fragattacks/wpa_supplicant/wpas_kay.h
Sabrina Dubroca ad51731abf wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA
This enables configuring key_mgmt=NONE + mka_ckn + mka_cak.
This allows wpa_supplicant to work in a peer-to-peer mode, where peers
are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers
can act as key server to distribute keys for the MACsec instances.

This is what some MACsec switches support, and even without HW
support, it's a convenient way to setup a network.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-20 00:35:08 +02:00

52 lines
1.1 KiB
C

/*
* IEEE 802.1X-2010 KaY Interface
* Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef WPAS_KAY_H
#define WPAS_KAY_H
#ifdef CONFIG_MACSEC
int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid);
void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
const u8 *peer_addr);
void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s);
void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid);
#else /* CONFIG_MACSEC */
static inline int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
return 0;
}
static inline void *
ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
const u8 *peer_addr)
{
return NULL;
}
static inline void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s)
{
}
static inline void *
ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
return 0;
}
#endif /* CONFIG_MACSEC */
#endif /* WPAS_KAY_H */