIME 6000
#define MKA_SAK_RETIRE_TIME 3000 #define MKA_SAK_RETIRE_TIME 3000
/**
* struct ieee802_1x_mka_ki - Key Identifier (KI)
* @mi: Key Server's Member Identifier
* @kn: Key Number, assigned by the Key Server
* IEEE 802.1X-2010 9.8 SAK generation, distribution, and selection
*/
struct ieee802_1x_mka_ki { struct ieee802_1x_mka_ki {
u8 mi[MI_LEN]; u8 mi[MI_LEN];
u32 kn; u32 kn;

View File

@ -168,6 +168,22 @@ struct ieee802_1x_mka_hdr {
#define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr) #define MKA_HDR_LEN sizeof(struct ieee802_1x_mka_hdr)
/**
* struct ieee802_1x_mka_basic_body - Basic Parameter Set (Figure 11-8)
* @version: MKA Version Identifier
* @priority: Key Server Priority
* @length: Parameter set body length
* @macsec_capability: MACsec capability, as defined in ieee802_1x_defs.h
* @macsec_desired: the participant wants MACsec to be used to protect frames
* (9.6.1)
* @key_server: the participant has not decided that another participant is or
* will be the key server (9.5.1)
* @length1: Parameter set body length (cont)
* @actor_mi: Actor's Member Identifier
* @actor_mn: Actor's Message Number
* @algo_agility: Algorithm Agility parameter
* @ckn: CAK Name
*/
struct ieee802_1x_mka_basic_body { struct ieee802_1x_mka_basic_body {
/* octet 1 */ /* octet 1 */
u8 version; u8 version;
@ -197,6 +213,14 @@ struct ieee802_1x_mka_basic_body {
u8 ckn[0]; u8 ckn[0];
}; };
/**
* struct ieee802_1x_mka_peer_body - Live Peer List and Potential Peer List
* parameter sets (Figure 11-9)
* @type: Parameter set type (1 or 2)
* @length: Parameter set body length
* @length1: Parameter set body length (cont)
* @peer: array of (MI, MN) pairs
*/
struct ieee802_1x_mka_peer_body { struct ieee802_1x_mka_peer_body {
/* octet 1 */ /* octet 1 */
u8 type; u8 type;
@ -217,6 +241,28 @@ struct ieee802_1x_mka_peer_body {
/* followed by Peers */ /* followed by Peers */
}; };
/**
* struct ieee802_1x_mka_sak_use_body - MACsec SAK Use parameter set (Figure
* 11-10)
* @type: MKA message type
* @lan: latest key AN
* @ltx: latest key TX
* @lrx: latest key RX
* @oan: old key AN
* @otx: old key TX
* @orx: old key RX
* @ptx: plain TX, ie protectFrames is False
* @prx: plain RX, ie validateFrames is not Strict
* @delay_protect: True if LPNs are being reported sufficiently frequently to
* allow the recipient to provide data delay protection. If False, the LPN
* can be reported as zero.
* @lsrv_mi: latest key server MI
* @lkn: latest key number (together with MI, form the KI)
* @llpn: latest lowest acceptable PN (LPN)
* @osrv_mi: old key server MI
* @okn: old key number (together with MI, form the KI)
* @olpn: old lowest acceptable PN (LPN)
*/
struct ieee802_1x_mka_sak_use_body { struct ieee802_1x_mka_sak_use_body {
/* octet 1 */ /* octet 1 */
u8 type; u8 type;
@ -270,7 +316,21 @@ struct ieee802_1x_mka_sak_use_body {
be32 olpn; be32 olpn;
}; };
/**
* struct ieee802_1x_mka_dist_sak_body - Distributed SAK parameter set
* (GCM-AES-128, Figure 11-11)
* @type: Parameter set type (4)
* @length: Parameter set body length
* @length1: Parameter set body length (cont)
* Total parameter body length values:
* - 0 for plain text
* - 28 for GCM-AES-128
* - 36 or more for other cipher suites
* @confid_offset: confidentiality offset, as defined in ieee802_1x_defs.h
* @dan: distributed AN (0 for plain text)
* @kn: Key Number
* @sak: AES Key Wrap of SAK (see 9.8)
*/
struct ieee802_1x_mka_dist_sak_body { struct ieee802_1x_mka_dist_sak_body {
/* octet 1 */ /* octet 1 */
u8 type; u8 type;
@ -303,6 +363,41 @@ struct ieee802_1x_mka_dist_sak_body {
u8 sak[0]; u8 sak[0];
}; };
/**
* struct ieee802_1x_mka_dist_cak_body - Distributed CAK parameter set (Figure
* 11-13)
* @type: Parameter set type (5)
* @length: Parameter set body length
* @length1: Parameter set body length (cont)
* Total parameter body length values:
* - 0 for plain text
* - 28 for GCM-AES-128
* - 36 or more for other cipher suites
* @cak: AES Key Wrap of CAK (see 9.8)
* @ckn: CAK Name
*/
struct ieee802_1x_mka_dist_cak_body {
/* octet 1 */
u8 type;
/* octet 2 */
u8 reserve;
/* octet 3 */
#if __BYTE_ORDER == __LITTLE_ENDIAN
u8 length:4;
u8 reserve1:4;
#elif __BYTE_ORDER == __BIG_ENDIAN
u8 reserve1:4;
u8 length:4;
#endif
/* octet 4 */
u8 length1;
/* octet 5 - 28 */
u8 cak[24];
/* followed by CAK Name, 29- */
u8 ckn[0];
};
struct ieee802_1x_mka_icv_body { struct ieee802_1x_mka_icv_body {
/* octet 1 */ /* octet 1 */